Think about your mnemonic. Since it is only a 12-24 word phrase, how tough could it be to crack? Can someone actually get access to your crypto holdings just by checking all possible word combinations?
Theoretically, anything’s possible. In reality, the chances of someone cracking your seed-phrase are less than slim.
Let’s do the math.
What Are the Odds
According to the BIP39 word list, there are 2,048 words in use, and so we’ve got 2,048 iterations of a 12-word phrase.
As one Reddit user put it, you’d be more likely to win the lottery every week for the rest of your life than winning the guessing game. Clearly, there is no human being who could mess with your mnemonic even if they dedicated a lifetime just to this specific cause.
What about machine computation? Imagine that someone runs designated hardware – like SHA512 ASIC – with an extremely high hashing power, and targets all the wallets with balances trying to match them with all the possible mnemonic combinations. I don’t want to bore you with the calculations, but if you’re curious – read this bitcointalk thread. Even if someone builds a thousand 10 TH/s machines and keeps them running non-stop, it would take longer than the current age of the universe to accomplish the mission.
In fact, the idea of cracking somebody’s private keys has long fascinated crypto enthusiasts. A few years ago a project called Large Bitcoin Collider went on a mission to crack BTC private keys. The idea was to create a program that would generate the keys and try to match them to the Bitcoin addresses with a balance. Quite a few enthusiasts joined the project and shared their computing power as well as ideas on how to make it work better.
The Large Bitcoin Collider was running non-stop for three years and managed to generate 37,646,390,000,000 private keys. But this is nowhere near the total amount of private keys, which equals 2^256 and is more than the number of stars in the universe. As for matching keys to addresses, unless a miracle happens, if you do the math, the LBC is not going to succeed anytime soon. Probably, the end of Earth will come faster.
The Real Threat
Unfortunately, people do lose money due to exposed mnemonics. But not because of poor tech, but because they are not careful enough. Apart from malware that takes pictures of your screen or records your keyboard inputs, there are armies of scammers who target crypto beginners and cheat them into sharing their mnemonics.
They will impersonate someone who works for a crypto wallet and come up with the “reasonable” explanation that they need to update the servers. Phishing sites that look almost like the real deal, just with a slightly different URL record your mnemonics and scammers later use it to withdraw the funds.
Always check which site you’re using and it’s better if you type in the URL yourself. None of the secure cryptocurrency wallets would store your sensitive information on a server, do not trust people who tell you otherwise. You should never reveal your passwords, mnemonics, and private keys to anyone, even if they sound convincing.
Remember that mnemonics are basically like the keys to your safety deposit box. And you wouldn’t share them with a stranger, would you?