Despite Legal Turmoil, BitMEX Research Shows Us How Not To Use Brain Wallets

While its parent exchange is facing legal trouble, BitMEX’s research arm has published a novel report on the vulnerability of brain wallets.
While its parent exchange is facing legal trouble, BitMEX’s research arm has published a novel report on the vulnerability of brain wallets.
Although its parent exchange is facing legal trouble, BitMEX’s research arm has published a novel report on the vulnerability of brain wallets.

Although its parent exchange is facing legal trouble, BitMEX’s research arm has published a novel report on the vulnerability of brain wallets.

This article originally appeared in our Down The Rabbit Hole newsletter. If you want our news and analysis straight to your inbox, make sure you subscribe now!

BitMEX has been dominating the cryptocurrency news cycle lately, for reasons that it would rather avoid. On October 1, the U.S. Commodity Futures Trading Commission (CFTC) charged the exchange with facilitating unregistered trading, and the District of New York filed criminal actions against its founders, Arthur Hayes, Ben Delo and Samuel Reed. Reed, BitMEX’s CTO, was arrested and subsequently released on a $5 million bond. The three co-founders stepped down from their positions on October 8. 

But amid this flurry of action emerged a bright spot worth highlighting, and worth an invitation into some fascinating Bitcoin Rabbit Holes. Yesterday, BitMEX Research, the exchange’s renowned technical analysis arm, released a fascinating, novel and thoroughly Bitcoiny report entitled “Call Me Ishmael.”

Creating A Brain Wallet

The report involved a hands-on test of brain wallets, a type of Bitcoin wallet that sees the user memorize a seed phrase associated with an address and delete the digital version (thus storing it in their brain only, potentially reducing a point of failure and creating a special kind of fund security). The concept of brain wallets dates back to the early days of Bitcoin, and they present a Rabbit Hole worthy of your exploration. Check out this Bitcoin Magazine article on the topic from 2012, by none other than Vitalik Buterin, for what’s probably the first comprehensive explanation of the topic.

“We have QR code wallets, paper wallets, coins with private keys hidden behind a hologram, etc.,” Buterin wrote. “However, the most interesting of all alternatives is the place where humans have been storing most of our information for the past 100,000 years: in our brains.”

Back in 2012, Buterin explained that, thanks to public online tools from that era like firstbits.com, Grondilu’s Bitcoin Bash Tools and bitaddress.org, you could get the phrase you need to memorize down to 11 characters. For the BitMEX report, the anonymous researcher explained that brain wallets users can choose to memorize a popular phrase, then take the SHA-256 hash of that phrase as the private key to generate a Bitcoin address. 

The researcher generated eight such wallets based on phrases taken from popular literature, including “Call me Ishmael,” a well-known quote from Moby Dick. The results of the experiment indicated that, while brain wallets provide an interesting way of securing funds and a fascinating Rabbit Hole to explore, generating them based on literary phrases is not a good idea.

“All the funds were swept away within a day and the 0.04 BTC I spent on this exercise were lost, potentially forever,” per the report. “Remarkably, three of the deposits were swept away before our transaction even got confirmed into the blockchain.”

The BitMEX Research Rabbit Hole

The researchers concluded that there are servers monitoring the blockchain for weak brain wallets to hack, which have probably pre-generated hundreds of thousands of Bitcoin addresses based on popular texts. 

While brain wallets generated in this way don’t seem like a viable option for securing BTC, BitMEX Research has continued its hot streak in providing some of the most well-rounded, definitive Rabbit Holes in the Bitcoin space. It’s particularly remarkable that this streak goes on, even as the company at large faces significant legal turmoil.
You should check out the full research hub for yourself. Some of my favorite deep dives include a seven-part series on the Lightning Network and a report on who’s funding Bitcoin development. But the whole thing is a Rabbit Hole of killer Bitcoin research, with little to no filler.