Brainwallets: The Bitcoin Wallet You Probably Shouldn’t Use (Unless You Have To)

A “brainwallet” refers to a private key that is stored in the user’s memory in the form of a seed phrase or a passphrase.

AccessTimeIconOct 14, 2020 at 1:32 p.m. UTC
Updated Sep 14, 2021 at 10:09 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

A relic from Bitcoin’s early days, a “brainwallet” refers to a private key that is stored in the user’s memory either in the form of a seed phrase or a password, essentially giving you a portable “bank account” locked inside your head.

  • Once you have the private key memorized, the rationale goes, you can access your bitcoin wallet from anywhere in the world, as long as you have internet access. It’s especially useful if you need to get out of Dodge quickly; your bitcoin will always be with you.
  • To create a brainwallet, you can generate a new address using Bitcoin wallet software, memorize the seed phrase associated with the address using a mnemonic trick, and then delete the wallet from your computer or smartphone.
  • You can also generate the private key yourself using bitcoin software specifically designed for creating brainwallets. This will create a wallet using whatever passphrase you choose to represent your private key. However, this method of generating a brainwallet is highly insecure for a number of reasons (poor entropy, for example) and is generally discouraged.
  • Since brainwallets rely on the user remembering a passphrase, there is always the risk that you’ll forget it or, in the case of a user-generated phrase, that it will be easily guessed.
  • To demonstrate how vulnerable user-generated passphrase wallets can be, depending on the quality of the password, an anonymous BitMex researcher generated eight wallets using quotes from popular literature, lyrics from a Bob Dylan song and an excerpt from Bitcoin’s white paper. Impressively, the “Call me Ishmael” wallet, derived from the notable opening line in Herman Melville’s "Moby-Dick", was harpooned by a hacker literally the second it was created.
  • For the others, all were swept within the day. The quote from the Bitcoin white paper took the longest to crack at roughly 13 hours.
  • BitMex Research believes a single entity swept the wallets.
  • “The speed and nature of the redemption of the funds clearly indicates that people have servers up online 24/7 scanning the blockchain and their respective memory pools for weak brainwallets to hack. These servers are likely to have pre-generated many hundreds of thousands of Bitcoin addresses, using text from thousands of published works, music, books, academic papers, magazines, blogs, tweets and other media and then stored these in a database,” the post reads.
  • When generating a brainwallet, BitMex Research suggests composing a medley of words and phrases to create a more complex passphrase rather than relying on something “simple and poetic.”

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.