I want to tell "this sand": you are at most 2048 attempts away from having hundreds of billions of Hong Kong dollars.
Written by: Tyler
Recently, I watched Jackie Chan's critically acclaimed new film "The Foreigner," and there was an interesting segment—hundreds of billions of Hong Kong dollars in crypto assets locked in a wallet with a 12-word mnemonic phrase, with only the last word unknown.
After watching, I tried it out and found that the 10th and 12th words were not in the standard mnemonic word list, which clearly indicates that the screenwriter wrote it this way intentionally to prevent anyone from recreating the wallet for scams, as similar scams on the blockchain are not uncommon:
Scammers will deliberately leak a wallet address with a "balance" (typically on the Tron chain, using the Owner mechanism), enticing people to transfer Gas, waiting for the catch; once the funds are transferred, they can never be retrieved.
But an interesting point here is that the movie says only the last word is unknown. However, in the real world, mnemonic phrases follow the BIP39 standard, which consists of only 2048 words. This means that brute-forcing the last word would yield at most 2048 possibilities. If we narrow it down further, for example, if the movie indicates that the first letters are "es," the possibilities decrease even more, and it could be tried in a minute.
However, a more worthwhile question to revisit beyond the movie is: What is the relationship between mnemonic phrases, private keys, and public keys? Why does losing the mnemonic phrase equate to losing all assets?
1. Mnemonic Phrase: Private Key: Public Key/Address = "Keychain": "Key": "House Number"
A mnemonic phrase is a backup method that follows the BIP39 standard, randomly selected and combined from a vocabulary of 2048 English words to form 12, 18, or 24 words.
This set of mnemonic phrases is processed through the PBKDF2 algorithm to generate a seed, which then derives a series of private keys according to path standards like BIP32/BIP44, corresponding to a series of public keys/addresses.
One set of mnemonic phrases → Generates a series of private keys → Generates a series of public keys → Corresponds to a series of addresses
In other words:
Mnemonic Phrase = Keychain, and private keys often have a one-to-many relationship; theoretically, one set of mnemonic phrases can derive thousands of private keys;
Private Key = Key, each private key corresponds to the usage rights of one address;
Public Key/Address = House Number, which can be public; others can use it to transfer funds to you;
So, the mnemonic phrase can be viewed as your "keychain," and each private key is like one of the keys that can open a door, used to sign and prove your control over a specific wallet address—when you initiate a transaction, you use the private key to sign it, telling the entire network: "This transfer is authorized by me."
2. Can I choose my own mnemonic phrases?
Some friends might wonder: Can I come up with my own 12 words? For example, my birthday, favorite English words, or idol names, to make it more personal.
The answer is: Yes, but it is extremely dangerous.
Because computer-generated random numbers are truly random, while humans tend to choose words with patterns (common words, habitual phrases, order preferences), which significantly reduces the search space, making your mnemonic phrase easier to guess.
There have been security incidents involving "pseudo-random wallets," where some wallets used pseudo-random algorithms to generate mnemonic phrases, resulting in insufficient entropy, allowing hackers to brute-force and directly crack them— in 2015, the hacker group Blockchain Bandit systematically searched for weak security private keys using faulty random number generators and code vulnerabilities, successfully uncovering over 700,000 vulnerable wallet addresses and stealing more than 50,000 ETH from them.
Of course, some geeks use dice (ensuring the dice are sufficiently fair) to roll random numbers and then map them to the BIP39 word list, which is considered manually secure, but for most people, it is unnecessary to complicate things, as it can lead to mistakes.
3. Can I brute-force my way into Vitalik Buterin's or other whales' wallets?
I once fantasized about this, imagining one day I would generate a wallet address, only to find it contained millions of ETH, instantly achieving financial freedom by stealing from some whale.
I must say, just thinking about it is quite tempting. But the reality is: the probability is almost zero.
Why? Because the number of possible combinations for mnemonic phrases is already exaggerated beyond human imagination:
12 words: Effective combinations approximately 2¹²⁸ ≈ 3.4 × 10³⁸
24 words: Effective combinations approximately 2²⁵⁶ ≈ 1.16 × 10⁷⁷
What does this scale mean?
We all know that there are countless grains of sand on Earth, but scientists have estimated an approximate value; assuming all the beaches and deserts on Earth combined, the total number of grains of sand is about 7.5×10¹⁸, which also means:
The effective combinations for 12 words are equivalent to 4.5 × 10¹⁹ times the total number of grains of sand on Earth.
The effective combinations for 24 words are even 1.5 × 10⁵⁸ times the total number of grains of sand on Earth.
In other words, it’s as if every grain of sand on Earth has turned into a "new Earth," each new Earth containing beaches and sand, and you have to randomly find that one grain you marked among all these sands at once.
This far exceeds the scale that humans can imagine.
Therefore, the probability of brute-forcing a wallet is not "extremely low," but under known physics and computational capabilities, it is equivalent to zero. Trying to get rich by "brute-forcing" is less likely than buying a lottery ticket, where the odds of winning are much higher.
Returning to the movie's premise: If someone really is just one word short of a mnemonic phrase, it is indeed possible to attempt brute-force traversal.
Finally, here are a few safety tips regarding wallets/mnemonic phrases/private keys:
Prioritize using non-custodial wallets that have been tested over time and market, with open-source code audits, such as MetaMask, Trust Wallet, SafePal, etc., and use hardware wallets directly when possible;
Never take screenshots of your mnemonic phrases and private keys, do not store them in cloud drives, do not copy and paste, and do not share them with others;
It is best to write them down on paper (consider using a stainless steel mnemonic phrase board, which is moisture-proof, fire-proof, and corrosion-resistant), keep them in a safe place, and have 2-3 backups;
Public keys/addresses can be safely shared; they are your house number, but be cautious of phishing links;
It is recommended to manage wallets on clean devices and avoid installing unknown plugins or apps;
Remember this: Anyone asking you for your mnemonic phrase is 100% a scammer.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
