Seed Phrases: How Important Are They?

Photo by Jon Hodl on Unsplash

Seed Phrases: How Important Are They?

·

5 min read

Quick Summary: In this article, I recount my experience of 'hacking' into 2 wallets using a 25-word seed phrase I found on a Discord chat, and how I successfully accessed additional funds. Here, I emphasize the importance of never sharing your seed phrase, always paying attention to its security, and knowing how to use optional passphrases for enhanced security. I also provided a link to an Alephium article on BIP39 passphrase implementation.

"NOT YOUR KEYS. NOT YOUR COINS."
"YOU LOSE YOUR KEYS, YOU LOSE YOUR COINS."

Story..

To begin, I 'hacked' a wallet containing 69 + 42 ALPH. Yes, these numbers are meme favorites, 69 and 420, right? I checked the wallet's history and found that the only transaction was when the ALPH was transferred in two years ago! At that moment, I thought—"Ha! It's a game!" I decided to take control of all the ALPH from the two wallets, planning to later announce that I had 'hacked' it.

Now you might be wondering, how did I end up having the seed phrase? Well, you know I'm a fan of AYIN, right? So, I was casually browsing through their Discord chats, trying to catch up on some updates and insights... you know, gazette stuff. That’s when I came across some material from Dr. Hiram while he was helping someone.

I'm referring to this material:

It was late at night here in the Philippines when I read that, and I was too tired to check it. If it was legit anyways, someone had probably already figured it out and has taken it. A few hours later, I woke up determined. "I'm gonna 'f\ckin hack' that wallet."*

As I turned on my computer, I immediately opened the Alephium Desktop Wallet, clicked "Import or create a wallet," and entered the 24-word seed phrase.

To my surprise, it was a legit wallet. Only that it was already drained about 2 months ago. Bummer, I know!

Here's the snip of Wallet#1

Now the only thing I wanna know is IF the first hacker knows how to use the 25th word!

Time to check the second wallet.

Wallet#2 has the 25th word: letsUnlockAHiddenWallet

I then locked the decoy wallet. From the 'Welcome back' screen, while not changing anything, I toggled 'Use optional passphrase' in the lower right corner.

What I get is this new dialog box where there's a tick box, and have to enter the 25th word twice.

Now that I've entered the 25th word, without clicking anything else, I just need to enter the original password I used when setting up this wallet (on the password box). After clicking unlock... voila, 42 ALPH!

I transferred it my wallet and then checked the other 25th seed phrase. I followed the same steps: locked the wallet, toggled 'Use optional passphrase,' and entered youCanNeverGuessThat!

The exclamation point is included. And to my delight, my favorite number appeared: 69!

Once again, I transferred the ALPH into my custody before enjoying a hearty breakfast.

Conclusion...

So, what is the lesson here? A LOT!

#1. NEVER SHARE YOUR SEED PHRASE.

This means you should not store it in any digital form. Avoid taking screenshots of it on your phone, as you might accidentally share it with someone. Moreover, if your phone is compromised, an attacker could be just waiting until ALPH reaches $100 before they empty your wallet.

#2. ALWAYS PAY ATTENTION.

This isn't just about reading seed phrases in easter egg games; it's crucial to monitor where you store those seed phrases. Are they secure? When did you last check on them? Are they still there? Have you noticed any signs of tampering or forced access to your seed phrase storage?

#3. BE IN THE KNOW.

Learn how to use a 25th word seed phrase! Remember, these are CASE SENSITIVE! Pro tip: set up a 25th word wallet and use it comfortably for 1 to 2 months. Once you're comfortable, consider some of your assets into this second wallet.

Adding a 25th word, stored in your head (literally), to your already secure 24-word seed phrase provides unmatched security.

FYI: A 12-word seed phrase is already tough to crack. If you ask Grok to calculate the time and resources needed to crack it, he'll tell you to just continue with your life and forget about it. Lol! With that in mind, imagine having a 24-word seed phrase plus a 25th word that only you know!

I hope you learned something today. Here's a little homework for you:

Check out this Medium article from Alephium that discusses BIP39, also known as the 25th word passphrase. Who knows, there might be another Easter egg there!

PS. Dr. Hiram confirmed that this was indeed an Easter egg game.

Oh, do you want ELI5 tutorials? Let me know in the comments!

Thanks for joining me. Stay safe and secure with Alephium!


***Disclaimer:***The information provided in this article is for informational purposes only. It should not be considered financial advice. You should consult with a financial advisor or other professional to determine what may be best for your individual needs. We do not make any guarantee or other promise as to any results that may be obtained from using our content. No one should make any investment decision without first conducting their own research and due diligence. To the maximum extent permitted by law, we disclaim any and all liability in the event any information, commentary, analysis, opinions, advice and/or recommendations prove to be inaccurate, incomplete or unreliable, or result in any investment or other losses. Remember that investing in crypto involves risk, and past performance is no guarantee of future results.