Bitcoin wallets and exchanges have been vulnerable to hacking attacks. There have been multiple instances where hackers have successfully made away with millions of dollars worth of Bitcoins. Some of these include the infamous Japanese Bitcoin exchange Mt. Gox, BTER, Bitstamp, Bitfinex etc. Recurring hacking incidents have led to scepticism in few Bitcoin users, who have turned a bit paranoid about storing their Bitcoins in third-party wallets and exchanges.
There is a significant portion of Bitcoin community which believes in the concept of “Brain Wallet”. The Brain Wallet concept revolves around people memorizing a passphrase which translates to an associated amount of digital currency. In theory, people can store any amount of Bitcoin and other digital currency in their brains without leaving any records of it on the computers.
It may sound hack-proof to most of us, but it is not. According to Ryan Castellucci, a security hacker brain is one of the most vulnerable places to store cryptocurrency assets and he intends to prove it in the upcoming DEF CON 23 computer security conference with his latest software named Brainflayer. Brainflayer is designed to crack Bitcoin Brain Wallets.
Ryan makes it clear that the Brainflayer software is designed only to discourage people from using or even believing in Brain Wallets. These Brian Wallets work by hashing a chosen passphrase to create Bitcoin private key. The private key is essential to access the stored Bitcoin in a wallet or Blockchain. While conventional wallets have the private key stored in them, it is not necessary for Brain Wallets. AS the private key is associated with a particular passphrase, all one has to do is to enter the same passphrase to generate the private key again. Unless someone can tap into their brain to find the exact passphrase and generate a private key using it, there is no way to access Bitcoin owned by the person.
But there is one huge loophole and it is the human brain itself. Conventionally, people are incapable of choosing a strong, perfectly random passphrase. This vulnerability gives hackers the luxury and ample time to guess different passphrases and enter the resulting private key on Blockchain to access various wallets. He has successfully used the primitive version of Brainflayer during the development phase to crack a private key holding about 250 Bitcoins within hours.