Recently, I watched Jackie Chan's critically acclaimed new film "Catching the Wind and Chasing Shadows," and there was an interesting scene—over 10 billion Hong Kong dollars worth of crypto assets locked in a wallet secured by a 12-word mnemonic phrase, with only the last word unknown.

After watching, I tried it out and found that the 10th and 12th words were not in the standard mnemonic word list. Clearly, the screenwriter wrote it this way to prevent anyone from recreating the wallet and committing fraud, as similar scams on the blockchain are not uncommon:

Scammers will deliberately leak a wallet address with a balance (typically on the Tron chain, using the Owner mechanism), enticing people to transfer Gas, waiting for the catch; once the funds are transferred, they can never be retrieved.

But an interesting point here is that the movie states that only the last word is unknown. However, in the real world, mnemonic phrases follow the BIP 39 standard, which consists of a total of 2048 words. This means that brute-forcing the last word would yield at most 2048 possibilities. If we narrow it down further, for example, if the movie indicates that the first letters are "es," the possibilities decrease even more, and it could be tried in a minute.

However, a more worthwhile question to revisit outside of the movie is: What is the relationship between mnemonic phrases, private keys, and public keys? Why does losing the mnemonic phrase equate to losing all assets?

1. Mnemonic Phrase: Private Key: Public Key/Address = "Keychain": "Key": "House Number"

A mnemonic phrase is a backup method that follows the BIP 39 standard, randomly selected and combined from a library of 2048 English words to form 12, 18, or 24 words.

This set of mnemonic phrases is processed through the PBKDF 2 algorithm to generate a seed, which then derives a series of private keys according to path standards like BIP 32/BIP 44, corresponding to a series of public keys/addresses.

One set of mnemonic phrases → Generates a series of private keys → Generates a series of public keys → Corresponds to a series of addresses

In other words:

• Mnemonic Phrase = Keychain, and private keys often have a one-to-many relationship; theoretically, one set of mnemonic phrases can derive thousands of private keys;
• Private Key = Key, each private key corresponds to the usage rights of one address;
• Public Key/Address = House Number, which can be public; others can use it to transfer funds to you;

Thus, the mnemonic phrase can be seen as your "keychain," with each private key being one of the keys that can open doors, used to sign and prove your control over a specific wallet address—when you initiate a transaction, you use the private key to sign, telling the entire network: "This transfer is authorized by me."

2. Can I choose my own mnemonic phrases?

Some friends might wonder: Can I come up with my own 12 words? For example, my birthday, favorite English words, or idol names, making it more personal.

The answer is: Yes, but it's extremely dangerous.

Because computer-generated random numbers are truly random, while humans tend to choose words with patterns (common words, habitual phrases, preferred sequences), which significantly reduces the search space, making your mnemonic phrase easier to guess.

There have been security incidents involving "pseudo-random wallets," where some wallets used pseudo-random algorithms to generate mnemonic phrases, resulting in insufficient entropy, allowing hackers to brute-force and exhaustively crack them— in 2015, the hacker group Blockchain Bandit systematically searched for weak security private keys using faulty random number generators and code vulnerabilities, successfully uncovering over 700,000 vulnerable wallet addresses and stealing more than 50,000 ETH from them.

Of course, some geeks use dice (ensuring the dice are sufficiently fair) to roll random numbers and map them to the BIP 39 word list, which is considered manually secure, but for most people, it's unnecessary to complicate things, as it can lead to mistakes.

3. Can I brute-force my way into Vitalik Buterin's or other whales' wallets?

I used to fantasize about this, imagining one day I would generate a wallet address, only to find it contained millions of ETH, instantly achieving financial freedom by robbing a whale.

I must say, just thinking about it is quite tempting. But the reality is: the probability is almost zero.

Why? Because the number of possible combinations for mnemonic phrases is already exaggerated beyond human imagination:

• 12 words: Effective combinations are about 2¹²⁸ ≈ 3.4 × 10³⁸
• 24 words: Effective combinations are about 2²⁵⁶ ≈ 1.16 × 10⁷⁷

What does this scale mean?

We all know that there are countless grains of sand on Earth, but scientists have estimated an approximate value; assuming all the beaches and deserts on Earth combined, the total number of grains of sand is about 7.5×10¹⁸, which also means:

• The effective combinations of 12 words are equivalent to 4.5 × 10¹⁹ times the total number of grains of sand on Earth.
• The effective combinations of 24 words are even 1.5 × 10⁵⁸ times the total number of grains of sand on Earth.

In other words, it's as if every grain of sand on Earth has turned into a "new Earth," each new Earth containing beaches and sand, and you have to randomly find the one grain you previously marked among all this sand in one go.

This far exceeds the scale that humans can imagine.

Therefore, the probability of brute-forcing a wallet is not "extremely low," but under known physics and computational capabilities, it is equivalent to zero. Trying to get rich by "brute-forcing" is less likely than winning the lottery, where the odds are much higher.

Returning to the movie's premise: If someone really is just one word short of a mnemonic phrase, it is indeed possible to attempt brute-forcing.

Finally, here are a few safety tips regarding wallets/mnemonic phrases/private keys:

1. Prioritize using non-custodial wallets that have been tested over time and market, with open-source code audits, such as MetaMask, Trust Wallet, SafePal, etc., and if possible, use hardware wallets directly;
2. Never screenshot, store in cloud drives, copy and paste, or share your mnemonic phrases and private keys with others;
3. It’s best to write them down on paper (consider using a stainless steel mnemonic board, which is moisture-proof, fire-proof, and corrosion-resistant), keep them in a safe place, and back them up in 2-3 locations;
4. Public keys/addresses can be safely shared; they are your house number, but be cautious of phishing links;
5. It is recommended to manage wallets on clean devices and avoid installing unknown plugins or apps;
6. Remember this: Anyone asking you for your mnemonic phrase is 100% a scammer.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。