This article is reprinted with authorization from Huali Huawai, and the copyright belongs to the original author.
Since last week, many crypto media and self-media have reported that the U.S. government has cracked a Bitcoin wallet and confiscated over 120,000 Bitcoins from the "Prince Group" (a scam group in Cambodia). We won't elaborate on the specific events here, as many of you should have seen quite a bit about it in the past few days. If you're not familiar, you can Google "Prince Group Chen Zhi Bitcoin confiscation incident" to learn more.
I initially thought there was nothing much to this, as it's not the first time governments have confiscated Bitcoins from criminals. However, I noticed that some bloggers, possibly to attract traffic or for other reasons, have made some rather interesting statements online, such as "Bitcoin wallets can now be cracked, and the U.S. government can directly confiscate Bitcoins," "Bitcoin is a conspiracy of the U.S. intelligence community, specifically designed to exploit global investors," "Blockchain is a scam, and Bitcoin will eventually disappear," "120,000 Bitcoins will flood the market, and Bitcoin prices will crash"… I really couldn't stand it anymore, so today let's discuss a few of these targeted questions.
1) Was the Bitcoin wallet of Prince Group's Chen Zhi cracked?
Maybe.
Although there are still various opinions online, for instance, some say it was a trusted person around Chen Zhi who caused the problem, others say the U.S. government cracked it using quantum computers, and some say the U.S. government discovered vulnerabilities in the wallets…
From the information available, a widely circulated theory is that the U.S. exploited vulnerabilities to crack it. This theory does seem quite plausible, suggesting that the issue may primarily lie with the wallet software (specifically, the problem with the software-generated private keys).
Theoretically, Bitcoin's mnemonic phrases/private keys should be generated through random algorithms (256-bit random numbers, strong encryption random entropy generation), but the wallets used by "Chen Zhi" might have employed a pseudo-random algorithm (PRNG, previously referred to as a weak random algorithm) due to developer laziness. Although the generated private key format appears chaotic, there is a certain pattern, which was discovered by the U.S. Consequently, they hired top experts to reverse-engineer all such wallet addresses based on this clue, leading to the "confiscation" of Bitcoins worth over $15 billion.
As a side note, the aforementioned pseudo-random algorithm (PRNG) mainly appeared in some earlier wallets, and most mainstream wallet applications have since improved on this issue. If you are using an older wallet address and are concerned about this problem, you might consider switching to a new address and transferring your assets.
To make it easier for beginners to understand, let's use a very simple analogy: if your bank card password is a 6-digit random number, even if you lose the card (and someone sees the card number), your money won't be lost. But if you tell someone that your 6-digit password is your birth date, then there's a high chance it can be cracked.
As for how much the U.S. government spent to crack this batch of Bitcoins (the cost), I don't know, but if they spent hundreds of millions in manpower and computing power to directly obtain $15 billion, that would certainly be a very profitable deal.
2) Can Bitcoin wallet mnemonic phrases/private keys really be cracked?
The possibility is approaching zero.
I remember last year (on July 24, 2024), we specifically wrote an article titled "Can Your Crypto Wallet Be Cracked?" Interested parties can look back at that historical article. As shown in the image below.
In simple terms, if your mnemonic phrase is stored properly, your wallet is actually very secure, and the likelihood of a hacker guessing all 12 mnemonic words is approaching zero.
Take the 12-word (or 24-word) mnemonic phrase as an example; to perform a brute-force attack, there are 2048^12 possibilities, which is an incredibly large number of combinations. With current human computing power and technological means, it is impossible to crack.
Therefore, there's no need to be overly worried, nor should you be scared by news reports about supercomputers. Many prominent figures in the crypto space have wallet addresses containing hundreds of millions or even billions of dollars worth of Bitcoin and are not worried. Instead of fretting over trivial concerns, it might be more useful and practical to think about how to leverage the crypto market to earn more money.
3) Will the 120,000 Bitcoins confiscated by the U.S. government flood the market?
It shouldn't.
You haven't forgotten that Trump has already passed the Bitcoin Strategic Reserve Act, right? This act clearly outlines several key points: Bitcoin will be regarded as a national reserve asset, and the Bitcoins currently confiscated by the government will be centrally managed. Once the government holds Bitcoin, it will, in principle, not sell it and will treat it as a long-term reserve asset.
In other words, as long as the Bitcoins confiscated by the U.S. are concerned, they will, in principle, not circulate in the market at this stage. This long-term outlook should not be seen as a positive factor, right?
Unless, one day in the future, the U.S. government modifies the act. As for whether the Bitcoin Strategic Reserve Act will be modified in the future, I don't know, and I can't say. You might as well consult the U.S. president directly.
4) Will Bitcoin disappear?
Humans may disappear, but Bitcoin will not.
According to incomplete statistics, Bitcoin has been declared "dead" at least 474 times to date. As shown in the image below.
However, at the same time, Bitcoin has risen from being worthless to a current price of over $100,000 per coin. I remember we mentioned in a previous article (on September 15, 2023): we seem to be on the brink of the world's most influential financial giants adopting the most innovative wealth transfer technology in human history. If you don't want to miss this historic opportunity, just patiently hold onto your Bitcoin.
5) Is Trust Wallet unsafe now?
Due to this incident, Trust Wallet has also been referenced and named by many crypto media, leading to the wallet being caught up in this storm. Since some people have asked me whether this wallet can still be used, I will briefly address it here.
Trust Wallet was acquired by Binance in 2018, and I have been using this wallet since 2019 without any incidents of asset loss.
Of course, I have no financial ties to Binance and will not guarantee the safety of its wallets. Whether you continue to use this wallet is a neutral decision on my part. If I had to mention any connection, the only one is that I also use Binance, and they have sent me a few boxes of promotional gifts in the past, that's all.
Regarding this incident, Trust Wallet issued a statement a few days ago, as shown in the image below.
They claim that their security is not an issue, and whether you choose to believe their statement is up to you. If wallets from well-known companies like Binance are not safe, then I think the security of wallets developed by unknown teams may be even less guaranteed.
In fact, we have shared multiple articles in the past about the safe use of wallets. How should I put it? Security is often relative; just because a wallet is secure doesn't mean your assets will be 100% safe. It also relates to your personal usage habits, such as not storing your mnemonic phrase on connected devices (like taking a screenshot and saving it on your phone or storing it in plain text on a cloud drive).
Of course, the security of the wallet itself is certainly something we need to consider first. For Bitcoin wallets, the most recognized and secure wallet is undoubtedly Bitcoin Core (the Bitcoin Core wallet, maintained by the Bitcoin Core development team). However, this is a full node wallet, and installing it currently requires at least 600GB of hard drive space (in addition, it needs to download 5-10GB of data each month), so it's not very suitable for ordinary personal use.
Therefore, we often consider using lightweight wallets, such as Electrum (desktop wallet, which I mainly use to generate mnemonic phrases/private keys offline), as well as Trust Wallet, Metamask, and more recently, OKX Web3 wallet, Rabby, Phanto, Binance MPC wallet, etc.
Many people may also think that hardware cold wallets are the safest (like Ledger, Trezor, etc.), but we won't discuss or dwell on that; you can choose based on personal preference and needs. Different strokes for different folks. I personally have two hardware wallets that were given to me a few years ago, but I only used them for testing and playing a few times, and the amount of assets stored in them is not large. I prefer to use an offline computer and a separate iPhone (old phones that have been reset to factory settings) as cold wallets. I have shared these practices in previous articles.
Since everyone is now concerned about the security of wallet mnemonic phrases/private keys, I will continue to provide a simple example using Electrum (note that this is just an example, and I have no financial ties to Electrum) to show how to securely generate mnemonic phrases/private keys offline:
Step 1: Basic preparation.
Download the installation package from the official electrum_org wallet website (make sure to use the official website to avoid phishing from fake sites) + the corresponding signature file (the file with the .asc suffix) + the ThomasV signature file (this is the public key of the software developer), as shown in the image below.
Place the three files in the same folder, copy them to a blank USB drive, and then transfer them to a computer that is not connected to the internet (offline) for use.
Additionally, here’s an optional step:
If you want to further ensure that the Electrum you downloaded has not been tampered with or infected with malware before using it, you can perform an additional security verification based on the GPG method.
For those interested in the concept and working principles of the GPG (GNU Privacy Guard) method, you can search for it on Google. We won't share too much technical detail here; instead, we will provide a simple example of the verification steps.
1) Continue to download a signature verification tool; a popular one is Gpg4win (a free tool). Make sure to download it from the official website, as shown in the image below.
2) After installing the Gpg4win software and the corresponding components, click to run it (a shortcut icon named Kleopatra will be generated on your desktop), and you will see an interface like the one shown in the image below.
3) Click the "Import" button at the bottom of the software interface to import the public key (the ThomasV file you just downloaded). After completing this, open it and note the "fingerprint" inside (this fingerprint will be used later), as shown in the image below.
4) Continue by clicking the "Decrypt/Verify" button at the top of the interface to import the Electrum files (the other two exe or asc signature files you downloaded earlier), and you will see the verification results, as shown in the image below.
5) If you see a message like "4 signatures could not be verified" in the above step, you can ignore it, as this simply means that the developer's public key was not manually selected for trust. We should focus on whether the digital fingerprint matches the developer's public key. Continue by clicking the "Show Audit Log" button on the right side of the interface, as shown in the image below.
6) Then find the "Primary key fingerprint" field at the bottom and check if it matches the fingerprint of the imported developer's public key (which we recorded in step 3 above). If they are the same, it indicates that the signature is valid, and the software is safe to use, as shown in the image below.
Step 2: Generate mnemonic phrases offline.
On a computer that is not connected to the internet, open the Electrum file in the folder to run it. Choose the options according to your personal needs in the previous steps. When you reach the "Key Store" step, you can select the option "Create a new seed," as shown in the image below.
Click "Next," and you will see the newly generated mnemonic phrases, as shown in the image below. We can write the mnemonic phrases on paper and keep them safe (do not take a photo with a connected phone).
Continue by clicking "Next," and follow the prompts to enter and confirm whether the recorded mnemonic phrases are correct. You will then be prompted to set a password, which is used to protect the corresponding wallet file on your computer (if you do not want to protect the computer file, you can leave it blank), as shown in the image below.
At this point, we have successfully created a new wallet (mnemonic phrase).
Of course, we have only briefly shared the method for creating mnemonic phrases above. If you need, you can further operate through the corresponding menu bar in the Electrum interface, such as creating more wallets, backing up wallet files, viewing the wallet's master public key, modifying the file protection password, viewing or exporting private keys, etc. We will not introduce more functions here; those interested can research it themselves, as there are very detailed help documents on their official website.
Let's return to the topic of security. Since the mnemonic phrase is everything (whoever has the mnemonic phrase owns all the assets in the corresponding wallet), how to safely store the mnemonic phrase is the most important thing for us. Each person's operational habits may vary; some write it on paper, and some even use specialized fireproof metal letter boards (available for sale online). For example, my personal habit is:
1) I save the mnemonic phrase on a separate offline device (iPhone), but I will disperse the 12-word mnemonic into dozens of words (all chosen from the BIP39 list, as shown in the image below), and I will also scramble the order of the mnemonic phrase. The combination pattern is known only to me.
2) I handwrite two more copies using different combination patterns. One will be kept in an English book on my bookshelf (different pages + different words, with a pattern known only to me). The other will be written on a piece of paper and given to a family member (with a combination pattern they can understand).
3) I save a copy on a blank USB drive, which contains various English materials (these are actually useless). One folder contains several lists, some of which include the mnemonic phrase, again with a pattern known only to me.
However, this complicated method is only for the mnemonic phrases of wallets I use for holding coins. For daily use wallets with small assets, I won't be so complicated; I will directly record the mnemonic phrases in an Excel sheet on my computer. I have generated many such mnemonic phrases over the past few years.
That said, if you find it cumbersome to store your mnemonic phrases and are worried about not keeping them safe, I believe for most new partners, directly storing assets in mainstream exchanges (like Binance, OKX) or using the MPC wallets provided by mainstream exchanges (no mnemonic phrase wallets) might actually be the safest option for you.
The so-called MPC wallet, as we introduced in previous articles, simply means: the private key of this wallet is split into multiple pieces in a special way, usually into 3 pieces. The platform (like an exchange) will keep one piece, you will keep one piece on your device (like your phone), and you will back up one piece (which corresponds to the QR code image you downloaded when backing up the wallet or backed up to the cloud). The 3 pieces + the recovery password you set will jointly protect the security of your wallet assets without needing to back up the mnemonic phrase. If your device is accidentally lost, you can directly restore the wallet using the backed-up QR code/cloud and recovery password.
Of course, the MPC wallet is built on the foundation of trusting the corresponding platform sufficiently. If the platform suddenly goes bankrupt and does not provide an open recovery solution (the platform does not offer offline recovery tools or open-source protocols), it may be quite troublesome to retrieve the assets in your wallet.
Finally, we need to remind you again: in the crypto field, we should prioritize security issues (risk awareness) above all else. We need to pay attention not only to market risks but also to account usage security, wallet usage security, credit risks, and interaction risks. When making any investment decisions, it is advisable to adhere to the principle of "if you don't understand, don't touch it," while maintaining kindness and friendliness, please remember to stay vigilant and aware of risks.
Related: U.S. Congress Pushes for First Revision of the Bank Secrecy Act in 50 Years
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
