Starting from "Chasing Shadows": The 2048 words that determine trillions of encrytion assets.

Author: Tyler

I recently watched Jackie Chan's critically acclaimed new work "Catch the Wind and Chase the Shadow," and there is a quite interesting segment in it—over 10 billion HKD worth of crypto assets locked in a 12-word mnemonic wallet, with only the last word remaining unknown.

I finished watching and tried it out, only to find that the 10th and 12th positions are not in the standard mnemonic word list. Clearly, the screenwriter did this on purpose to prevent people from restoring wallets according to the plot for the purpose of fraud, as similar scams on the blockchain are not uncommon.

Scammers will deliberately leak a "balance-carrying" wallet address (typically on the Tron chain, utilizing the Owner mechanism), enticing everyone to transfer Gas, waiting for a catch; once the funds are transferred, they can never be retrieved.

But the interesting point here is that the movie says that only the last word is unknown. However, in the real world, mnemonic phrases follow the BIP39 standard, which consists of a total of 2048 words. This means that brute-forcing the last position would yield at most 2048 possibilities. If we narrow it down further, for example, if the known starting letters are "es" as in the movie, then the possibilities are even fewer, and it could be tried in just a minute.

However, the question that is more worth revisiting beyond the movie is: What is the relationship between mnemonic phrases, private keys, and public keys? Why does losing the mnemonic phrase equate to losing all assets?

1. Mnemonic: Private Key: Public Key/Address = "Keychain":"Key":"Door Number"

A mnemonic phrase is a backup method that follows the BIP39 standard, consisting of 12, 18, or 24 words randomly selected and combined from a vocabulary of 2048 English words using an algorithm.

This set of mnemonic words, after being processed by the PBKDF2 algorithm, will generate a seed, which will then derive a series of private keys according to path standards such as BIP32/BIP44, corresponding to a series of public keys/addresses.

A set of mnemonic phrases → Generate a series of private keys → Generate a series of public keys → Correspond to a series of addresses

In other words:

• Mnemonic = Keyring, and private keys often have a one-to-many relationship, theoretically a set of mnemonics can derive thousands of private keys;
• Private Key = Key, each private key corresponds to the usage rights of an address;
• Public Key/Address = House Number, can be public, others can use it to transfer money to you;

So you can think of the mnemonic phrase as your "keychain," and each private key is like a key that can unlock a door, used to sign and prove your control over a wallet address—when you initiate a transaction, you use the private key to sign it, telling the entire network: "This transfer is authorized by me."

2. Can I choose my own mnemonic phrase?

So some friends might wonder: Can I come up with my own 12 words? For example, my birthday, my favorite English word, my idol's name, that would be more personal.

The answer is: Yes, but extremely dangerous.

Because computer-generated random numbers are truly random, while humans tend to have patterns when selecting words (common words, habitual words, order preferences), this significantly reduces the search space, making your mnemonic phrases easier to guess.

There have been security incidents related to "pseudo-random wallets" before. Some wallets used pseudo-random algorithms to generate mnemonic phrases, resulting in insufficient entropy, which hackers could brute-force and crack directly. In 2015, the hacker group Blockchain Bandit systematically searched for weak security private keys by exploiting faulty random number generators and code vulnerabilities, successfully uncovering over 700,000 weak wallet addresses and stealing more than 50,000 ETH from them.

Of course, some geeks will use dice (making sure the dice are sufficiently balanced) to roll random numbers, which are then mapped to the BIP39 word list; this is considered manually secure. However, for most people, there's no need to make it so complicated, as it can lead to mistakes.

3. Is it possible to violently crash into the wallets of V God or other whales?

I also daydreamed about this issue back in the day, imagining that one day I would generate a wallet address, and when I looked inside, there would be over a million ETH, instantly achieving financial freedom and directly stealing from a certain whale.

I have to say, just thinking about it is quite tempting. But the reality is: the probability is almost zero.

Why? Because the possible combinations of mnemonic words have become so exaggerated that they exceed human imagination:

• 12 words: The number of valid combinations is approximately 2¹²⁸ ≈ 3.4 × 10³⁸
• 24 words: Effective combinations approximately 2²⁵⁶ ≈ 1.16 × 10⁷⁷

What concept does this magnitude represent?

We all know that there are countless grains of sand on Earth, but scientists have estimated an approximate value. Assuming all the beaches and deserts on Earth combined, the total number of grains of sand is about 7.5×10¹⁸ grains, which also means:

• The number of valid combinations of 12 words is equivalent to 4.5 × 10¹⁹ times the total number of sand grains on Earth.
• The number of valid combinations of 24 words is 1.5 × 10⁵⁸ times the total number of sand grains on Earth.

In other words, it's as if every grain of sand on Earth turns into a 'new Earth', and each new Earth contains beaches and sand, and then you have to randomly find that one grain you marked in advance among all these sands at once.

This has far exceeded the scale that humans can imagine.

Therefore, the probability of brute-forcing a wallet is not "extremely low," but is effectively zero under known physical laws and computational capabilities. Relying on "credential stuffing" to get rich is even worse than buying a lottery ticket, as the odds of winning are much higher.

Returning to the setting of the movie: if someone is indeed just missing one mnemonic word, it is indeed possible to try by brute force.

Finally, here are a few security tips regarding wallets/mnemonics/private keys:

1. Prefer using non-custodial wallets that have been tested by time and the market, and are open source audited, such as MetaMask, Trust Wallet, SafePal, etc., and conditionally use hardware wallets directly;
2. Mnemonic phrases and private keys should never be screenshotted, stored in cloud drives, copied and pasted, or sent to others;
3. It is best to write it down on paper (consider using a stainless steel mnemonic board, which is moisture-proof, fire-proof, and corrosion-resistant), store it in a safe place, and have multiple backups in 2 to 3 different locations;
4. Public keys/addresses can be safely shared; they are like your house number, but be careful to identify phishing links.
5. It is recommended to manage your wallet using clean devices and not to install unknown plugins or apps indiscriminately;
6. Remember this phrase: Anyone who asks you for your mnemonic phrase is 100% a scammer.