A brain wallet generates its ECDSA private key deterministically from a single user-chosen passphrase, typically by hashing the passphrase with SHA-256. Unlike hardware wallets or BIP-39 mnemonics, the passphrase **is** the seed — no randomness beyond the user's imagination.

This design is catastrophically insecure for any real-world passphrase. Attackers run dictionary-based sweeps against all funded addresses. The dict_derived confidence tier in KeyAudit specifically flags these: a theoretical match between a candidate passphrase and a leaked address-hash, not evidence of theft. In practice, 93% of keys in our 6.94M leak index trace to brain-wallet brute force.

Brain wallets rely on human entropy, which averages 2-5 bits per word. A GPU cluster enumerates all passphrases from Wikipedia lists in minutes. We recommend migrating to BIP-39 seed phrases (128+ bits of cryptographic entropy) for any wallet holding real funds.