Brain wallet weakness checker
See how easily an attacker can derive your wallet address from a memorable phrase. Live demo, runs entirely in your browser.
Why "remember-a-phrase" wallets are dangerous
A "brain wallet" turns any text (password, sentence, famous quote) into a private key via SHA-256. It looks clever — no paper backup, portable in your head — but it's one of the most well-known anti-patterns in applied cryptography.
The core problem: SHA-256 is extremely fast to compute (a laptop can run hundreds of millions per second). Any attacker can take a common-password wordlist (rockyou, SecLists, Wikipedia quotes), iterate through millions of candidate passphrases in hours, derive BTC / ETH addresses from each, then scan on-chain balances — anything non-zero gets drained immediately.
This is not theoretical. In 2018 Jonathan Hodgson drained tens of thousands of brain wallets with a single ordinary server. Similar incidents happen on-chain every day.
Try it yourself
Type any password / phrase you think is "secure". We pipe it through the live leak checker — runs locally, your input never leaves the browser.
Or try these well-known weak passphrases (click to fill)
The right way
Use your wallet's built-in BIP-39 mnemonic generator (12 / 24 words). These words come from /dev/urandom or hardware entropy — truly random, not enumerable by any attacker. MetaMask / Ledger / Trezor / Trust Wallet all use this mechanism.
If you're currently using a brain wallet, move your funds now to a freshly generated hardware or BIP-39 wallet. Even if not drained today, it might be tomorrow.
Why our leak checker is trustworthy
KeyAudit's check runs SHA-256 entirely in your browser — the plaintext never leaves your device (see methodology). We index the same public dictionaries an attacker would use, so "leaked here" ≈ "already being scanned out there".