FUD!! and you know it if you actually took time to read the post.

> I could find the passwords for 17.956 of the addresses. * Only 2 addresses of the hacked brainwallets are currently not empty, and the total money that I could actually steal is 0.00115215 BTC.

> Somebody seems to have systematically flooded the blockchain with transaction to brainwallets. E.g. this transaction: https://blockchain.info/tx/ba421da33e5f85669d9312b804e22fa4c... It seems that each target address is actually a brainwallet and alphabetically ordered. The passwords for the first 3 addresses are Hollister, hollowing,

Nobody’s real brain wallets are being hacked! It’s just left over traces from someone running aome testing in early days of bitcoin.

This one says 17K wallets … oppsie all empty and obviously programmatically generated! i.e not used for real.

The other paper found 800!! supposedly… all empty.

A well designed brainwallet is perfectly fine and safe, just don’t use a sequential phrase from known sources and modify the words you do. Obviously.

> Nobody’s real brain wallets are being hacked! It’s just left over traces from someone running aome testing in early days of bitcoin.

I've talked to a LOT of real people who's real brainwallets were hacked. Certainly there is also some 'testing' but that doesn't change the fact that there have been real and substantial losses.

Brainwallets are very dangerous.

A brainwallet is the same thing as using a user provided password to secure a high value system that has an unsalted and public password hash database. This is a negligent practice. In the corporate world it wouldn't be shocking to learn that a security engineer was instantly fired for implementing such a practice.

Good security advice results in practical security even if the user uses the system less than perfectly. Attacker-originated security "advice" provides security only under unrealistic perfect use. Telling people to use brainwallets is like recommending one-time-pad encryption. In practice the security will be fragile if not outright broken though in theory with it may go okay sometimes.

Correct usage would require secure mechanically generated uniformly random seed phrases with a hundred plus bits of entropy. That isn't generally what people do in practice and the few who have often have issues with retention of the string being inevitably very poor, causing them to lose the funds by forgetting (esp after getting a fever). (Of course, if they're going to write it down and they didn't generate it themselves then it's not something anyone should be calling a brainwallet anymore.)

> A well designed brainwallet is perfectly fine and safe

Especially if the brainwallet adds a salt, which is maybe the problem that the previous poster was referring to. Brainwallets that don't add a salt are definitely a risk.

Did a brainwallet write this?