# Can a Helium HNT wallet be hacked?

in this video we will discusshow a helium wallet works and what are the chances of getting it hackedat the end of this video we’ll also talk about a few points to keep your wallet safe andwhat to do in case you are locked out of your helium wallet hey folks this is royand welcome back to my channel eigentech let us start by learning a few importantproperties of the helium wallet so the first question is how many helium wallets arethere you will probably be extremely surprised to learn this number there are actually about 173688 trillion trillion trillion trillion trillion trillion wallets so basically 72 zeros after173688 if you want to look at the number it something looks like this there are 78 digits inthis number to give you a sense of how large it is this number is larger than the number of atomsin the whole milky way galaxy while we decide okay so this is a gigantic number now informationabout any of these wallets is publicly available what i mean by that if you go to your heliumexplorer and look up at your helium hotspot or any helium hotspot then this is the accountto which this helium hotspot is registered and you can access all the information about thataccount like how many agents are there what kind of activity or transactions have happened how manyhotspots are registered or linked to that account okay so all this information is publicly availablethe next point is there are equal number of private keys so basically same as this number andeach private key gives access to a unique wallet and these wallets already kind of exist so this isa certain point when you register using the helium app it says that you are creating an account butwhat is really happening is that those accounts kind of already exist and you are given accessto one of those accounts okay we’ll talk about this point later on as well uh in in a similarfashion each valid set of 12 seed words or the pass phrases lead to only a unique wallet thereis no collision that means different sets of 12 words cannot lead to a single wallet or oneset of 12 words cannot lead to more than or cannot point to more than one wallets this relationshipis unique or one to one and your wallet is extremely secure unless you make a few mistakesas you will learn by the end of this video now let us learn about few concepts behind thehelium wallets for this we need to know a little bit of math in particular two concepts so thefirst one is binary representation so you know that humans use decimal number system whichis basically using the numbers between 0 to 9 however computers do not use decimal systemsthose use binary systems only zeros and ones so there is a conversion there is a rulehow to convert decimals into binaries so for example 0 and 1 are simply 0 and 1 in binaryformat so basically you add 1 to 0 to get 1 then to get the decimal 2 you have to still add1 but in binary there the 2 doesn’t exist so what you do you have to add 1 to 1 and that becomes 0and you have a carry of 1 that carry on you add to the uh next digit which is basically 0 just assumethat there is a 0 here so it becomes 1 0 similarly if you want to get 3 you add 1 more becomes 1 1for 4 you add another one and you assume there is there is a 0 here so that carry one becomes isadded to it and you get one zero zero basically you can think of this like an odometer butuh instead of having zero two nines you have basically only zeros and ones okay in thatmeter in the same fashion you can check that 1 10 is actually 1 0 and 0 actually there are plentyof online tools if you want to convert between decimal and binary you can also use the calculatorinbuilt in your operating system for example you just go to the programmer mode and just enter anynumber for example 85 in decimal and then click on binary it will show you the binary format and viceversa anyway so this is how it’s converted and these numbers are in the binary presentation iscalled bits the second concept we need is called exponentiation so basically you might already knowabout this if you multiply the same number twice it’s called five square in this case or five daysto two if you do it three times five times five times five it’s five cubed or five raised tothree so basically if you multiply a number a n number of times it becomes the mathematicalrepresentation of it is a to the power n or a raise to n here a is called the base and nis called the exponent for example if i multiply 2 4 times it becomes 2 to the power 4 and if i have1 over 2 to the power 4 in a mathematical notation shorthand notation is expressed as 2 to the power-4 okay now we need to know just two rules here so the first one is called the product rule basicallyif you multiply two numbers with equal bases then the exponents simply add up so in thiscase 2 to the power 8 multiplied by 2 raised to 3 becomes 2 to the power 8 plus 3 or 2 raisedto 11.Similarly we have a division rule so if you just divide two numbers with the same basesthe exponents are subtracted from each other so in this case 2 to the power 8 divided by 2 to thepower 3 becomes 2 to the power 8 minus 3 which is equal to 2 raised to 5. so these are the only tworules we need okay next we will consider the toy example to understand how the helium wallet worksso in this case we will consider that the toy wallet is 4 bits long since it’s 4 bits long thatmeans there are 2 to the power 4 or 16 private keys if you want to learn what are those theseare these 16 numbers in the binary presentation now it might be difficult to remember thisprivate key right private key is important i have to remember it in this case this is onlyfour digits for example but it’s easy but let’s say you have 100 digits then it will be verydifficult to remember almost impossible to remember and also it will be very difficultto write down because you can make mistakes so there is a simplest solution for itand what you do that you often generate a seed phrase using this private key or applyingsome rule to this private key so we’ll learn let’s take one example so let’s consider this particularprivate key one zero one one okay and to generate this seed phrase often something extra is addedto that okay what is added is called the checksum in this case in this example we will add a twobits of checksum now the checksum could be any rule you like in this case we’ll use a simplerule so we’ll basically split this in two parts uh the first two number and the second twonumber and if they are equal we will say that uh much x sum is zero if they are unequal you willsay that the checksum is one so in this case the first two numbers are unequal so the checksum isone and the second two are equal so the checksum is zero you can also think it as a binaryaddition or simply parity measurement okay so anyway so the last two digits are the checksumand we add this to the existing private key and this is this becomes our new string which is nowsix bits long now what we do that we split this six bits long string into some parts and assignsome words so in this example we’ll split it in three parts so here we have 1 0 1 1 and 1 0 againand then to assign some word we first convert this into the decimal representation so that it’s easyso it becomes 2 3 and 2 if you remember the table earlier and then we just choose a set of words andin this case this is this will be called our own dictionary and i have chosen zero correspondingto alice one for bob two for charlie and three for david so you can see that this string this stringnow is effectively can be written as charlie david charlie so basically this is the seat phrasecorresponding to this private key one zero one one so the important point here is that foreach set of private keys there is a seat phrase but not all set of three words are valid if youchoose three random words from here that might not be a valid set for example charlie david bob willnot be a valid set because of this checksum rule okay if you like you can try out what wouldbe the three seed words for this particular private key and let me know in the comment sectionnow the helium app wallet uses exactly the same idea but with a much larger number of bits soin their case they use 128 bit long key when the helium app is used that gives rise to 2 to thepower 128 private keys and to generate these seed words or passphrases a checksum which is fourbits long is added at the end of this private key and the checksum is used as a the first fourbits of the sha-256 hash of that private key so i don’t need to go into the details of this buti’m just trying to convey you the concept here then uh the four bits are addedso it becomes 132 bits long then this is divided into 12 11 bit sections likei have done earlier okay three two bit sections so now there are 12 11 bit sections so each ofthis 11 bit section can be then represented in the decimal format as a number between 0 and2047 because 2 to the power 11 is actually if you compute it turns out to be 2048 so it can bewritten as a number in between 0 and 2047 and then you choose your dictionary and assign the wordsso basically it will be a mapping between these 12 numbers to 12 words using some dictionary so letme show you what kind of dictionary is actually used so it doesn’t contain all the words in theum let’s say oxford dictionary or something it’s actually uses a very specific set of the wordsso and that is this set of words i will leave the link in the description and you can see there isa number from 1 to 2048 and they have some special properties about this dictionary and if you go tothis link explains how to generate this mnemonic has this information that this word list iscreated in such a way that it’s enough to type the first four letters to unambiguously identifythe word and similar words are avoided and some other extra properties of this word list anyway ifyou like you can check out this word list so let us go back to the presentation and as i showedyou that it has to have it needs to have two to the power l11 equals two zero four eight words inthe dictionary because that is our mapping rule now you can see that this one ordered setof 12 words will always lead to a unique wallet there is no other possibility okay andthis i am only talking about the helium app there is another option which i will not go tointo the details something called cli wallet or command line interface wallet and thatuses 256 bit long private keys okay and that is even more stronger but there are no seed wordscorresponding to those private keys so you cannot enter you cannot use a cli wallet using the heliumapp okay all right so let us now try to understand what are the chances of getting your helium wallethacked now what are the methods of getting a wallet so hacking basically means that someonehas access to that 12 seed words so that they can perform transactions using inside that walletand to be useful it has to be one of the accounts in use or in other words the accounts in whichthere are some money not any random account right so what is the common method ofhacking it’s basically scamming people try to lure you uh and get access to your12 seed words so there have been incidents like often you will get messages likeyou have one free crypto or hnt and or somebody is trying to help with your minerlike trying to solve your relay problem or they will say that they need to verify your walletand basically the idea is that they will try to get the 12 words of your account and if you giveit your account will be basically they will steal all the money and all the miners from your walletokay so never do that so let’s say uh people are smart enough and this method of hacking doesn’twork anymore so scamming is basically impossible uh then what are the methods then there are twomethods left either that the helium app reveals one of the 12 words for an existing accountor somebody tries a brute force approach to get access to one of the wallets okay solet’s see what are the possibilities here so first about the chances of helium appdisclosing an existing wallet or disclosing 12 words for an existing wallet now the app uses arandom number generator to select those words okay along with the checksum math okay so basicallythe question is what are the chances that the app selects an existing account now for that we needto know what are the number of existing accounts so currently if you go to the helium exploreryou will see that there are about 500 000 helium miners that’s actually pretty small number solet’s say we consider one of the extreme cases that i could think of let’s say there are abouteight billion people since they said there are eight billion miners in the whole world and let’ssay each account has about two miners on average then that means there will be four billionexisting wallets okay and this four million if you convert into uh 2 to the power someexponent it turns out to be about 2 to the power 32 okay so what is the chances of rebuildingremember there were exactly 2 to the power 128 private keys or accounts accessible throughthe helium app and the existing number of helium accounts which have been which are beingused is to deal with 32 so the probability of revealing is 2 to the 32 divided by 2 to the power128 as i just showed you earlier that becomes 2 to the power minus 96 or 10 to the power minus 30.Sowhat does this mean so this means that once in a 1 million trillion trillion attempts thehelium app might reveal 12 words for one of the existing accounts so you can understandthat this probability is extremely extremely small practically basically zero so there isbasically no chance that the helium app will reveal the 12 words for an existing account soyou can be extremely confident about that okay now if somebody tries a brute force approachusing the similar technique uh the probability is again similar so one has to try one milliontrillion trillion times to get access to basically one existing account okay sothat’s an extremely large number now let’s say someone is trying to simply get accessto a helium wallet by entering random words in the helium app so what are the chancesfor that so hacking using some trial and error method remember there are 2048 words inthe dictionary and there are 12 places to fill using those words and there could be repetitionsso basically the number of possibilities is 2048 to the power 12 or 2048 can be expressed as 2to the power 11 which becomes 2 to the power 132 so this is the number of combinations thatis possible using the words in the dictionary however not all sets are valid so any random setyou choose will not be valid because of that check some i discussed earlier so actually the validpossibilities are 16 times smaller or 2 to the power 128 okay so the probability of guessing acorrect what set is 2 to the power 128 divided by 2 to the power 132 which is 2 to the power minus4 or 1 over 16.What does it mean it means that if you make 16 guesses on average out ofthat one will be a valid set of 12 words which which will lead to a helium account but arandom account okay not an existing account it could be an existing account so let us check thewhat is the probability of that being an existing account it’s basically the same as a last timethat we discussed but then you have this pre factor of 1 over 16 which makes it 2 to thepower minus 100 or 10 to the power minus 31 so again one will have to try 10 million trilliontrillion times to get access to possibly one of the existing accounts so again this is basicallypractically impossible no one can do it in their lifetime so here i talked about the helium appbut actually the cli wallets which are more secure even more secure that probability is 10 to thepower minus 15 so basically if you want to try it by this trial and error method you will needyou will need a time which is larger than the age of the universe to practically get accessto any existing helium wallet okay so you can think that this is the helium wallet is basicallyhack proof and you don’t have to worry about it now i will provide a few tips to keep your walletsafe so even though this is hack proof doesn’t mean that you cannot lose it okay so the firstthing and the most important thing is that if you are using the helium wallet app you should writedown the 12 words on a piece of paper and it’s even better if you actually type it and print ona physical paper okay don’t keep it in a soft copy because in there were cases where people saved inin their mobile phone itself and lost the phone okay in that case you will basically lose accessto your account so while writing the words is also important that you maintain the exact same orderso number them and avoid spelling mistakes okay so this might sound like very basic but there werecases where people have made mistakes i have shown you here a few examples that you can see thatpeople can actually by mistake write one word for another and if you do so again you will not beable to log back into your existing account okay so be very careful about the words and theword the order of the words okay and as i have discussed earlier never share these 12 wordswith anyone if you give the 12 votes to somebody he will have access to your wallet and all youragents and the miner associated with that wallet okay so never do that never share your12 words then uh if you are planning to log out for or let’s say format your phone or forwhatever you want to change your phone it’s a good idea to double check your seed words okay so youcan do that by going to the settings of the helium app and click on reveal words so you should crosscheck that all our words are written correctly then if possible if you have access to both thephones it is better to simultaneously log in using the other phone so right now i have checked thathelium allows you to log in using two different phones simultaneously i don’t know whether it willbe stopped in the future or not but at least it’s possible right now so it’s better to log into thatand check that you have access to your old account now let’s say um somehow you are you cannotaccess your account or there is some problem so here are a few troubleshooting tips so thefirst common one is what happens is that people have changed their phone logged in using thesame old 12 seed words but it’s not showing the hot spot in that case the way to solveit would be clear the cache of the helium app or will simply uninstall and reinstall the appagain and try to log in again and sometimes it takes also a few minutes to load all theinformation from the about that wallet okay then if you see this error which says uh failedto load tap to retry that could mean that there is some problem with the blockchain or helium networkissue and basically simply try at a later moment and if you see this error this is pretty seriousit says that the seed this seed phrase doesn’t correspond to a helium account this is what idiscussed earlier not any random set of 12 words are a valid set so this is basically whatever youtried was invalid set in this case there could be three reasons for that first you use the correctwords but not in the right order so incorrect order or you had a spelling mistake you basicallytyped a different a word which is similar sounding or you completely lost or partially lost a fewwords you’re trying to guess it and you see that the probability of guessing is extremely small soagain it’s a very good idea to write down the 12 words very clearly and in a safe place so let meemphasize again that if you lose those 12 words that means that you lose access to the heliumwallet and you will lose all the hnts which are inside that wallet and any helium miner which wasregistered or associated with that wallet it will be lost forever no one even the developerscannot retrieve those information for you okay i hope i could convince you thatthe helium wallets are extremely safe and no one can hack into your wallet unlessyou give away those 12 words accidentally also you cannot lose access to your own heliumwallet if the 12 pass phrases are saved safely i hope this information was useful to youif you have any more questions let me know in the comments section that’s all for todaythanks for watching guys and get cryptonized you