A court in the Chinese city of Qingdao sentenced a man to 10 years and 9 months in prison for stealing 107 Bitcoin. He did not hack any server. He simply memorized most of the victim's seed phrase and recovered the missing word.
How Zhang Stole Bitcoin Without Exploiting Any Vulnerability
In 2023, victim Feng asked his acquaintance Zhang to help him with a Bitcoin wallet. While working with the wallet, Zhang memorized 11 of the 12 seed phrase words. He later recovered the twelfth word by brute force and transferred 107 BTC to his own address.
When Feng noticed the missing funds and reported the theft, investigators traced the transaction chain back to Zhang. The court found that Zhang converted part of the assets and realized more than $97,000 in proceeds.
At trial, Zhang claimed he had been "protecting" the victim's assets and had not profited, saying he later lost money speculating on prices. Electronic transaction records contradicted this account.
Why Knowing 11 Out of 12 Words Is Enough for Full Access?
The BIP-39 standard uses a fixed wordlist of exactly 2048 entries from which seed phrases are generated. If 11 of 12 words are known, there are only 2048 possibilities for the last one. Any script recovers the correct word in under a second.
Brute-forcing a full 12-word phrase from scratch would take billions of years even on the fastest hardware: the number of combinations exceeds the atoms in the observable universe. But knowing almost the entire phrase collapses that protection in an instant.
- Fully unknown phrase (12 words): brute-force takes billions of years even on a supercomputer
- One unknown word out of 12: brute-forcing 2048 candidates takes under a second
- 24-word phrases: raise the security ceiling but do not remove the trusted-helper risk
- The risk is not in the BIP-39 algorithm. It is in the people around you
Alvin Kan, COO at Bitget Wallet, said after the case emerged that wallet security threats are more often human than technical. He recommended wider adoption of 24-word phrases, though he acknowledged they do not remove the risk of a trusted person who sees the phrase.
How Did a Chinese Court Recognize Bitcoin as Property Despite Crypto Bans?
China banned crypto trading and mining in 2021. In Zhang's case, prosecutors took an unusual stance for the country: Bitcoin meets the legal definition of "property" and can be the subject of theft under Chinese criminal law.
The court agreed. The Licang District People's Court sentenced Zhang to 10 years and 9 months, plus a fine of 100,000 yuan (about $14,700). The verdict was published by the Supreme People's Procuratorate on its official WeChat account.
For Chinese legal practice this is an unusual precedent. Crypto cases there have often been dismissed due to legal ambiguity or treated as civil disputes. Criminal prosecution for Bitcoin theft gives asset holders in China real legal protection, even as official bans on crypto remain in place.
What Should Wallet Owners Take Away From This?
107 BTC at current prices is worth more than $6 million. In 2023 when the theft occurred, the price was lower, but the sentence was still harsh: nearly 11 years behind bars. You can check the live Bitcoin to USD rate on Kurslog.
Zhang's case is a reminder of a risk that is easy to miss. People carefully avoid screenshots of their seed phrase but rarely consider that someone nearby can simply memorize the words. Not the full phrase. Just 11 of 12.
The takeaway is direct: never show your seed phrase to anyone, even people you trust. If you need help with a wallet, look for solutions where the recovery phrase stays hidden from third parties.
Comments
Your email address will not be published. Required fields are marked *