Even with only 10 words (which are chosen from the BIP39 word list, which is 2048 words long), a hacker would need to test 2048^10 = 1298074214633706907132624082305024 combinations to crack a passhprase. This would need some time. But there is no time limitation after some trials, because it can be done offline without an internet connection, for example on a graphics card.
But I think the main problem is malware, which just cracks the password and then gets the passphrase, for those cases where the wallet is empty after some time. One major problem of the Yoroi wallet is that there is no check for the security of the spending password (except it has to be at least 10 characters). Someone could just use 1111111111 and the wallet accepts it.
There are huge password lists and cracking programs which try all kind of known schemes, like one word followed by a number, all combinations of two words with all combinations of a few letters replaced etc. So if you don’t use a purely random spending password, and given the fact that for example 30% of all U.S. PCs are malware infected, you are screwed. The malware downloads your wallet, and cracks the spending password offline. I guess this is the reason so many coins got stolen. And I guess the dark figure is much higher, because not everyone reports here in the forum.
Only safe solution are hardware wallets. There can be still problems with replacing an address in the clipboard etc., but the hardware wallets have displays as well, where you can verify it, and I haven’t heard so far of an attack where an address is changed in a browser window, e.g. if you want to send it to an exchange. But might be a good idea to verify the address where you send lots of Ada on 2 different computers / mobile phones.
i have lost 3032 ada yesterday 06 dec 2021 when i recover my wallet using yoroi extension…i am sure i put the correct 24 seed phrase …but when recovered there was a transaction withdrawal history for all my fund…except for the rewards as it was staked for a long time…i have seen here same issue and this is really disapointing that it keeps happening and stressful. if anyone got experienced same issue and been resolved please help me too…thanks a lot in adavnce would be really appreciated.
no way… I am using yoroi since 2018 and I love it… why do you say that?
first yoroi has a 15 phaseprase, and daedalus has a 24 seed words…
maybe you restored the wrong wallet?
did u checked one of the address on cardanoscan.io to check the balance?
Ahha, sorry, I was looking at a different passphrase, still a little worried about the wallet saying my final balance will be 14 ADA if a revoke the staking key though … ?
I just lost around 300 ADA from Yoroi. I tried to restore my wallet several times with exact phrases and I do see exact address which I used to transfer a tiny amount of ADA to my other wallet. It’s a fkin scam. Everyone spread the word, YOROI is a SCAM.
I have it since 2018 and it’s NOT a SCAM, dude… why are u so angry? If yoroi is not what u nees then u have alternative like daedalus (full node), adalite.io, nami, ccvault, etc
Cheers,
PS: restore the wallet on adalite.io and perform transactions from there
