For bitcoin fans, the notion of a "brain wallet" has long seemed like the ideal method of storing your cryptocurrency: By simply remembering a complex passphrase, the trick allows anyone to essentially hold millions of dollars worth of digital cash in their brain alone, with no need to keep any records on a computer.

It turns out, however, that your mind is a surprisingly vulnerable place to put the key to your crypto-liquid assets. And now one hacker is releasing the brain-thieving software to prove it.

Next month at the hacker conference DefCon, security Ryan Castellucci plans to release a piece of software he calls Brainflayer, designed to crack bitcoin brain wallets and let any hacker suck out the digital cash stored in them. In fact, wise bitcoiners have known for years that brain wallets—despite their promise of hiding crypto treasure in the most private depths of the user's mind—are often unsafe. Castellucci says his cracking program is designed to serve as a public demonstration of that insecurity for those who still haven't gotten the message, and put an end to the practice for good.

"People still want to use brain wallets because they like the idea of a key stored in your head...They're in denial about how bad the situation is, and some of them are going to get screwed," says Castellucci, a researcher for the security firm White Ops. He says his software, which he plans to publish online at the time of his talk next month, is meant to serve as a warning: "Please move your bitcoins to somewhere where they won't get cracked. I want to undeniably prove to everyone that this is not safe."

Brain wallets work by taking a chosen passphrase and putting it through a mathematical function known as a "hash." The resulting string of random-looking numbers is then used as a bitcoin private key—the long string of secret characters that controls a stash of the cryptocurrency at a certain bitcoin address. Because the same passphrase can be hashed again at any time to create the full private key, the user doesn't need to remember that long key string, only the passphrase. The user can even delete the private key from his or her computer and walk around knowing that no one, not even cops who seize the machine, can access his or her mentally hidden treasure.

The problem, says Castellucci, is that humans don't choose strong, random passphrases as well as they think they do. And any hacker can patiently guess millions upon millions of passphrases, converting them into private keys and trying them on every bitcoin address on the blockchain, the public ledger of all bitcoin locations. Even when a bitcoin user thinks she has chosen a sufficiently strong passphrase for her brain wallet, Castellucci says it often can't stand up to the cracking resources of thieves motivated by an instant cash reward. "The usual bitcoin private key is long enough that no one is going to guess it before the sun burns out," says Castellucci. "But if they just have to guess your passphrase, they're going to do it, because people are terrible random number generators."

Castellucci first wrote the brain wallet passphrase cracker that would become Brainflayer in 2013, shortly after he read about brain wallets for the first time. He left his program running, scanning for vulnerable bitcoin addresses, while he went to a picnic for a few hours. By the time he got back, it had found a wallet containing 250 bitcoins—more than $66,000 at today's exchange rates—ready to be stolen by anyone who had run a similar program. (Castellucci eventually managed to contact the wallet's owner and convince him to move the bitcoins to a more secure wallet.) There are plenty of reported incidents of actual brain wallet thefts. One of those victims, Reddit user "thonbrocket," describes how they had used a phrase from an obscure poem in Afrikaans as a passphrase, and was shocked to find that it was guessed.

Castelucci wouldn't say just how many passphrases Brainflayer is capable of guessing on a single PC, a detail he says he's saving for his DefCon talk. But he hints that if his program were running on a botnet of malware-hijacked computers, it could try as many as a hundred billion passphrases a second. More than other passphrase crackers, he says the program is optimized for the problem of quickly generating bitcoin keys and scanning the blockchain to try them. He used a technique known as a Bloom filter, for instance, to most efficiently store and check the blockchain for matches. His results still aren't quite as fast as the trillion passphrases a second that Snowden once warned the NSA is likely capable of. But it could nonetheless surprise many people who believe their passphrases are safe.

There's no reason to think that Brainflayer is an especially powerful passphrase cracker compared with other bitcoin brain wallet crackers in the hands of criminals. But that's the point, says Dan Kaminsky, the founder of the White Ops security firm that employs Castellucci and a well-known security researcher with an interest in bitcoin. Brainflayer is designed to level the playing field and prove to anyone that their insecure brain wallet can be hacked. "Ryan is not the first person to write a brain wallet cracker," says Kaminsky. "But if he puts it out there, he’ll be the last person to have to write one, because everyone’s going to have it."

Kaminsky argues that's still a lesson bitcoiners need to hear. Despite brain wallets' security issues, the idea is still too tempting to people who relish the thought of a perfectly private stash of virtual currency. "The thinking is, 'this is the safest possible version of putting money under my mattress,'" says Kaminsky. "The reality is that there's a lot of room under your mattress. There's not enough room in your head."