To clarify the title: they’re guessing insecure private keys, not keys generated by normal (and not buggy) wallet software.
This isn’t surprising. “Brain wallets” have been been discouraged for a long time now. Unless you really know what you’re doing it’s easy to accidentally pick an insecure phrase. Even a paragraph of text from, say, an obscure book will probably eventually be found, if that book ever ends up digitized on the Internet.
The safest way is to generate a truly random key, then map that to a wordlist like BIP39 does.
This isn’t surprising. “Brain wallets” have been been discouraged for a long time now. Unless you really know what you’re doing it’s easy to accidentally pick an insecure phrase. Even a paragraph of text from, say, an obscure book will probably eventually be found, if that book ever ends up digitized on the Internet.
The safest way is to generate a truly random key, then map that to a wordlist like BIP39 does.