Bumping this thread as I am also doing something similar, and plan to publish my results to increase awareness of the risk of using sha256 brainwallets.

Like the OP, I'm interested in this only for research purposes, so I scanned all known addresses rather than just cherry picking those with a balance. I'm using brainflayer, but as previously noted, the large number of addresses in the blockchain as of 2018 result in a very high false positive rate (currently around 13%) which requires a lot of post processing.

So far I've found 20329 valid keys. The large majority of the keys are based on single English dictionary words, which seem to have been deliberately sent small amounts (for research? for fun?) back in 2013.

This particular brainwallet concerns me, as the transactions are recent (March 2018), and for a large value (0.5 BTC): https://www.blockchain.com/btc/address/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR

The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling.