Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Business Finance

Bitcoins worth $300K recovered from an old zip file

(BUSINESS FINANCE) Losing the password to your Bitcoin wallet often means potentially losing your cryptocurrency. But this didn’t stop a Russian investor from getting his money back.

Stack of bitcoins

At some point in our life, we’ve all lost or misplaced something. I’ve misplaced my phone and keys more times than I can count. They always have a way of finding themselves between the couch cushions. But have you ever lost the private keys to access your $300,000 worth of bitcoins? Neither have I. However, this is exactly what happened to a very unlucky man.

Last month, Defcon’s 28th annual event took place. The event is the most influential security hacking conference held in Las Vegas. Michael Stay, a reverse engineer and current CTO for Pyrofex Corp, shared the story with attendees. He started his presentation by saying, “And today I’m gonna to tell you about how we recovered several hundred thousand dollars worth of Bitcoin from an encrypted zip file.”

About twenty years ago, Stay published a cryptanalysis paper detailing how to break into encrypted zip files. This paper led an anonymous Russian investor to find Stay and send him a surprising message on LinkedIn. “So in October of last year, a guy contacts me out of the blue and says, “I read your paper on known plaintext attacks, and I’ve got this password that I’ve forgotten. Is there anything you can do to help?”” Stay said.

In 2016, the investor purchased $10,000 worth of bitcoins and placed the private keys in an encrypted zip file. After the Bitcoin boom, the purchase proved to be a great investment. There was just one slight problem: He forgot the password and had no way of accessing the Bitcoins.

Advertisement. Scroll to continue reading.

After stumbling on Stay’s old cryptanalysis paper, he hoped Stay would help him break into the zip file and recover the lost keys. When Stay looked into the case, he soon realized this would be a difficult task. The attack he had written years ago needed five files to break into the zip file. This man only had two files in the archive.

With only two files, this would take Stay a lot of time and money to find a solution to the problem. After doing some calculations, he told the guy it would cost him around $100,000 to attempt to recover the keys. He simply couldn’t use regular “off-the-shelf software” to get this done.

The man agreed without hesitation. Stay’s mind was blown away with his response. “I knew he probably had several hundred thousand dollars of Bitcoin in this thing,” he said. The pressure was on!

To break-in, Stay enlisted his business partner, Nash Foster. Foster helped adapt his CPU based attacks to run on GPUs, and they rented a GPU farm. “Our initial expectation was we would do engineering for a couple of months, and then the attack would have to run for several months to succeed,” Foster told WIRED.

Four months after the initial LinkedIn message, they began the attack. “We had tried it in all our test archives that we’d created. It worked fine,” Stay said. They were hopeful. “Ten days passed, and it didn’t find a key. And we were distraught, pulling our hair out. What have we done wrong?” Stay asked himself.

Advertisement. Scroll to continue reading.

After combing through the data, the investor, who is a programmer himself, discovered a bug in the GPU. Once Stay and Foster fixed the bug, they were able to restart their attack. Within a day and a half, they found the three keys they needed to decrypt the archive.

In the end, the improvements made to Stay’s old attack made a significant difference. Instead of the $100,000 and year of processing time that Stay estimated it would take, they were able to do it for less than $10,000 in two weeks of processing time.

“Our client was very pleased and gave us a big bonus! And that’s how we recovered his Bitcoin folder,” Stay said.

According to a 2017 research by analysis company, Chainanalysis, nearly 400 million Bitcoins are already lost. Although Bitcoins have no physical form, they can still be lost. Forgotten private keys and passwords, and discarded and lost devices account for this high number.

The Russian investor wasn’t so unlucky after all!

Advertisement. Scroll to continue reading.

Veronica Garcia has a Bachelor of Journalism and Bachelor of Science in Radio/TV/Film from The University of Texas at Austin. When she’s not writing, she’s in the kitchen trying to attempt every Nailed It! dessert, or on the hunt trying to find the latest Funko Pop! to add to her collection.

1 Comment

1 Comment

  1. Pingback: It's not just Redditors: Square has bought a ton of Bitcoin

Leave a Reply

Your email address will not be published.

AdBlocker Message

Our website is kept FREE to you by displaying online ads to our visitors. Please consider supporting us by disabling your ad blocker OR subscribing to our email newsletter: https://theamericangenius.com/get-american-genius-newsletter/

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Advertisement

KEEP READING!

Business Finance

(FINANCE) The thousands of banks and millions of merchants on the Mastercard network could soon integrate cryptocurrency in their products and purchases

Business Finance

(FINANCE) Walmart is looking to hire a Cryptocurrency Lead and the job listing has some interesting language, leading us to wonder what they're up...

Business Finance

(BUSINESS FINANCE) It isn't the first time that China has tried to compete with the dollar, but the release of a digital currency has...

Business Finance

(BUSINESS FINANCE) India is potentially planning to ban cryptocurrency — and instead, they're planning to introduce their own version of it for purchase.

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.