Connect with us

Business Finance

Bitcoins worth $300K recovered from an old zip file

(BUSINESS FINANCE) Losing the password to your Bitcoin wallet often means potentially losing your cryptocurrency. But this didn’t stop a Russian investor from getting his money back.

Published

on

Stack of bitcoins

At some point in our life, we’ve all lost or misplaced something. I’ve misplaced my phone and keys more times than I can count. They always have a way of finding themselves between the couch cushions. But have you ever lost the private keys to access your $300,000 worth of bitcoins? Neither have I. However, this is exactly what happened to a very unlucky man.

Last month, Defcon’s 28th annual event took place. The event is the most influential security hacking conference held in Las Vegas. Michael Stay, a reverse engineer and current CTO for Pyrofex Corp, shared the story with attendees. He started his presentation by saying, “And today I’m gonna to tell you about how we recovered several hundred thousand dollars worth of Bitcoin from an encrypted zip file.”

About twenty years ago, Stay published a cryptanalysis paper detailing how to break into encrypted zip files. This paper led an anonymous Russian investor to find Stay and send him a surprising message on LinkedIn. “So in October of last year, a guy contacts me out of the blue and says, “I read your paper on known plaintext attacks, and I’ve got this password that I’ve forgotten. Is there anything you can do to help?”” Stay said.

In 2016, the investor purchased $10,000 worth of bitcoins and placed the private keys in an encrypted zip file. After the Bitcoin boom, the purchase proved to be a great investment. There was just one slight problem: He forgot the password and had no way of accessing the Bitcoins.

After stumbling on Stay’s old cryptanalysis paper, he hoped Stay would help him break into the zip file and recover the lost keys. When Stay looked into the case, he soon realized this would be a difficult task. The attack he had written years ago needed five files to break into the zip file. This man only had two files in the archive.

With only two files, this would take Stay a lot of time and money to find a solution to the problem. After doing some calculations, he told the guy it would cost him around $100,000 to attempt to recover the keys. He simply couldn’t use regular “off-the-shelf software” to get this done.

The man agreed without hesitation. Stay’s mind was blown away with his response. “I knew he probably had several hundred thousand dollars of Bitcoin in this thing,” he said. The pressure was on!

To break-in, Stay enlisted his business partner, Nash Foster. Foster helped adapt his CPU based attacks to run on GPUs, and they rented a GPU farm. “Our initial expectation was we would do engineering for a couple of months, and then the attack would have to run for several months to succeed,” Foster told WIRED.

Four months after the initial LinkedIn message, they began the attack. “We had tried it in all our test archives that we’d created. It worked fine,” Stay said. They were hopeful. “Ten days passed, and it didn’t find a key. And we were distraught, pulling our hair out. What have we done wrong?” Stay asked himself.

After combing through the data, the investor, who is a programmer himself, discovered a bug in the GPU. Once Stay and Foster fixed the bug, they were able to restart their attack. Within a day and a half, they found the three keys they needed to decrypt the archive.

In the end, the improvements made to Stay’s old attack made a significant difference. Instead of the $100,000 and year of processing time that Stay estimated it would take, they were able to do it for less than $10,000 in two weeks of processing time.

“Our client was very pleased and gave us a big bonus! And that’s how we recovered his Bitcoin folder,” Stay said.

According to a 2017 research by analysis company, Chainanalysis, nearly 400 million Bitcoins are already lost. Although Bitcoins have no physical form, they can still be lost. Forgotten private keys and passwords, and discarded and lost devices account for this high number.

The Russian investor wasn’t so unlucky after all!

Veronica Garcia has a Bachelor of Journalism and Bachelor of Science in Radio/TV/Film from The University of Texas at Austin. When she’s not writing, she’s in the kitchen trying to attempt every Nailed It! dessert, or on the hunt trying to find the latest Funko Pop! to add to her collection.

Business Finance

Freelancers: How to get away from billing hourly

Working as a freelancer isn’t easy. Despite the hard work, many professionals choose this route in order to escape the daily grind of working for an hourly wage. Why, then, do clients still insist that freelancers charge them by the hour?

Published

on

money cash

Working as a freelancer isn’t easy. Despite the hard work, many professionals choose this route in order to escape the daily grind of working for an hourly wage. Why, then, do clients still insist that freelancers charge them by the hour?

You became a freelancer to get away from the mindset that each hour of your time is worth a certain number of dollars. So if you are still billing your clients an hourly wage, you may want to seriously consider shifting to value-based billing.

Robb Eng, a senior marketer and writer for Web Design Ledger, provides some valuable advice for freelance web designers, but his tips hold up for any freelancer who would like to get free from “the trap of trading hours for dollars.”

First, Eng describes some of the problems with billing by the hour – and if you’re already doing it, these should sound familiar to you. For starters, each job requires a number of different skillsets. Some parts of the job require intense concentration and all your years of experience and education. Other parts any amateur could do in their sleep.

Averaging these disparities out into an hourly wage is tricky – and billing different rates for different tasks is far too burdensome.

Besides being confusing and inconvenient, the biggest problem with hourly billing is that it causes the client to focus too much on how fast you can deliver the task, rather than how well.

That’s why it’s so important to shift the paradigm to one of “value-based billing.” As a freelancer, you must show the client the value of your services – in other words, how they will benefit the business. Eng gives an example of a website redesign that could increase profitability by $100,000. When you think about the total value your work will bring to the business, suddenly charging $10,000 or $20,000 looks like only a small fraction of the total value you are providing.

When you asked to be paid relative to the total value you are providing from the business, it changes your role from wage worker to co-collaborator.

Instead of stressing about the bottom line, you are working together with the client to maximize profit for both parties.

To convince hourly billers to switch to value-based billing, you may have to ask some questions. As much as possible, get an idea of the quantifiable goals of the project. How much will the project increase profit, lead generation, or conversions? Try to charge between 10 and 20 percent of the value you’ll be providing for the client.

Next, offer a few different price plans, because people love options. You can charge a flat rate for each service, a monthly or yearly rate for ongoing maintenance, or you can provide several tiers of services at different rates.

Of course, before you get to these steps you’ll need to find out if your client is open to value-based billing. If not, consider walking. If so, be sure to maintain positive relationships. Nothing adds value to a job like a trusting relationship.

Continue Reading

Business Finance

Is the convenience of payment apps worth the risk of fraud?

(FINANCE) Peer-to-peer payment apps like CashApp and Venmo are quick and convenient – for users and scammers alike. What are Square and PayPal doing to help?

Published

on

CashApp open on phone one of payment apps susceptible to fraud.

More and more people are using peer-to-peer payment services, like Square’s Cash App and PayPal’s Venmo, to make purchases, handle their banking, or just to pitch in on the pizza you and your friends had delivered last night. These payment apps have been particularly useful for folks who may not be able to afford bank fees or have other barriers preventing them from accessing a bank account.

That’s because they are very easy to set up, requiring nothing more than an email address or phone number. Even folks with bank accounts are using these payment apps more as folks are trying to stay home and reduce their in-person contacts during the COVID-19 pandemic. The number of daily users on Venmo has grown 26% since last year.

While these apps bring a lot of convenience to our lives, they have also made running scams more convenient for cybercriminals. According to experts, the rate of fraud on Venmo and Cash App is three to four times higher than with credit or debit cards. While PayPal and Square don’t provide statistics about scams, there are some telling signs. The New York Times and Apptopia, a mobile services tracking firm, found that the number of users mentioning frauds or scams in Venmo customer reviews had increased by four times in the past year.

It seems that Cash App has the most fraudulent activity, with the Better Business Bureau reporting twice as many complaints about Cash App as Venmo, even though Venmo has more users. Zelle has a better track record when it comes to fraud, most likely because it requires a more thorough authentication process when setting up an account. It also has better legal protections for folks who have been scammed.

Some of the things that make these payment apps so quick and easy are exactly the reasons it’s so easy to scam users. The instantaneous payments mean that there’s not much of a vetting process, and not much time to catch a fraudulent transaction before it’s too late. Because you only need an email address or phone number to set up an account, it’s easy for criminals to set up dummy accounts for running scams.

Other scams have been facilitated by the marketing choices of the companies. For example, Cash App regularly runs a Cash App Friday promotion, in which users are rewarded for sharing their username, or $Cashtag, on social media. Unfortunately, this has essentially created a Rolodex of potential victims for criminals.

Square and PayPal are doing what they can to address the problem. Lena Anderson of Square says that they are “aware that there has been a recent rise in scammers trying to take advantage of customers using financial products, including Cash App. We’ve taken a number of proactive steps and made it our top priority.”

One “proactive step” Square has taken is to roll out a customer service phoneline, not only to make it faster and easier for customers to vet potentially fraudulent transactions or report scams, but also because scammers have been creating fake customer service phonelines to target users and collect their personal information. The phoneline is currently available to only some customers, but Square plans to scale it up to be available for all users over time.

Until these companies come up with more robust security systems, there are several things you can do to avoid scams. While you might get a cash bonus from Cash App, it’s probably not worth it to share your $Cashtag on social media. Only share your username with people you know. Never share your personal or banking information with strangers. Examine all transactions carefully. Some scammers are stealing money by making a payment request from an account that looks legitimate, but may have a slightly different spelling or one-letter change in the name.

No legitimate agents of these services should ever ask you for your sign-in code, or to download software, and you shouldn’t click on any links in messages promising cash prizes. Never send small payments in exchange for a promised reward – if it sounds too good to be true, it’s probably a scam. Don’t use digital payment apps to pay for or receive payment from sales on Craigslist, Offer Up, or Facebook Marketplace.

If you think you’ve been scammed, changed your PIN number immediately and contact the company and/or the FTC.

Continue Reading

Business Finance

Which generation has cried the most over money?

(BUSINESS FINANCE) Financial stress is tough on everyone. Here’s who has cried the most about money woes, and a few tips on how to alleviate some of that stress.

Published

on

Upset young man seated on bench with head in hands thinking about money.

There’s been serious critique in the last several years about the educational system and what basic knowledge young people should be taught in the United States. Home Economics (Home Ec) comes to mind (everyone should probably know how to cook or sew a button), as well as financial literacy.

There are many young Americans who grow up not really having a deep understanding of budgeting and fixed and variable expenses… But it may not be their fault. Perhaps, Mom and Dad (or other guardians) have always been paying for all of their expenses, making sure they had a roof over their head, clothes on their backs, and food in their fridge. Because, that is what you’re supposed to do as a parent, correct?

So, while there’s no reason to blame anyone, often the process of learning what it costs to live and pay your bills is a rite of passage.

The current state of debt and financial fears also doesn’t mean that Millennials and Gen Zers weren’t educated around savings or working. Many young people have had part-time jobs (although much less in comparison to Gen X or Baby Boomers) but they may also be able to use the majority of that income for discretionary spending – which never created room for feelings of lack when they didn’t have to pay rent or a mortgage.

This scenario can ultimately create a challenge when you are finally out on your own and now have student loan debt, credit card debt, utility bills, and required car insurance. Especially if you are young person moving to a big city for exploration and/or new opportunities, where the cost of living can be quite high.

If you are feeling nervous or sad around finances, you are not alone. If you have cried over your personal balance sheet or your bank statements, you are also not alone. According to yahoo!money, a recent online survey of 1,004 Americans by CompareCards.com found that “7 in 10 Americans said they have cried about money in their lifetimes. Many cited worries over their job or making ends meet. Younger Americans appear the most vulnerable to financial tears. About half of millennials and half of Gen Zers said they cried at least once in the past month over money.”

So how can you cry LESS about money? Well, the first thing is to not be too hard on yourself. But you will also want to create a plan that works for you. Each person deserves financial freedom and not a bank statement that makes them cry on the regular.

Here are some financial literacy resources that may help you figure out how to navigate your way out of crippling debt.

Dave Ramsey Books – The Total Money Makeover – A Proven Plan for Financial Fitness

Bravely Go with Kara Perez – Feminist economics + inclusive personal finance

Debt Relief Programs – you’ll have to do your research but there may be a program that is right for you and an agency that can help you set up a realistic payment program for you

Student Loan Forgiveness – it is worth looking in to your options if you are feeling overwhelmed with student loan debt and there may be ways for your loans to be forgiven

Financial Advisor – consider working with a professional that can help you with your budgeting, investing and retirement savings/funds

And you may still cry because this is big adult stuff… But hopefully you trust yourself to do the research, explore, ask, and find options that work for you to gain a little more control over your financial situation.

If you are not already doing so, it may be as simple as starting with a budget to better understand your income and outgoing expenses. Being informed can help you to plan better for the future and make you feel less like crying.

Continue Reading

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!