Tokyo city.

I land at Narita Airport, my client said someone will meet me, but I don’t know where and how he looks like.

Exiting through the arrival terminal a gentleman in white gloves has a sign: KeychainX

I don’t ask questions, jump into the limo and off we go into Tokyo city… One hour into ride we arrive at the entrance to a super skyscraper close to Ikachimachi train station. I am left alone in the lobby and wait.

30 minutes later, three young Japanese men come and greet me with broken English.

Chainx?

Confused I ask if its Taro, he smiles. …

An old client of ours got back recently asking if we could help him recover a lost password to Bitcoin core wallet file called wallet.dat.

He believed he had the password correctly written down and did not understand why the password did not work anymore.

We received a list of possible hints, the wallet file and agreed on a fixed fee if we managed to recover his coins. The fee is usually a cut of whatever is inside the wallet and we never charge anything upfront.

The first thing that struck us was that some of the password hints were non UTF-8 characters not available in several language or keyboard layouts. This complicated things as recovering a password requires you to setup a specific set of characters. The bigger space of characters, the longer it takes to recover the password. …

• buy bitcoin
• encrypt your wallet
• forget the password
• call me in 5 years

This is exactly what happened to a gentleman I met last Saturday. He bought Bitcoin for a few thousand dollars when BTC hovered around 100 USD and in 2015 forgot the password after importing it to blockchain.info wallet. He encrypted it twice with a double password.

Blockchain.com (previously blockchain.info) is one of the longest running online wallet services, unfortunately many people forget or lose their login credentials rendering it impossible to access the funds.

To be able to access the backup, you need to know your wallet ID. If you don’t remember the wallet ID it’s possible to ask for a reminder of your WALLET ID. But only if you remember which account created the wallet five years ago. …

Not much. Ledger policy will replace the broken Ledger in some cases, but whatever is inside is lost, or is it?

We have encountered several people who had their old Ledger Nano S broken, Mnemonic words long lost, their only hope was their pin. But what should they do once their Ledger is broken? Ledger warranty or support will only send you a new Ledger if you trade in your broken one. They will not fix the screen, nor will they fix your button to enter the pin, or do any other maintenance to your device. …

A TREZOR hardware wallet is a security device that is supposed to protect you from key loggers and phishing e-mail keeping your Bitcoin safe. Various groups have been able to open the device by mitigating side channel attacks. The method worked only if the passphrase was not used. We did NOT have physical access to the device.

When making a transaction the user only enters a PIN and therefor protects the private key of the Bitcoin. The only backup is a 12/24 word mnemonic that determinate which addresses are stored on the device.

Recently, a client asked us to Brute Force their TREZOR wallet as he had forgotten the passphrase, commonly known as the 25th word. …

A few weeks ago I was attending a crypto conference in a Asia, the conference was boring as usual but I knew the fun part would start in the evening when everyone would have a drink and relax at a roof top bar at one of the top hotel spots.

There at a bar a women smiled towards me and I walked over to have a chat. It turned out she was running a crypto exchange and we were talking for a while about the space and how it have changed over the last year. …

This is the first article in a series on how to use safe practices when handling crypto currency, making transactions, 2FA confirmations etc.

SIM CLONE-2FA ATTACK

Never use the same login/password from your exchange account and your confirmation account. I.E. don’t use login: johndoe password:summer2018 for both your Coinbase/Binance account and your gmail account connected to the site. When hackers find back doors and hack logs, the first thing they do is to check if the same credentials are used for several different accounts on various media. Even your Facebook or Twitter should never have the same login/pw as your crypto exchange credentials.

2FA confirmations is a myth, there are several ways hackers can clone your sim card, or monitor your phone, in order to steal credentials. First there are telephone sniffers who are looking for messages sent to your phone. Next, hackers can very easily clone your sim. They can either do that physically or trick your telephone company to provide them with an extra sim card. …