June 11th. 2021.
A retired truck driver from US sends a long email explaining his long lost pin to a big Dogecoin stash. He purchased the coins back in 2015 for about 1500 USD. They were now worth over 3 million USD, a staggering 2000x value increase.
His long email explained how he managed to recover part of his stash years ago and sell it for ant money. Unfortunately or fortunately he set a spending pin on his Android wallet and did not recall it for the last 6 years.
His efforts involved various recovery services, all to no avail.
He reached out claiming to outrun all possible options asking if there was any way we could recover it. He recalled the pin being 12 digit, and by doing a quick math, we figured the amount of possible variations would not be possible to find in a lifetime.
Our first step involved in asking for a list of guesses or numbers that meant something, like a year he was born, a birthday or simply a credit card pin number.
Our second step was to analyze the wallet he used, extract the algorithm that was encrypting his private keys and finally rewrite our current code to better approach his wallet encryption. (Different wallets were using different standards and by updating the software, the encryption changed).
We ran a first test checking all PIN numbers up to 8 digit with our new code and custom built rig. We also included his hints using various positions and combinations using our custom algo.
SUCH bad luck! No hit. We then tried all variations of his different hint numbers using a 12 digit formula and still no hit. We did another call with Jim asking how sure he was the PIN was 12 digit long. It turned out he wasn’t sure after all, it was a guess.
So back to square one we tried a different approach using other lengths of the password spending pin. It turned out to be a painful path.
A 9 digit pin took half a day to go through using our most powerful rig. It turns out the Schildbach fork of a Android Bitcoin wallet uses scrypt to encrypt the pin. Scrypt is one of the hardest wallet algorithms to break. On a average computer using a super expensive GPU card, you would get about 100 pin tries a second. With a PIN number consisting of 12 digits, it would take forever. Even a 9 digit number would take months.
It was Friday and with the weekend approaching I had to travel abroad. I loaded up a bigger server, put on the algo and took my flight. It would take about 24 hours to run.
In the morning on Saturday, I checked the server using a double VPN and encrypted custom remote tool.
There was no hit. SUCH bad luck again. A quick calculation, a 10 or 11 digit PIN would be costly and a nightmare to break. We needed a new approach.
Also knowing several other people had the wallet was a bit stressful as you needed to keep an eye on the wallet balance so it didn’t move. Something that happened several times in the past while working on a wallet.
Then a genius guess came to mind, what if just part of his hints are the pin, and the other random numbers, and what if his guess for 12 digits is totally wrong.
A big cup of coffee and some coding later, I setup a new algorithm using my laptop. The algo ignored everything we tried in the past, instead using a custom algo that was trying various length of numbers and inserting his hints in between, prepend or append various numbers.
Next problem, the Dogecoin blockchain on was extremely slow to sync, and since the wallet was from 6 years back, it had to sync 6 years in order to be ready to move the funds out. It would take several days to sync.
I made the call to Jim to let him know the good news, and also to let him know it would take hours or sometimes days to sync his wallet with the blockchain. Dogecoin was cool, but extremely slow. I also asked him to prepare a list of wallets to move the funds, preferably using a small test transaction first in case the destination wallet did not work. (sometimes wallet software creates faulty addresses which does not hold the private keys and the funds gets stuck) To be 100% sure the wallet works, best practice is to receive and send a small amount before using it to transfer a larger stash.
So instead of waiting for the wallet to sync, I wrote a script that decrypted the wallet and printed the private key in plain text. A creeping feeling came to my head, what if there was a key logger installed on my laptop. Almost daily someone is sending me fake wallets with fake password hint documents including trojan horses or keyloggers. Even if I’m running various tools and precautions, there is always a possibility to be hacked. And after the call with Jim that his password was found, I didn’t want to make another call that the 3 million USD in Doge disappeared. :=)
As good old stories comes to an END, the Doge was safely moved, Jim tried out his wallet before I moved his share, and he thanked me with a great review on Trustpilot and we said to share a beer next time I’m in town…
Loosing a pin to your wallet is not bad after all. If you manage to open it years later, it could be a life changing amount. This time it was…
Disclaimer! This article was written by Robert Rhodin, CEO of KeychainX AG, Crypto Recovery Service, based in Zug, Switzerland. To read more about our company please visit https://keychainx.io or send us an email to firstname.lastname@example.org if you need to talk about password recovery.