A few weeks ago we were attending a crypto conference in a Asia, the conference was boring as usual but weknew the fun part would start in the evening when everyone would have a drink and relax at a roof top bar at one of the top hotel spots.
There at a bar a women smiled towards us and we walked over to have a chat. It turned out she was running a crypto exchange and we were talking for a while about the space and how it have changed over the last year. She looked around and seemed slightly bored.
Then as soon as we handed over our business card (Which says crypto recovery services) she smiled and said she has lost access to her Bitcoin wallet on blockchain.com. She asked if it was possible to recover and we explained that depending on the information she had, it was.
For those of you who don’t know blockchain.com runs one of the oldest online wallet services for Bitcoin. They let you sign up with e-mail online and access your wallet from anywhere.
We asked the woman what information she had and unfortunately there was nothing to work with, she only remembered opening the account a few years back and just lost all the information to the account.
We explained quickly that it is possible to access the wallet without knowing anything else except what e-mail she used to sign up.
Blockchain.com have a neat feature which let’s you have a reminder sent to your e-mail with your wallet ID. The ID is the actual login account name and once you have that and your password it will let you access the lost Bitcoin here: blockchain.com reminder
So I left the bar since we had to attend a dinner and left the woman with her hopes.
Then there was no contact for over two weeks when finally wereceived a message on wechat that she had requested a reminder and got the wallet ID but her password did not work. She asked again for our help.
The first step in recovering a blockchain.com account is to have access to the e-mail account that created the wallet ID, the second most important thing is to have the ID, the third, of course the password. She did not.
Since many people have asked us about the same problem over and over, We’ve developed a custom tool to download the backup file of the wallet encrypted with the login password. This is a process very few people know about and it lets you try the password automatically instead of manually entering it on the website login page.
To be able to download the file, the woman had to confirm my request and ouala! we had the wallet backup on our laptop.
A typical blockchain.com wallet uses a password no less than ten characters, including special characters and numbers, this was of course a problem since the number of possible combinations is quite a huge number, and not possible to try with a computer within a reasonable amount of time.
We sent the woman a message asking for clues, how does she create her passwords, how does she combine letters, years and special characters?
She sent us a short list. It didn’t work.
Then we sent another message asking her about family, friends, boyfriend, children names, favorite color, nicknames, pets etc.
The list quickly grew, but also our confidence this might work, as most people are very reluctant to give hints (they do this for privacy reasons) but experience has told us that hints were the single best way to recover a lost password.
Once the list of possible hints were sent, we created an algorithm that would go through each word and make combinations, alterations and modifications based on her hints and the way she created her passwords. We also added our own variations based on previously recovered passwords.
Since we usually travel with a very strong laptop that has an expensive GPU card, We were able to run it while relaxing at an airport lounge. We just needed to find a power supply, as the computer would run heavy computation.
So fired off the script on my laptop using an open source software called Hashcat, it could be downloaded by anyone from here: hashcat but beware, it requires some expensive hardware to make it run fast and of course some experience in setting up algorithms, masks, rules and wordlists to be able to quickly and efficiently recover a password.
The password recovery started and the algorithm said 3 hours to finish based on input parameters. So we went for a drink, looked at flight departure (1 hour 20 minutes) and wished for the best. The single worst thing we knew is being force to interrupt a recovery process in the middle.
While the computer spinned, we finished another drink, and by the time we were preparing to pack up, PLING! We got a message on the phone. It was a custom made hashcat script that sends an sms every time a wallet that we work on is cracked. It was the blockchain.com Bitcoin wallet.
We quickly sent her an sms to tell her we were able to recover the wallet and that We’ve sent her the 80% of the wallet value agreed at the start of the recovery. Then we jumped on the plane and went on my way to meet another client. We knew that by the time we would arrive, she would have her Bitcoin back.
The password was: IloveJerry123! (her boyfriends name was Jerry)
Disclaimer: The article might have been slightly altered to protect the client and where in time it took place. The work was performed by KeychainX and you could read more about the company here: https://keychainx.io or send us an email to talk bitcoin recovery at keychainx@protonmail.com