Apr 8, 2020
How to make 70x profit on Bitcoin ;)
- buy bitcoin
- encrypt your wallet
- forget the password
- call me in 5 years
This is exactly what happened to a gentleman I met last Saturday. He bought Bitcoin for a few thousand dollars when BTC hovered around 100 USD and in 2015 forgot the password after importing it to blockchain.info wallet. He encrypted it twice with a double password.
Blockchain.com (previously blockchain.info) is one of the longest running online wallet services, unfortunately many people forget or lose their login credentials rendering it impossible to access the funds.
To be able to access the backup, you need to know your wallet ID. If you don’t remember the wallet ID it’s possible to ask for a reminder of your WALLET ID. But only if you remember which account created the wallet five years ago.
But what if that internet mail provider is no longer in service, or what if you have your wallet ID but lack access to the mail account creating it?
You are left to try to enter all possible combinations by hand. After a few times the wallet will be blocked. Or you can request to download the wallet backup and run a brute force on it. That is, if you still have access to the email that created it, and approve the request.
Let’s call my friend Kyle, to keep things private. Kyle tried hundreds of combinations of the password (before blockchain used a limit lock on the password tries). He was even in contact with one of the longest running recovery services for several years, but no luck.
Then on Saturday morning, me and Kyle had a friendly chat over how I work. We talked about Corona conspiracy theories and the usual lockdown stuff (hard not to mention Corona these days). Something about my character convinced him I was a deadly human being, stranded by the lockdown with my hardware gear and not some shady hacker hiding behind a pseudonym, boy he was wrong ;) After all, I was pretty sure we both have had Corona long before the officials publicly branded it an epidemic.
After receiving the initial specs for the password, I shot off my custom built GPU rig mangling through 1 billion password hashes per second. The algorithm actually used 5000 rounds of encryption so in reality we were “only” doing 200.000 rounds per second, still a pretty good number compared to btcrecover.py from github.
Kyle believed the password was simple and he might have gotten the idea from a book he was working on during the time he created the wallet. After receiving the manuscript (well over 10.000 words) i decided to write a script that stripped the entire document into single words. Then I wrote a second script that created different variations of the words combined with different hints Kyle gave me. That could be a birthday date or magic rainbow inspired animal.
Saturday night turned into Sunday morning while Kyle and me exchanged messages frequently on Whatsapp. Then he dropped the bomb, maybe the 99% probability of the password format and specifications was not quite 99%. And the length of the password was maybe not that short (Kyle believed it was no longer than 6 characters, or maximum 7). Im sure it wasn’t, the previous recovery service did actually try all characters up to 6, since they use Amazon Cloud, I bet Jeff made some bucks on them trying that for a while ;)
So having all those hints, fast GPU rig and the long manuscript still did not help. My rig was running hot, passing 9 characters going into 10, and I started to think this could take some time. (My toughest password took 4 months, maybe more about that another time).
Then it hit me, or maybe it was Kyles idea, what if the ruleset or the password format should be run “backwards”. The original idea was that it must have been a word in the beginning with a capital letter followed by another word or maybe a number. But since we were up to 10 characters with that format I started to believe this might take some time, even with 1 billion tries per second.
So we flipped the coin, and tried the password starting with numbers instead of characters. 0–6 passed pretty quickly, a few minutes, then boom. To protect Kyle I won’t disclose the length, but it was closer to 10 than 5. It did not start with a letter, there was no word at the beginning.
Kyle made 70x on his bitcoin investment and I had some fun. The following day we spent moving the forks, Bitcoin Cash, Bitcoin SV, Bitcoin Gold etc, there are ten I guess, but the two most profitable was the easiest to move.
While I moved on to the next client waiting for my call in Tokyo, I believe Kyle shared a bottle of champagne with his wife…
DISCLAIMER. This article was written by Robert Rhodin, the CEO of KEYCHAINX LLC. Mr. Rhodin works as security consultant within the blockchain space. KEYCHAINX LLC is an American Bitcoin wallet recovery service offering help with lost passwords. Mr Rhodin started to recover lost cryptocurrencies in 2017.
