When Bitcoin peaked a few years ago, with single coins reaching around $18,000 USD, heartbreaking stories began circulating about people who had tens or hundreds of coins they mined in the early days when coins were worth just a few dollars or cents. Since then, they owners of these coins had lost the private key, or simply thrown away the drive or computer the coins were on. It’s next to impossible to recover this key in most situations, but for the right amount of money it can sometimes be done.
About 20 years ago, [Mike] was working as a cryptography expert and developed a number of interesting algorithms for breaking various forms of encryption, one of which involved .zip
files with poor entropy. A Bitcoin owner stumbled across the paper that [Mike] wrote and realized that it could be a method for recovering his lost key from 2016. [Mike] said it would take a GPU farm and $100,000 USD, but when the owner paid the seemingly enormous price [Mike] was able to recover around $300,000 worth of Bitcoin.
While this might not be financially feasible for you if you have a USB stick with a single coin on it you mined as a curiosity in 2010, the cryptography that is discussed in the blog entry is the real story here. We never know where the solutions to our problems are going to come from, like a random .zip
file exploitation from two decades ago, but we can be sure that in the future it will be much easier to crack these keys.
Thanks to [Darmstatium] for the tip!
Cracking a bitcoin wallet has a specific meaning, this did not do that, it recovered keys stored in a zip file using a known attack against encrypted zip files.
“$100k To Crack a ZIPPED Bitcoin Wallet” would be a better name, or “$100k To Recover A Bitcoin Wallet”, or “$300k of Rescued Bitcoins Using Old ZIP Crypto””
Because of my cryptanalysis, it ended up only costing around $10k in compute costs. He paid us for a few months of our time, but the total cost, even with the nice bonus, was well under $100k.
And as others have pointed out, I cracked a zip file, not a Bitcoin wallet.
In 2020, you could have hacked your address, directly, for less. Though, that would have been the end of Bitcoin, so good on you for hacking the zip file instead.
Nice job.
I remember feeling like a badass in ’98 when I “cracked” a commercial software package by getting hold of a zip cracker, let it run for a night or so and succeeded in unpacking the software that was only protected by an encrypted .zip with a relatively short password 😎
How about if i have a partial key? Can this be done?
Send me an email at stay@pyrofex.net and we can discuss the details.
Do NOT share your partial key with an untrusted 3rd party. People like the one below who want to “help” you only offer because they want to steal the money. If he was legitimate, he wouldn’t ask you to email him. Asking for your partial key is just as evil as asking for your password, credit card number, or social security number. If Mike was legit, he would know better.
I didn’t say to email me the key, I just said we should continue the feasibility discussion via email.
It isn’t completely clear why you would need to move that discussion to private communication, unless there was intention to transmit private data (like a partial bitcoin key). Using an excuse like “I didn’t want to spam/clutter this forum” or “it’s easier/more convenient to talk in email” is not an excuse to try to take an individual away to a place where others cannot see or interfere/warn this person to stop/go no further once the conversation crosses that line.
This is akin to a stranger in a mask and trench coat trying to lure a child into a dark corner, out of the sight of the child’s parents. Sure, the person can claim completely innocent intentions, but sometimes the ATTEMPT itself is equal to the kidnapping crime, and should not be excused no matter what the man’s claimed intentions were. Whatever he wants to say to the child should be said in front of the parents, if it truly is so innocent, without any fear of repercussions, right?
Besides, whatever claims you have to knowledge about recovery would enlighten all of us, so I’m sure whatever you have to say would benefit us all. We wouldn’t interfere, as long as what you say is truthful AND you don’t request private communications or partial bitcoin keys from people.
But that’s the catch 22 situation for a bitcoin thief… how to steal a partial key publicly without being seen, while people like me warn others not to trust private back-alley email with strangers.
I totally agree with you. Trusting some guy you found on the internet to get your keys back is idiocy. *Maybe* consider it if you live in the same jurisdiction and trust the authorities to put the guy in jail if he steals your coins. When working with the Russian guy, we had him pay us for our time up front, and he only sent us the zip file encryption headers; there was no information about the contents. We couldn’t have stolen anything even if we wanted to.
And even if we could, it simply wouldn’t be worth stealing anything less than hundreds of millions of dollars. I like living where I do; I like being able to visit my family and friends. So unless I can fly them to my villain’s lair on my volcanic island in my submersible jet, stealing bitcoin is too much hassle.
The only claim about recovery I’d make is that if you’ve got a wallet where a few bytes (like, say, eight) got corrupted, you might have a chance by brute-forcing those. Otherwise you’re screwed. Bitcoin encryption is the best anyone knows how to make.
My recommendation to someone trying to do a plain old dictionary attack on a bitcoin wallet would be to find a reputable password recovery service and ask them; my time is too expensive unless you’re hiring me to write custom software. Since fully homomorphic encryption isn’t really feasible yet, you’re giving my software your secrets, which means trusting me.
i have a question, if i had a public key and, say, 44 of the 51 characters of the relative private key, is there a significantly less expensive way to figure out what the missing digits should be? backstory: i bought a paper wallet that stayed in my car for a few days, and before I got around to sweeping it, I was pulled over and the cops tore my car apart searching, and they trampled my paper wallet in the process. Now i can read all of the public key and all but like 6 or 7 digits of the private. Is it possible to decipher the missing characters?
YES! You have most of the key and it become exponentially easier to guess with each know character.
There are only 3,521,614,606,208 possibilities. That is a drop in the ocean. A typical computer can do this.
Yep, that’s very doable. You could probably just download & run hashcat on your computer to recover that.
He didn’t crack the Bitcoin private key, it was a crypto wallet compressed in an encrypted zip file. Lazy reporting.
Yeah this is horrible coverage. Makes it sound like you can hack into any wallet for 100k. Also, I’m sure an encrypted zip file from 2009 with BTC worth only a few dollars likely wasn’t encrypted with the highest levels of encryption. I bet a 1080ti and hashcat could crack it in a week or less.
Actually, the title should be “crack a bitcoin wallet and get murdered”
OR
Employed by NSA.
Good point. Remember back in the day if you broke into a computer system they would hire you instead of sending you to prison? 70’s – early 80’s
That was _not_ usually the case!
I think the reality was that a few people got deals for co-operating and pleading guilty, then only serving a year or two before working for the actual Man.
That’s true
Even though this story is NOT about cracking a BTC wallet, we should note that the expense in actually finding a private key for a wallet is gradually reducing. Because of this, down the road, BTC will have to do a fork and embrace stronger encryption for future transactions while “sunsetting” older blocks which basically means wallet holders will have to occasionally move their funds (think every 10 years or some other long period) Lost coins could then be recycled as rewards for miners, keeping the number of available BTC constant after the final coin gets mined. Then BTC could be used in perpetuity and the block chain would effectively have a cap on its size. Difficulty and reward in mining could be used as a gauge of how long the keys have to be if the mining algorithm is closely related to the encryption algorithm. None of this is urgent right now, but one would be wise to try to stay a good 10 years ahead of the key-finders so wallet-holders don’t have to move their funds very often.
This is completely untrue. 256bit encryption is impossible to crack. I can’t even call it astronomical, because astronomy is too miniscule to compare to this encryption. You know it’s serious when the universe is wimpy compared to it.
Let’s quantify this. Here’s what it would take to crack a bitcoin wallet.
Let’s say you get a super powerful computer processor that can do a billion hashes per second. This is ridiculous, but just make believe for a minute. Now let’s say you crammed four of THESE processors into one (very expensive) computer. It can do 4 billion hashes per second. We will call one of these a “quad giga hash computer”.
Now let’s say you have four billion of these computers. Bear in mind, Google is said to own only millions of servers in the single digits. And their servers are much less powerful than our imaginary computers. But let’s pretend that Google upgraded all their servers to be our powerful computers. At this point, our 4 billion computers would be equivalent to a THOUSAND Google’s. Let’s call this a “Kilo Google”.
Now, there are less than 8 billion people on earth. Let’s say we give a KILO-GOOGLE to HALF THE POPULATION OF THE EARTH.
Now, let’s imagine we made 4 billion copies of this earth. That’s akin to 1 out of every 100 stars in the Milky Way galaxy each having an earth with 4 billion citizens that each own 1,000 Google’s.
Now, imagine we have 4 billion of these Milky Way galaxies. We’ll call this a GigaGalactic Super Computer.
Now, 4 billion seconds is about 126.8 years. Now we’ll take 4 billion of those, which totals 507 billion years (please bear in mind, that is 37 times longer than the universe has existed).
So if you ran your GigaGalactic Super Computer for 37 times longer than the universe has existed…
You have ONLY a 1 in 4 billion chance of cracking the bitcoin wallet.
You’d be better off playing the lottery. Or guessing credit card numbers.
That was a fun read. Thanks for summarizing that into human readable form! Really puts into perspective how secure 256 bit encryption is.
This is verbatim from: https://www.youtube.com/watch?v=S9JGmA5_unY Give credit where credit is due, namely 3blue1brown on youtube.
Copy yes but… I had never known if he did not shared!
Nice!
Only if you’re trying to brute force it there other ways to hack
Actually, brute force IS the way to do it. You have to guess a randomized input message, run the hashing algorithm on it, then see if the hash (also called a “digest”) matches the known one. You do this for every combination and length of chararacters for a message until you stumble onto the right one.
Let’s say you give me a hash of your message. I can try to guess what message you hashed. So I’m going to guess that maybe you could be the Zodiak killer trying to confess. So I’m going to run a hash on, “I, piegunman, am the Zodiak killer.” The resulting hash does not match yours. So now I know one thing your message did NOT say. Maybe you said your boss sucks? I run the algorithm on, “My boss sucks.” The hash doesn’t match. But maybe if your boss’ name was Bob, you could have used “Bob” instead of “My boss.” So I will hash “Bob sucks.” Well, the resulting hash for that didn’t match, either. But at least I have verified three messages are NOT what you said.
Hashing is “one way only” because the digesting process performs repeated math functions that “round off” or “truncate” the results after each function by chopping off the remainders. It’s like if I say “9 divided by 2 equals 4” because while technically, the answer would have been “4.5”, I am programmed to round down my answers to whole numbers, which in this case is a 4. If you tried to reverse engineer my answer “4” by MULTIPLYING by 2 (which is the reverse of divide by 2),you would say “4 times 2 equals 8”. But 8 is incorrect… the message was 9, remember? To complicate this, my rounded off number is put through the ringer over and over, each time truncating the result, losing more data each time, mutating it further.
The concept here is that if you know a message, and you run the same hashing algorithm that I did on it, you should end up replicating the exact same mutations that I did, and get the identical result, thus verifying the hash and the message are intrinsically linked.
This is a one-way function because no one know how much of a remainder was chopped off in each stage of the hash calculation in order to put it back. If I cut my ears off, and then I tell you to surgically create new ears IDENTICAL to what I used to have, how can you know what my ears used to look like when both of them are gone?
Can you “unbake” a cake? If I give you flour, eggs, water, etc and you mix them together and bake them into a cake, what if I change my mind and want MY eggs (not some OTHER eggs) back? Can you extract the flour out of the cake? Can you pull the eggs out of the cake and put them back into the shells?
And what about the “digest” analogy of SHA? If I eat a slice of pizza and “digest” it into poop, can you “un-digest” that poop and turn it back into a slice of pizza? The only way to know for sure what food I ate is for you to eat every food in existence and then poop each one out yourself and then compare your poop to my poop until you find matching poops, thus revealing which food I ate. And no, SHA256 doesn’t leave clues behind like undigested corn.
Brute force is the way. You just need billions of quantum computers and billions of years.
But all that aside, we have a bigger problem. If you manage to figure out how to reverse a hash back into a message, we all die. Yes, you heard me. World War 3.
You see, all encrypted data like your social security number, credit card info, bank account info, etc has been logged and is saved on several hard drives across the world. But we don’t worry because it’s all a jumbled up encrypted mess that is protected by an asymmetrical key pair which functions based on… you guessed it… SHA. If you or someone else break SHA, the least of our worries would be that every social security number, every bank account number, every bitcoin wallet, every password, and every credit card number IN EXISTENCE would instantly be publically know to all almost 8 billion people on earth all at once…
The bigger problem is that all encrypted messages sent over the past 60 years by world leaders (I’m looking at you, Trump), militaries, and spy organizations (like the CIA) will be instantly known to everyone… and I mean EVERYONE. Including OTHER world leaders who might not mind launching nukes at us in anger… and terrorist organizations who now know our top secret assassination plans for tomorrow. On the plus side, this works in reverse, and we also learn when and where their next secret attack will be. But now Trump also knows what name Putin calls him behind his back.
Did you know, in now declassified documents, while Cuba was threatening to launch nuclear missiles at the US, the CIA sent an operative to give Fidel Castro poisoned cigars? The spy got cold feet and bailed out of his mission, thus, Castro was not assassinated. But if this spy’s secret communications were readable by Castro, do you think he may have, at the time, been enraged by the attempt enough to launch missiles out of anger?
What would Rocketman in North Korea do if he knew all the things the president has discussed about him behind his back?
Yes, you crack SHA-256… enjoy my social security and credit cards and bitcoin while you can. World War 3 is coming.
And in 1991 “experts” told us you would never in your lifetime fill a 7 GB hard drive.
3 months ago I filled a 4 TB hard drive in one day, and had to go buy another one.
Not to long ago 8 bit encryption was “impossible” to hack.
But this is different. Going from “8 bit” to “9 bit” is infinitesimally smaller than going from “255 bit” to “256 bit”. This is because adding just one bit doubles all the previous work. It is exponential.
And taking computer growth completely into account, including quantum computers, leaves a bigger problem. The sun will no longer exist while your new computer gets frozen in an ice age. The football has been kicked so far out of bounds that no one can ever retrieve it.
It isn’t fair to say that just because the statement has been made prematurely in the past that the statement will always be premature. What hasn’t updated in proportion is your lifespan, which would need to be eons, and the size of atoms being shrunk so that electrons can fit through smaller pathways. And even quantum computing has barriers, in some ways more limiting than classical computing.
First off, no one ever said that 8 bit is impossible to crack. That’s only 256 combinations. To be clear, a mediocre Masterlock combination lock has more than 100x the combinations of 8 bits. You don’t need a computer to crack 8 bits, just a pen and paper and 5 minutes. This was never used because it was insufficient before the first computer was made. 8 bits of data was used just to cover the number of letters and symbols in a localized alphabet, before Unicode. It sounds like you are making up “facts” to support your argument, hoping no one will check them.
Saying 8bit is impossible to crack is when like kids who kicked a ball on a roof and say it is impossible to get back.
The people who say 256bit is impossible to crack are like people that kicked the ball out of our galaxy to the opposite side of the universe.
This is completely untrue. 256bit encryption is impossible to crack. I can’t even call it astronomical, because astronomy is too miniscule to compare to this encryption. You know it’s serious when the universe is wimpy compared to it.
Let’s quantify this. Here’s what it would take to crack a bitcoin wallet.
Let’s say you get a super powerful computer processor that can do a billion hashes per second. This is ridiculous, but just make believe for a minute. Now let’s say you crammed four of THESE processors into one (very expensive) computer. It can do 4 billion hashes per second. We will call one of these a “quad giga hash computer”.
Now let’s say you have four billion of these computers. Bear in mind, Google is said to own only millions of servers in the single digits. And their servers are much less powerful than our imaginary computers. But let’s pretend that Google upgraded all their servers to be our powerful computers. At this point, our 4 billion computers would be equivalent to a THOUSAND Google’s. Let’s call this a “Kilo Google”.
Now, there are less than 8 billion people on earth. Let’s say we give a KILO-GOOGLE to HALF THE POPULATION OF THE EARTH.
Now, let’s imagine we made 4 billion copies of this earth. That’s akin to 1 out of every 100 stars in the Milky Way galaxy each having an earth with 4 billion citizens that each own 1,000 Google’s.
Now, imagine we have 4 billion of these Milky Way galaxies. We’ll call this a GigaGalactic Super Computer.
Now, 4 billion seconds is about 126.8 years. Now we’ll take 4 billion of those, which totals 507 billion years (please bear in mind, that is 37 times longer than the universe has existed).
So if you ran your GigaGalactic Super Computer for 37 times longer than the universe has existed…
You have a 1 in 4 billion chance of cracking the bitcoin wallet.
You’d be better off playing the lottery. Or guessing credit card numbers.
I hope you are right. Many things in history have been impossible until they have proven simple to do. I’d definately diversify my assets just to be more secure including real estate, ammunition, food, friendships, and maybe even precious metals but still lots of BTC. :-)
Incorrect. Watch this video on what it takes to crack 256 bit encryption.
“How Secure is 256 bit security?” by 3Blue1Brown
https://youtu.be/S9JGmA5_unY
Thank you for giving proper credit on this analogy
SHA-512/224 and SHA-512/256 have practical attacks https://eprint.iacr.org/2016/374.pdf
Clickbait
While it is possible to see the flow of currency, bitcoin themselves are very hard to track, that’s because bitcoins, and their smaller units satoshis, don’t exist as individual, identifiable items. They are not like dollar notes that have serial numbers. Instead, bitcoins are values that can be transferred from one address to another. The problem of tracking bitcoins is analogous to somebody depositing two $10 checks into a bank account, withdrawing $5 from a cash machine, and then asking which check the $5 came from. In the Bitcoin world, as in the real world, there is no way to answer that question And that causes problems when it comes to tracking the proceeds of crime.
Enter Ross Anderson and colleagues at the University of Cambridge in the UK. These guys have built an algorithm adapting a 19th-century UK law that sets out a set of simple rules for dividing up money left over when a bank collapses. This law has become the basis for allocating money in a wide range of situations. And the researchers say that when they apply it to the public record of bitcoin transactions, it reveals remarkable patterns of criminal money-laundering activity that had been hidden until now.
The new algorithm is called Taintchain, and it has the potential to give law enforcement agencies an entirely new and powerful way to track the proceeds of cryptocurrency crime for the first time.
The Taintchain algorithm applies this principle to bitcoin wallets; With this you can file a report to a very good IT expert *flashassetrecovery . com who is capable of working past the challenges posed by cryptocurrency and get your money recovered.
Actually, the individual deposits CAN be tracked separately, at least for a generation.
Wallets contain inputs (received) and output (spent). They are essentially the “serial numbers” you mention. If I get two $5 payments, in order to spend the $10,I must individually spend those two $5 payments separately and individually.
Let’s say the first received payment of $5 is called “input ABC” and the second $5 received payment is called “input DEF” (they came from separate people/wallets) . If I send $10 to your wallet, my output will look like “Send $5 from input ABC to that person’s wallet. Send $5 from input DEF to that person’s wallet”. Because both outputs are going into the same destination wallet and both came from a single person’s wallet, your wallet shows a single input (coming from two outputs) into your wallet. Because it is only one input for you, you can output the $10 in a single output.
This means it takes an extra generation/payment to combine or “sweep” them together.
Its also noteworthy that you MUST spend an entire input at once and can not spend only part of your input. In other words, when I spend that $5 input, I must spend the entire $5 (not just $3 of it). So how does this work? Easy. You create TWO outputs… $3 sent to your wallet’s input… the leftover $2 I send to my own wallet’s input. In other words my own wallet pays itself the leftover change.
These guys cracked a real bitcoin (blockchain) wallet with 100k https://medium.com/@keychainx/how-i-recovered-100k-in-bitcoin-4099f4568c50
WRONG! They did NOT crack a 256 bit private key.
They required a file that already CONTAINED the full key which was only protected by a human-chosen password OUTSIDE of the blockchain.
This is like bragging that you picked the lock to the front door, when in reality you smashed a window with a rock, climbed in, and then unlocked the front door deadbolt by turning it from the inside of the house.