A Russian investor locked $300,000 worth of Bitcoin after forgetting the encrypted Zip file’s password but an ace cryptoanalyst unlocked the encrypted zip file to retrieve funds.
It can only be termed a tragedy if you own thousands of Bitcoin yet cannot access it because you saved them in a password-protected ZIP file, and later forgot the password.
The person who recently faced this tragedy is a Russian investor, who reportedly bought Bitcoin worth $1.5 million back in 2016, before the historic rate hike of cryptocurrencies in 2017. The unidentified investor cannot access the cryptocurrency because he cannot remember the password’s encrypted keys.
Michael Stay, Pyrofex Corp’s CTO and Google’s former security engineer, narrated the story at the DEFCON virtual event. Michael Stay was a crypto-analyst and reverse engineer in the 1990s and worked for Google for around six years.
According to Stay, the investor, whom he referred to as “The Guy” locked his crypto wallet containing roughly $300,000 in bitcoins. The investor sought Stay’s help in recovering the locked crypto since Stay had published an article around two decades back in which he discussed the technique to hack encrypted ZIP files.
The Russian investor contacted Stay via LinkedIn in October 2019, in which he asked him to help in retrieving the password.
“If we find the password successfully, I will thank (;”, the investor wrote to Stay.
Stay found it to be an exciting job, and agreed to break into the file for a fee of $100,000. The investor was more than willing to pay the amount because the crypto he owned was worth thirty times more than what he had originally paid in 2016. Reportedly, he bought bitcoins worth $10,000, which now are worth $300,000.
Revealing how he cracked into the ZIP file, Stay noted that he was surprised that ZIP’s encryption that was designed years ago by an amateur cryptographer was effective to this day.
To unlock the ZIP file, Stay had to develop a program to hack into the file by trying several different combinations. He couldn’t receive many clues from the owner of the wallet firstly because he didn’t remember, and secondly, because of trust issues.
Hence, Stay was on his own in this quest; he gathered information about the zip program, which was Info-ZIP software. He also identified the software version, which significantly reduced the number of possible combinations. He then requested Pyrofex CEO Nash Foster to help him implement the encryption code on the Nvidia GPUs.
Watch Stay elaborating the attack:
The duo kept working on refining the attack so that it doesn’t take long to get results. Initially, the attack required months of computations to function, but gradually they could reduce the duration to merely a few days.
However, the program didn’t yield desired results despite relentless efforts for ten days. Still, Stay didn’t give up and examined his coding for the presence of flaws or bugs. After he fixed the code, he could break the locked file’s encryption and recovered $300,000 for his customer.
Stay mentioned that the entire feat cost no more than $7,000. He revealed that the file could be unlocked without hefty expenditure because the encryption program was old. If it were a recent one, the cost would be higher.
This story’s moral is to keep your crypto wallet passwords safely stored somewhere in written form to prevent such incidents.