Bitcoin Worth Over $300,000 Recovered From an Old Zip File: Here’s How

Last week in the DEFCONConference, CTO of blockchain software development firm, Pyrofex, Michael Stay, recounted how he helped recover private keys for Bitcoins worth more than $300,000. The keys were locked away in a zip file, and Stay was entrusted with the job to break in and retrieve them.

$100,000 For Recovering $300,000 Worth of Bitcoin

After going through his paper on decrypting encoded zip files, ‘The Guy’, a Russian national, approached Michael on LinkedIn in October last year.

He had purchased $10,000 worth of Bitcoins in January 2016. And forgot the password to the zip file where he had stored his BTC private keys.

“If we find the password successfully, I will thank you,” – The Guy wrote with a smiley face.

Upon initial analysis of the problem, Stay quoted a chargeable amount of $100,000, to which The Guy agreed. After all, his Bitcoin stash was worth around $300,000. He would still be making a profit by paying the $100K.

Narrowing Down The Possibilities Of Gaining Access To ‘Quintillions’

The zip file used by the Russian guy employed a ZIP 2.0 Legacy encryption. And even though the cipher was designed by ‘amateur cryptographer’ decades back, it was impossible to get in with the usual tools.

Hence, Stay, and the company put such a hefty price tag on the job. Also, because he had minimal information at his disposal to approach the task.

Fortunately, The Guy knew the zip program and the version that he used to lock up his Bitcoin private keys. He also had the time stamp from the day of the file’s creation.

It began by Stay narrowing down the password/encryption key possibilities to the order of ‘quintillions’.

Breaking Through, And Failure

Stay worked with Pyrofex CEO Nash Foster to ‘implement the cryptanalysis code and run it on Nvidia Tesla general-purpose GPUs’.

This, according to Stay, helped massively in refining the attack. It also helped reduce the time required to get access to the file. As Foster said:

Mike ended up being able to do a more effective job with the cryptanalysis, so we spent more time developing the attack but then only needed to run it for about a week. That saved the guy a lot of money on infrastructure costs. Ten years ago there would have been no way to do this without building special-purpose hardware, and the cost probably would have exceeded the value of his bitcoin

Michael and Nathan had to work with ‘encrypted “headers,” or informational notes about the file’ as The Guy didn’t fully trust them with the contents of the file. They could, after all, steal his Bitcoins after cracking the ‘ziplock’. The Pyrofex folks started working in February this year with whatever they had.

But after ten days, the attack failed. Stay worried that it would take a long time to set things right. The Guy was already getting worked up, as Bitcoin price was going down in February.

And Break Through Again

Mike reviewed the process, hoping to find an anomaly and came up with an idea to calculatingly select the number or seed ‘as the starting point for the random number generator used in the cryptographic scheme.’

Apart from this, The Guy combed the test data and found that ‘the GPU didn’t process the correct password on the first attempt’. The Pyrofex duo sorted the issue and relaunched the attack with Stay’s alternative method.

Finally, they got in and were able to retrieve the Bitcoin private keys.

The infrastructure costs worked out to a meager $6000-$7000 as opposed to the $100,000 quoted initially. The Guy ended up paying $25,000 for the job, which, according to Foster, was a ‘smoking deal’. Commenting on the success of the assignment, he said:

Projects like this are just completely unusual. If the details of his situation had been different, if he had used a slightly more recent version of zip, it would have been impossible. But in this particular case there was something we could do.”

More Good Samaritans Have Helped People Recover Crypto Funds

While Stay and Foster helped The Guy recover his Bitcoin locked up in a zip file, heroes like Harry Denley have helped retrieve stolen crypto funds from the clutches of hackers.

According to the latest report, Denley, a cryptocurrency security and anti-phishing expert, worked with Binance to help return $10,000 worth of pilfered digital assets to a victim. Hackers had mimicked the victim’s Uniswap and MetaMask wallet account to steal their private key, Keystore file, mnemonic phrase.

Harry worked swiftly to first intercept the act and stop the theft and then touched base with the user, to ascertain their ownership of the stolen coins and then returned the funds.