Forgetting a password is nothing out of the ordinary, but forgetting a magic phrase you used to secure your crypto wallet worth $238 million seems too far out to be true. In fact, such failures aren't rare, although typically the number involved is shorter by several zeros. But if you're lucky enough to own 7,002 Bitcoins, you can also be unlucky enough to lose access to them. Hopefully, not irrevocably.
How to lose 7,002 bitcoins, not really losing them?
Stephan Thomas, a German-born and San-Francisco-based software developer, has been left with just two guesses to recover his digital treasure. In 2011, the programmer cooked up a YouTube video titled "What is Bitcoin? (v1)." The clip was ordered by a Swiss-based Bitcoin geek who kindly awarded Thomas with 7,002 Bitcoins, each worth about $2 at that time (still, quite an amount). Now, Bitcoin, on its way to the moon, is worth approximately $34,000, which sums up to more decent 238 million dollars.
The trouble is Thomas's memory is a bit foggy regarding the password to the IronKey hard drive, where the treasure is buried. The developer was clever enough to predict such an eventuality but not cautious enough to prevent his paper wallet from getting lost.
As a result, things got messy since IronKey is not an average tech gadget. It's a more-than-a-decade-old but still super-secure storage tool that annihilates all data it carries once you're ten times wrong when providing the password. Thomas has already missed eight times, and he has only two guesses left. Not many options when $238 million is at stake.
The drama has been dragging on for a few years, with Thomas sharing his story in interviews for various media outlets, including the New York Times and Berliner Zeitung. "I was absolutely desperate. I couldn't sleep for nights. I even suffered from depression. But much worse than the loss of the money was my self-reproach: I simply couldn't believe I had lost something so important. I felt like a complete idiot, my self-esteem was in the basement," he confessed, adding that he got to a point where he said to himself, "let it be in the past, just for your own mental health." Then, Thomas has locked his IronKey in a secure place – just in case a new opportunity emerges. And that's exactly what happened.
State-of-the-art hackers in action
According to the report run by "Wired" on Tuesday, a collective of state-of-the-art hackers figured out a way to crack an IronKey and dig up its contents. For publication purposes, "Wired's" contact assumed the moniker of Tom Smith, while the hacker group is allegedly a Seattle-based lab called Unciphered. Considering their unique decrypting abilities, it's no wonder the experts prefer to stay in the shade.
Unciphered's skills are vouched for by "Wired." Andy Greenberg, the author of the piece, sent his own IronKey device to the lab for a password-cracking test, which Smith's team passed with flying colors. Before they developed this proficiency, they had spent eight months trying to figure out how to rip out hidden secrets from the claws of an IronKey device – with the sole purpose of making a proposition to Stephan Thomas. But how is it even possible to hack through IronKey's security features?
How to unlock an IronKey device?
Well, it's a matter of higher physics, to put it in layman's terms. The team began the reverse-engineering process by performing a CT scan of the device, followed by a surgical-like deconstruction. Using a laser cutting tool, Unciphered's experts carefully extracted the Atmel chip, the cryptographic heart of the USB stick. Then, they submerged the chip in nitric acid to remove layers of epoxy designed to deter tampering.
In the next steps, they methodically polished the chip, layer by layer, using an abrasive silica solution and a small spinning felt pad. At each stage, they took photographs with optical microscopes or scanning electron microscopes to build a comprehensive 3D model of the processor.
Given that the chip's read-only memory (ROM) is integrated into the physical layout of its wiring, providing greater efficiency, Unciphered's visual model offered a significant head start for deciphering much of the IronKey's cryptographic logic. However, the team's efforts went beyond visual clues. Smith and colleagues managed to "wiretap" the chip's communications by meticulously attaching tenth-of-a-millimeter gauge wires to the secure element's connections.
Additionally, they contacted engineers who collaborated on the Atmel chip in the IronKey back in the 1990s and queried them for insights into the hardware. "It felt very much like a treasure hunt. You're following a map that's faded and coffee-stained, and you know there's a pot of gold at the end of a rainbow, but you have no idea where that rainbow's leading," Nick Fedoroff, Unciphered's director of operations, said in a comment for "Wired."
$238 million Bitcoin wallet refuses using a method that is nearly sure to work
The irony is that after cracking IronKey, the hackers still have to crack the treasure's owner. When approached by Unciphered, Stephan Thomas turned down the offer to unlock his hard wallet. "I have already been working with a different set of experts on the recovery so I'm no longer free to negotiate with someone new. It's possible that the current team could decide to subcontract Unciphered if they feel that's the best option. We'll have to wait and see," he wrote in a reply to the hackers' message.
Thomas, who spoke to "Wired" previously, declined the request for an interview. His decision may seem hard to understand after all the stress and frustration he went through and considering he has a viable solution at hand. Two parties involved in the password recovery are Naxo and Chris Tarnovsky, a chip reverse engineer. The latter said that Thomas had promised to be generous in case of success but hadn't provided a specific amount of gratification.
