A cryptanalyst freed $300,000 in Bitcoin that was locked inside an encrypted zip file. Here’s what happened.
After one Bitcoin owner lost access to $300,000 worth of Bitcoin, cryptography expert Mike Stay managed to restore it within a matter of months. In a blog post yesterday, Stay revealed how he pulled it off.
Over half a year ago, a “Russian guy” asked Stay, a former Google engineer and cryptanalyst, to recover the private keys to a stash of Bitcoin,” he said. With a lengthy history of accessing the inaccessible, he rose to the challenge.
The “Russian guy” had messaged Stay on LinkedIn and asked him to pull off the seemingly impossible—to decrypt a zip file that contained the private keys to a hoard of Bitcoin.
The mysterious Russian had invested heavily in Bitcoin in 2016, said Stay. But he was locked out of his Bitcoin after forgetting his password. He was thus unable to sell his stranded Bitcoin, which are now worth over $300,000.
The problem was that the encrypted file had an almost infinite amount of possible combinations. “I estimated it would take a large GPU farm a year to break, with a cost on the order of $100K,” wrote Stay in a blog post published April 3.
“He astounded me by saying he could spend that much to recover the key.”
Stay started work at once, reconstructing a similar attack vector from an academic paper he had written previously. However, he soon stumbled across a complication.
In the attack described in his old paper, Stay only needed to check a few keys to decipher a solution. In this case, there were “trillions of keys to check,” said Stay.
The attack would take far longer. “If I had to do 232 tests on each one, it would take a few hundred thousand years,” he writes.
Stay developed several complex algorithms and managed to cut the combination to just 36 possibilities.
Still, through trial and error, the attack faltered.
Stay racked his brain and re-checked his tests. It was then that he discovered a bug in the GPU-farm. He rustled up a quick fix. That solved the problem, and he managed to decipher the key within a day.
Given the number of keys and passwords fumbled in the crypto industry, Stay might have struck a gold mine with his solution.
Perhaps someone should pass his name to the American economist and Bitcoin critic Peter Schiff, who squandered some of his Bitcoin after losing his password.