Hacking crypto wallets is the latest strategy in the Quest to recover lost billions
Join the most important conversation in crypto and web3! Secure your place today
One of the downfalls of crypto is the cost of user error. If someone loses the keys to the crypto wallet, they can lose access to the crypto holdings forever.
Fortunately for them, there is a growing cottage industry of wallet recovery services, a breed of crypto dark arts practitioners who help recover lost funds.
Currently, the most popular method is known as “brute-forcing”, where the recovery specialists use a cryptographic technique that involves bombarding the wallet with as many passwords as possible, hoping to eventually guess the right one.
But there is a new trend in crypto safe cracking that is more akin to finding a secret entrance.
Unciphered, a wallet recovery service founded in 2021 and based in San Francisco, targets poor wallet implementations by looking at software and cryptographic vulnerabilities.
The latest case emerged on Friday when it was revealed that Unciphered hacked the popular OneKey hardware wallet earlier this year by extracting a private key by exploiting a vulnerability in the firmware – the embedded programming that provides machine instructions. OneKey disclosed the vulnerability in a statement, acknowledged Unciphered’s role in discovering the vulnerability and said it had quickly fixed the issue.
“Software ages like milk,” said Chris Wysopal, a computer security expert and advisor to Unciphered. “At some point I don’t care how good the security system is. It could be months, it could be years, but someone is going to find a problem with it. Because it’s not perfect.”
The story provides a reminder that while crypto wallets are often seen as the more secure and do-it-yourself alternative to holding digital assets on centralized exchanges, users are sometimes on their own when it comes to wallet issues.
How many lost wallets are there?
Chainalysis, a blockchain analytics firm, has reported that up to 23% of bitcoin (BTC) could be lost forever due to lost or forgotten keys – the password made up of a string of letters and numbers that allows you to access and manage crypto assets. That equates to roughly 3.79 million BTC, or nearly $90 billion, an impressive figure that represents nearly a tenth of the total market capitalization of all cryptocurrencies.
“Most of the loss happened in Bitcoin early on, in the early years of crypto,” Kimberly Grauer, director of research at Chainalysis, told CoinDesk.
Early statistics on ether (ETH), the second-largest cryptocurrency by market cap, are harder to come by. However, data provided to CoinDesk by Crypto Asset Recovery shows that 7% of pre-sale wallets have never had a crypto move – suggesting that ETH in these wallets have just been sitting there, untouched, ever since the Ethereum blockchain went live in 2015. That’s 621 of the 8,893 wallet addresses, or 521,574,608 ETH (about $875 million today).
Read more: Meet the technician unlocking your forgotten crypto wallets
Bugs can also lock your crypto
Some users may have lost money through no fault of their own, but due to errors in the wallet’s underlying code. In such cases, getting help from a recovery specialist can be like calling a private eye to look for clues.
“Some of our jobs are kind of reducible to forensics jobs or have a significant digital forensics component,” Frank Davidson, co-founder and chief information security officer at Unciphered, told CoinDesk.
One of the most prominent cases at Unciphered involved an older version of ethereumwallet.com, founded by Anthony Di Iorio, a co-founder of the Ethereum blockchain.
The Unciphered team tried to recover the wallet of a customer who could not log into EthereumWallet even though he had the correct seed (recovery) phrase and private key.
Unciphered audited the code and discovered a vulnerability in the wallet that affected a far greater number of users.
“Helping this one customer helped us find this bigger problem,” said Eric Michaud, Unciphered’s co-founder, in an interview with CoinDesk.
In this particular version of the EthereumWallet, known as the old wallets, Michaud said his company was able to find over 15,000 ETH (roughly $25 million) exposed.
After this discovery, Michaud realized that Unciphered could recover funds for several customers who had their crypto locked away in their older EthereumWallets. If there are more people who do not have access to these wallets, Unciphered wants to help them get their money back.
“He opened this whole door,” Michaud said of this first client, who got the ball rolling to recover other clients’ funds that were locked in the old EthereumWallets. we hope they come to us because they are clearly still banned.”
When contacted by CoinDesk, Di Iorio said EthereumWallet’s multiple versions were never considered to have moved out of beta or testing. There is a warning on the website: “We recommend only small amounts, and remind you that use of this software is at your own risk.”
Di Iorio’s company decided to shut down the wallet in 2018 and told customers to move to Jaxx, another user-friendly wallet that Di Iorio founded. Di Iorio later decommissioned EthereumWallet, meaning users could not access their funds if they did not transfer them within a certain time frame. According to Di Iorio, several warnings and even grace periods were given before sunset.
Di Iorio said he does not have contact information for former users to share with Unciphered.
“I don’t see how I can help,” Di Iorio told CoinDesk.
The customer who opened the doors to Unciphered’s EthereumWallet recovery spoke to CoinDesk and confirmed the details of the case.
Five years after the customer lost his crypto due to the vulnerability, Michaud said “we actually sent him back the cryptograph on Christmas Eve,” a nice gift.
Unciphered takes 10% to 35% of the recovered funds, depending on the risk of accidentally breaking the wallet and the cost of carrying out the attack itself.
Read more: Wasabi Wallet pays you to “crack” a Bitcoin wallet