Two million dollars in a crypto wallet, a forgotten PIN and a solution: hack it

I know esteem That in the world there are 3.7 million bitcoins that have been lost forever. People threw away the hard drives or mobiles that contained the information, or simply forgot the password to access those crypto wallets. Tragedy is an old acquaintance, but in some cases there is a happy ending to the story.

This is what has happened with a hardware wallet that contained Theta tokens. Its owners invested in it in early 2018, but forgot the password. They realized that this investment had been very profitable: that wallet was now worth two million dollars, but they couldn’t access that money. How did they get it back? They hacked into that wallet, of course.

If you know what you’re doing and have the time, (almost) anything is possible.

In early 2018 Dan Reich and a friend invested $50,000 in Theta tokens. That new cryptocurrency seemed interesting, so they bet on it.

The trading market (exchange) in which they invested was threatened by the new Chinese regulation, so they decided to transfer those cryptocurrencies to a hardware wallet, a Trezor One that was one of the most popular on the market at the time.

In doing so, they created a PIN to access the funds, but the cryptocurrency sank in value and the two friends lost touch with the subject a bit. Or quite a lot, because they forgot the PIN. When they saw that the cryptocurrency was gaining value again, they tried to regain access thinking that they had used a 4-digit PIN: that investment had ended up being very profitable, and that purse was worth 2 million dollars.

After 12 attempts, they stopped. If they made 16 unsuccessful attempts, the data in the wallet would end up being automatically deleted. Instead of trying to guess that PIN, they tried to find alternative solutions.

They ended up finding a hacker named Joe Grand, an electrical engineer who had his own lab in the back of his house. Grand bought several keys from Trezor One and began to investigate.

He discovered that a young 15-year-old hacker already had developed a method to hack a Trezor wallet, but the method was not entirely valid for his purposes. Discovered a technical conference December 2018 in which the subject was discussed and that proposed a “fault injection method” that allowed to weaken the security of the device’s RAM memory and read the PIN at a precise moment.

After three months of work, Grand managed to develop a technique to hack these test keys. A happy idea and a script to make the thousands of attempts needed to “capture” that PIN they allowed me to finally test the method with Dan Reich and his friend’s Trezor One wallet.

There was a special wink in that Grand method: when the script managed to capture the PIN, a synthesized voice yelled “Hack the planet!”, a phrase they said in the famous 1995 film ‘Hackers’. Reich traveled to Grand’s residence, and the two hired a video team to record a mini-documentary recounting the epic.

It was then that they ran the script on the wallet with the two million dollars. Nothing happened: they waited, ate pizza and waited more. Finally, something happened. Three hours and 19 minutes into the show, they heard the “Hack the planet!” and they saw how effectively the PIN had been captured. It wasn’t a four-digit PIN, it was a five-digit PIN. Reich and his friend did not even remember that key fact.

Reich transferred the Theta tokens to a secure account (and for which he did remember the password) and transferred a percentage to Grand for its services. Now this hacker is clear that this experience can help him to help others with this type of problem —he contacted James Howells, who we talked about recently— but also to make hardware wallets more secure: If he has done it, anyone with time, knowledge and resources can do it.

Via | The Verge