One hacker has managed to recover over $2,000,000 for a man who forgot the password to his crypto wallet by breaking into the physical device in a ‘high-stakes’ hacking attempt.
Even in its infancy cryptocurrency was worth a lot of money, and it’s surprisingly easy to lose it all with one simple mistake.
Horror stories of people accidentally throwing away hard drives with hundreds of millions of dollars worth of Bitcoin are more than enough to scare anyone away, and this particular video shows how close of a call it can be to recover otherwise simple information.
Professional hackers have often recommended storing your passwords with a pen and paper, but once you lose that it can have disastrous effects.
Unlike ‘regular’ money which is controlled by banks and government, cryptocurrencies are decentralized and stored with both private and public keys. These keys are then locked behind passwords and pins by the wallet holder – and often stored within physical USB-like devices too.
If you forget the password though you’re in trouble, and many of these devices have failsafe systems where reaching a certain number of incorrect password attempts will wipe the entire data, essentially draining you of millions of dollars, if not more.
That’s why one man was desperate for the help of computer engineer and hardware hacker Joe Grand, who believed he had the skills necessary to unlock the device – and he documented the entire three month process on YouTube.
The technique in question is called ‘fault injection’, in which you deliberately cause misbehavior on the Trezor One wallet’s silicone chip in order to take down the security wall, but this ended up being far easier said than done.
Grand managed to get the password to pop up, but as that wasn’t what he was necessarily trying to do at the time he didn’t note it down and thought it was wrong – but things started to fall apart when he wasn’t able to recreate the scenario.
Having slept on it though, and with the help and advice of his wife, the hacker was able to look into the source code to figure out where he needed to head. In this specific firmware version, the access information would be sent to the device’s memory, which would then hopefully be able to be accessed after the hacking attack.
The multi-step process allowed Grand to bypass the Trezor One’s security, extract the RAM, and display the password (YouTube/Joe Grand)
There was one major conundrum while they were waiting for the hack to be successful as there were spikes in the reading that couldn’t be explained. In what the comments have called “quite the classic engineer move” though it was simply a case of not grounding the system – panic over!
Overall the process took a whopping 3 hours and 19 minutes, which was excruciating for the pair to wait through, unable to do any more, but the password – 12514 – was eventually recovered with the money alongside it.
It goes to show that hacking isn’t always all about criminal activities in the basement, and it can often end up helping people in rather crazy scenarios.
