Hacking Crypto Wallets Is Latest Strategy in Quest to Recover Lost Billions
One of the downfalls of crypto is the costliness of user errors. If someone loses the keys to their crypto wallet, they could lose access to their crypto holdings forever.
Luckily for them, there’s a growing cottage industry of wallet recovery services, a breed of crypto dark-arts practitioners to help recover lost funds.
Currently, the most popular method is known as “brute-forcing,” where the recovery specialists use a cryptographic technique that involves bombarding the wallet with as many passwords as possible, in hope of eventually guessing the right one.
But there’s a new trend in the crypto safecracking that’s more akin to finding a secret entryway.
Unciphered, a wallet recovery service founded in 2021 and based in San Francisco, targets poor implementation of wallets by looking at software and cryptography vulnerabilities.
The latest instance emerged Friday when it was revealed that Unciphered hacked the popular OneKey hardware wallet earlier this year by extracting a private key through exploiting a vulnerability in the firmware – the embedded programming that provides machine instructions. OneKey disclosed the vulnerability in a statement, acknowledged Unciphered’s role in detecting the vulnerability and said it had quickly fixed the issue.
“Software ages like milk,” said Chris Wysopal, a computer security expert and adviser to Unciphered. “At some point, I don’t care how good the security system is. It could be months, it could be years, but someone’s going to find a problem with it. Because it’s not perfect.”
The story offers a reminder that while crypto wallets are often seen as the more secure and do-it-yourself alternative to keeping digital assets on centralized exchanges, users are sometimes on their own when it comes to any problems with the wallets.
How many lost wallets are there?
Chainalysis, a blockchain analysis firm, has reported that up to 23% of bitcoin (BTC) may be lost forever because of lost or forgotten keys – the password made up of a string of letters and numbers that allows you to access and manage crypto funds. That works out to about 3.79 million BTC, or almost $90 billion, a stunning figure that represents nearly a tenth of the overall market capitalization of all cryptocurrencies.
“Most of the losing happened in Bitcoin early on, in the early years of crypto,” Kimberly Grauer, the director of research at Chainalysis, told CoinDesk.
Early statistics on ether (ETH), the second-biggest cryptocurrency by market cap, are harder to come by. However, data provided to CoinDesk by Crypto Asset Recovery shows that 7% of presale wallets have never had any crypto move – suggesting the ETH in those wallets have just been sitting there, untouched, ever since the Ethereum blockchain went live in 2015. That’s 621 of the 8,893 wallet addresses, or 521,574.608 ETH (roughly $875 million today).
Bugs can lock your crypto, too
Some users may have lost funds through no fault of their own but because of flaws in the wallet’s underlying code. In such cases getting help from a recovery specialist can be like calling a private eye to look for clues.
“Some of our jobs are kind of reducible to forensics jobs or have a sizable digital forensics component,” Frank Davidson, the co-founder and chief information security officer of Unciphered, told CoinDesk.
One of the most prominent cases at Unciphered involved an older version of ethereumwallet.com, founded by Anthony Di Iorio, a co-founder of the Ethereum blockchain.
The Unciphered team was trying to recover the wallet of a customer who couldn’t log into his EthereumWallet even though he had the correct seed (recovery) phrase and private key.
Unciphered audited the code and discovered a vulnerability in the wallet that affected a far greater number of users.
“Helping this one customer helped us find this bigger problem,” Eric Michaud, Unciphered’s co-founder, said in an interview with CoinDesk.
In this particular version of the EthereumWallet, known as the legacy wallets, Michaud said his company was able to find over 15,000 ETH (about $25 million) that was exposed.
After this discovery, Michaud realized that Unciphered could recover funds for more customers who had their crypto locked up in their legacy EthereumWallets. If there are more people who can’t access those wallets, Unciphered wants to help those people to get their funds back.
“He opened this entire door,» Michaud said about this initial client, who got the ball rolling for recovering other customers’ funds that were locked in the legacy EthereumWallets. “There’s countless people locked out that we haven’t reached out to yet or we hope they come to us because they’re clearly still locked out.”
When contacted by CoinDesk, Di Iorio said that EthereumWallet’s several versions were never considered to have exited the beta, or testing, phase. There is a warning on the website: “We recommend small amounts only, and remind you that use of this software is at your own risk.”
Di Iorio’s firm decided to shut down the wallet in 2018 and notified customers to move over to Jaxx, another user-friendly wallet that Di Iorio founded. Di Iorio later deprecated the EthereumWallet, meaning users were not able to access their funds if they did not transfer them within a specific timeframe. According to Di Iorio, multiple notifications and even grace periods were provided prior to the sunsetting.
Di Iorio said he doesn’t have contact information for former users to share with Unciphered.
“I don’t see how I can help,” Di Iorio told CoinDesk.
The customer who opened the doors for Unciphered’s EthereumWallet recovery spoke with CoinDesk and confirmed the details of the case.
Five years after the customer lost their crypto to the bug vulnerability, Michaud said that “we actually sent him back his crypto on Christmas Eve,” a nice present.
Unciphered takes 10% to 35% of the recovered funds, depending on the risk of accidentally breaking the wallet, and the costs of performing the actual attack.
Read more: Wasabi Wallet Will Pay You to ‘Crack’ a Bitcoin Wallet