Software Engineer Cracks Encrypted File To Recover USD 300K in Bitcoin

Sead Fadilpašić
Last updated: | 2 min read

Once upon just recently, there was a software engineer with two decades of experience in cracking codes, who used a set of complicated steps to recover keys for a “Russian guy’s” bitcoin (BTC).

Source: Adobe/deepagopi2011

Mike Stay is the CTO of Pyrofex, a startup that creates blockchain platforms and decentralized applications, and a software engineer who formerly worked at Google (and is now looking for a new role). According to him, in winter 2019, a Russian man contacted him, saying that he has read a paper on PKZIP, a compression / archival program written almost two decades ago, at the time Stay worked at software company AccessData. While the described attack included five encrypted files in an archive, the man asked the engineer if the attack would work with only two files.

What was the man after? “Over USD 300,000” worth of BTC. In January 2016, he bought some USD 10,000-15,000 worth of BTC (it was fluctuating around USD 400 per BTC back then), but he put the keys in an encrypted ZIP file and forgot the password. The man, however, had two important things: the original laptop and the time of the encryption.

The initial estimate was that some 10 sextillion (1 with 21 zeros) would need to be tested, for which a large GPU (graphics processing unit) farm, c. a year of time, and c. USD 100,000 would be needed to break. But, as InfoZip, a set of open-source software to handle ZIP archives, seeds its entropy using the timestamp, Stay explains, it reduced the work to 10 quintillion (1 with 18 zeros) keys, a medium GPU farm, and a couple of months of time.

As Stay started his complicated work with his business partner Nash Foster, which we’ll greatly simplify here, he realized that it would, in fact, take a few hundred thousand years to check each of the keys. However, he remembered another process that allowed him to reduce the basis, further finding that the difference from the answer that process gave him and the true answer, which then reduced the possibilities to run from 4 billion to 36. Ten days of another modified attack later, it failed.

However, a thorough checkup allowed them to identify the issue, fix the bug, re-run the code, and find the correct key in a day. “Our client was very happy,” says Stay at the end of his story, “and gave us a large bonus for finding the key so quickly and saving him so much money over our initial estimate.”
___

Learn more:
How Good Are Bitcoin Recovery Services?
What Would You Do to Recover Lost Bitcoins?