Hacking Crypto Wallets Is Latest Strategy in Quest to Recover Lost Billions
One of the downsides of crypto is the costliness of user error. If someone loses the keys to their crypto wallet, they could lose access to their crypto holdings forever.
Currently, the most popular method is known as “brute forcing” where the recovery specialists use a cryptographic technique where the wallet is bombarded with as many passwords as possible in hopes of eventually guessing the correct one.
But there is a new trend in crypto safecracking that is more akin to finding a secret entrance.
Unciphered, a San Francisco-based wallet recovery service founded in 2021, targets poor implementation of wallets by examining vulnerabilities in software and cryptography.
The latest incident surfaced on Friday when it was revealed that earlier this year Unciphered had hacked the popular OneKey hardware wallet by extracting a private key by exploiting a vulnerability in the firmware – embedded programming that provides machine instructions . OneKey disclosed the vulnerability in a statement, acknowledging Unciphered’s role in detecting the vulnerability, and saying it fixed the issue quickly.
“Software ages like milk,” says Chris Wysopal, computer security expert and consultant to Unciphered. “At some point I don’t care how good the security system is. It could take months, it could take years, but someone will find a problem with it. Because it’s not perfect.”
The story is a reminder that while crypto wallets are often seen as the safer and more homemade alternative to storing digital assets on centralized exchanges, users are sometimes left to their own devices when it comes to wallet issues.
Chainalysis, a blockchain analytics company, has reported that up to 23% of Bitcoin (BTC) can be lost forever due to lost or forgotten keys – the password, which is a string of letters and numbers, that you use to access cryptocurrency and can manage them. That equates to about 3.79 million BTC, or almost $90 billion, an impressive number that accounts for nearly a tenth of the total cryptocurrency market cap.
“Most of the losses in Bitcoin happened early on, in the early years of cryptography,” Kimberly Grauer, director of research at Chainalysis, told CoinDesk.
Early stats on Ether (ETH), the second largest cryptocurrency by market cap, are harder to come by. However, data provided to CoinDesk by Crypto Asset Recovery shows that 7% of presale wallets have never had a crypto movement – suggesting that ETH has been held in those wallets since the launch of the Ethereum blockchain in were simply untouched in 2015. That’s 621 of the 8,893 wallet addresses, or 521,574,608 ETH (about $875 million today).
Some users may have lost funds through no fault of their own but due to bugs in the wallet’s underlying code. In such cases, it can be like calling a private detective to look for clues.
“Some of our jobs boil down to forensic jobs or have a significant digital forensic component,” Frank Davidson, Unciphered’s co-founder and chief information security officer, told CoinDesk.
One of the most prominent cases at Unciphered involved an older version of ethereumwallet.com, founded by Anthony Di Iorio, a co-founder of the Ethereum blockchain.
The Unciphered team attempted to recover the wallet of a customer who was unable to log into their Ethereum wallet despite having the correct seed (recovery) phrase and private key.
Unciphered examined the code and discovered a vulnerability in the wallet that affected a far larger number of users.
“The support of this one customer helped us find this bigger problem,” said Eric Michaud, co-founder of Unciphered, in an interview with CoinDesk.
In this particular version of the Ethereum wallet, known as the legacy wallets, Michaud said his company was able to find over 15,000 ETH (about $25 million) that were disclosed.
After this discovery, Michaud realized that Unciphered could recover funds for more customers who had their cryptos locked in their legacy Ethereum wallets. If there are more people who cannot access these wallets, Unciphered would like to help these people get their funds back.
“He opened this whole door,” Michaud said of this first customer, who started the ball rolling to recover other customers’ funds locked in legacy Ethereum wallets. “There are countless people who are locked out that we haven’t reached out to or we hope they will come to us because clearly they’re still locked out.”
When asked by CoinDesk, Di Iorio said that the different versions of EthereumWallet were never considered to be out of beta or testing. There is a warning on the website: “We only recommend small quantities and remind you that use of this software is at your own risk.”
Di Iorio’s company decided to discontinue the wallet in 2018 and notified customers to switch to Jaxx, another user-friendly wallet founded by Di Iorio. Di Iorio later scrapped the EthereumWallet, meaning users couldn’t access their funds if they didn’t transfer them within a certain timeframe. According to Di Iorio, several notifications and even grace periods were provided before sunset.
Di Iorio said he has no contact information for former users to share with Unciphered.
“I don’t see how I can help,” Di Iorio told CoinDesk.
The customer who opened the doors to Unciphered’s EthereumWallet recovery spoke to CoinDesk and confirmed the details of the case.
Five years after the customer lost his crypto to the bug vulnerability, Michaud said that “we actually sent him his crypto back on Christmas Eve,” a nice gift.
Unciphered takes 10% to 35% of recovered funds, depending on the risk of accidentally breaking the wallet and the cost of conducting the actual attack.