In early 2011, a Swiss programmer named Stefan Thomas was one of the world’s few experts on something called bitcoin. A company commissioned him to make a video explaining it, and Thomas asked to be paid precisely in that cryptocurrency. They did it: they transferred 7,002 bitcoins, an astonishing amount that at the time was not significant: bitcoin at that time was below a dollar. Then many things happened.
230 million euros. The first time Thomas tried to access those bitcoins again, in mid-2011, the cryptocurrency had taken a brutal jump and was worth almost 30 dollars: his bitcoins were equivalent to 140,000 dollars and he tried to recover them without success. Now they are worth much more, and at the current price those 7,002 bitcoins are equivalent to just over 230 million euros.
Three backups, only one survives. At the end of 2011 Wired already told how Thomas had three copies of the bitcoin wallet, but without realizing it he deleted the contents of two of them and also lost the paper where he had saved the password for the third backup. That third backup resided on a security USB key, a “cold wallet.”
Just two more tries. Thomas had 10 attempts to figure out the password, but in these 12 years he has already exhausted eight of them. He has two left, and it doesn’t look like he’ll be able to figure it out on his own. In recent months this user ended up contacting a specialist and also a company specialized in trying to recover lost cryptocurrency accounts. None of them seem to have made any progress on the goal, but this is where things get interesting.
Unciphered. That is the name of the company that a group of experts created in 2021 with the aim of deciphering the undecipherable, breaking the security of the encrypted USB security keys that are used to safeguard cryptocurrencies.
Ironkey S200. Thomas used this security USB key to protect his bitcoins, but he doesn’t remember the password that gives access to those bitcoins. At Unciphered, however, they have bought all the keys of that type that they can to study them with super specialized machines such as a CT scanner or laser tools to isolate and study the Atmel chip that serves as the “secure enclave” of that key. . Managing to decipher this key was for them the Everest in this segment. And they have ended up achieving it.
Stephan Thomas. Fuente: XRP Ledger Foundation
Success. A Wired editor told how a few days after sending them one of these keys encrypted with a password that only he knew, he received a text message from one of those responsible for Unciphered. The message contained precisely the three random words that he had chosen as his master password: indeed, they had managed to decrypt his device, and it had “only” taken 200 million attempts using a supercomputer. As?
“Infinite lives”. Theoretically, the Ironkey S200 only allows 10 attempts to enter the password, but in Unciphered they have taken advantage of the vulnerability they have discovered to actually ensure that the user has infinite attempts. It is as if someone who plays a game of a video game has infinite lives: thanks to that, they will eventually be able to finish it. And with this encryption, the same thing, because once you have those infinite attempts, you can apply a brute force system and end up finding out the password. It’s just a matter of time and computing power, and a supercomputer (or a powerful computer) can speed things up a lot.
Thomas declines this option. Stefan Thomas was contacted by Wired and despite being told that Unciphered had discovered an apparently guaranteed method to recover his funds, he declined the offer to have it used for his key in exchange for a fee. His excuse: he was still in negotiations with that firm and that person also theoretically specialized in this area. According to Wired and comments from those responsible for Unciphered, none of them are remotely close to achieving it, but they are.
No hurries. Thomas already spoke about the topic in The New York Times in 2021 and was also the protagonist of a topic in Xataka last year. This programmer does not seem to have any special interest in immediately recovering those 230 million euros, perhaps because he expects the figure to rise even more soon if bitcoin increases in value. This programmer doesn’t seem to need them either: he ended up investing in other crypto projects — he was CTO of Ripple but resigned before the controversy — and seems to have his life figured out.
Lost Bitcoins. What has happened to Thomas is part of a well-known and sadly frequent phenomenon: years ago a study revealed that between 17 and 23% of the bitcoins issued to date had been lost, and Chainalysis estimated that the value of those wallets forgotten amounts in 2021 to 140,000 million dollars.
Imagen | XRP Ledger Foundation
In Xataka | Two million dollars in a crypto wallet, a forgotten PIN and a solution: hack it