In brief
- $300,000 worth of Bitcoin was trapped in an encrypted zip file.
- An anonymous investor may have never again accessed funds without expert help from an expert hacker.
- Private keys remain at the heart of a trade off between confidentiality and availability.
Pyrofex Corp CTO Michael Stay once broke open an encrypted zip file to rescue $300,000 worth of Bitcoin on behalf of an anonymous Russian investor, according to a recent speech on YouTube.
The Russian investor approached him because of his previously published work on hacking encrypted zip files. “If we find the password successfully, I will thank,” he wrote to Stay.
According to Stay, the investor purchased the Bitcoin for only $10,000 in 2016. But having placed his funds in the encrypted file and forgetting his password, it seemed like he had lost his Bitcoin forever.
Stay, who worked for Google as a security engineer for six years, and who has written over 30 password cracker guides for Access Data in the early 1990s, stepped up to the challenge.
Stay realised early that the file encryption was robust, and at first he had little information to start with. The anonymous investor was unable to recall key information and didn’t immediately trust Stay, so he wasn’t much help as Stay began trying to open the file.
To crack the code, Stay developed a program that attempted different password combinations over time. At first, this process was set to take months. Insead, Stay recruited the help of Pyrofex CEO Nash Foster to cut the task down to just a few days.
The entire operation cost $7,000. Stay suggested it would have been much higher if the old encryption software at use had been updated.
The anonymous investor split the rewards, giving Stay $100,000.
“This case truly captures the inherent trade-off between keys confidentiality and availability,” Tal Be’ery, co-founder of keyless crypto wallet ZenGo, told Decrypt.
“When people think about the security of their cryptocurrency private key they fear it will get stolen so they try to hide it as much as possible (in this case within an encrypted zip file), but in reality it's much more likely to be subject to loss,” he added.
Perhaps this is such a thing as too much security.