One of the drawbacks of crypto assets is the high cost of user error. In the unlikely event that you lose the key to your cryptocurrency wallet, your cryptocurrency will be permanently inaccessible.
Fortunately, however, a new industry called “wallet recovery services” has emerged. Those who use a variety of techniques to recover lost assets.
Currently, the most popular method is called “brute force”. Try as many passwords as possible, hoping to eventually hit the right one.
But new techniques are emerging, such as searching for secret entrances.
Exploit wallet vulnerabilities
Unciphered, a San Francisco-based wallet recovery service founded in 2021, aims to recover assets by targeting vulnerabilities in software and cryptography.
It was recently revealed that Unciphered hacked OneKey, a popular hardware wallet, by exploiting a vulnerability in the wallet’s firmware, known as the firmware, to retrieve the private key. OneKey also announced the vulnerability in question in a statement, acknowledging Unciphere’s role in discovering the vulnerability, and announcing that it had already fixed the vulnerability.
“Software degrades like milk,” said Chris Wysopal, a computer security expert and advisor to Unciphered.
“At some point, it doesn’t matter how good your security system is. It could be months, it could be years, and someone will find a problem because nothing is perfect.”
Crypto wallets are often seen as a more secure, do-it-yourself alternative to storing crypto on centralized exchanges. But if there is a problem with the wallet, users will have to fix it themselves.
How many wallets were lost?
According to blockchain analytics firm Chainalysis, up to 23% of Bitcoin (BTC) could be lost forever due to lost or forgotten keys.
A “key” here is a string of letters and numbers that allows access to crypto assets. 23% is equivalent to about 3.79 million BTC, $90 billion (about 12 trillion yen), or about 10% of the total market capitalization of all crypto assets.
“Most of the losses happened in the early days of Bitcoin, the early days of crypto,” said Kimberly Grauer of Chainalysis.
Early data for the second-largest cryptocurrency by market capitalization, Ethereum (ETH), are hard to come by.
However, according to data from Crypto Asset Recovery, 7% of crypto assets in pre-sale wallets are not moving at all. So the Ethereum inside these wallets may have been left unattended since the Ethereum blockchain went live in 2015.
This corresponds to 621 wallets out of 8,893 wallet addresses, and the amount of Ethereum stored is 521,574.608 Ethereum (about $875 million, about 118 billion yen).
also caused by bugs
Some users, through no fault of their own, have lost money due to flaws in the wallet program. In such cases, seeking help from a recovery expert is akin to hiring a private investigator.
“Some of the work we do is kind of like analytics in criminal investigations, and it’s heavily digital analytics,” said Unciphered co-founder and chief information security officer Frank Davidson. Told.
The most famous case Unciphered has worked on involved an early version of ethereumwallet.com, launched by Anthony Di Iorio, one of the co-founders of the Ethereum blockchain. rice field.
The Unciphered team attempted to recover assets of customers who had the correct seed phrase and private key but were unable to log into their Ethereum Wallet. Unciphered analyzed the program and found vulnerabilities that could affect far more users.
“By helping one customer, we uncovered a bigger problem,” said Unciphered co-founder Eric Michaud.
According to Michaud, the amount of Ethereum affected by this vulnerability is over 15,000 ETH.
Birth of Recovery Service
After this discovery, Michaud realized that Unciphered could recover funds for those who had their cryptocurrency locked in the old-fashioned Ethereum Wallets, and wanted to help them as a business.
“He was the one who started it all,” Michaud said of the first customer that inspired the recovery business.
“There are still a lot of people we haven’t reached out to, and we hope to hear from those who have lost access.”
Di Iioio said multiple versions of EthereumWallet were not supposed to complete the beta testing phase. The website also has the following warning:
“We recommend that you use this software for small amounts only and at your own risk.”
Di Iorio’s company shut down its wallet service in 2018, and customers were sent notices to migrate to another wallet he launched, Jaxx.
Di Iorio has since shut down EthereumWallet and customers who have not moved their assets within a certain period of time will not be able to access their assets. Di Iorio said there were multiple notifications about the matter and a grace period before the service was discontinued.
“I don’t think I can help,” said Di Iorio, who said he doesn’t have contact information for former users to provide to Unciphered.
The customer behind Unciphered’s EthereumWallet recovery confirmed to CoinDesk that the details of the incident are correct.
“I was able to get it back on Christmas Eve and send it to him,” Michaud recalled, five years after losing his crypto to a bug.
Unciphered takes a fee of 10-35% of the recovered assets, depending on the risk and expense of accidentally destroying the wallet.
｜Translation and editing: Akiko Yamaguchi, Takayuki Masuda
｜Original: Hacking Crypto Wallets Is Latest Strategy in Quest to Recover Lost Billions