One of the drawbacks of crypto is the costliness of user error. If someone loses the keys to their crypto wallet, they can lose access to their crypto asset forever.
Currently, the most popular method is known as “brute-forcing”, where the recovery specialists use a cryptographic technique where the wallet is bombarded with as many passwords as possible, hoping to eventually guess the correct one.
But there is a new trend in crypto vault cracking that is more like finding a secret entrance.
Unciphered, a wallet recovery service founded in 2021 and based in San Francisco, focuses on poor wallet implementation by looking at vulnerabilities in software and cryptography.
The latest case emerged Friday when it was revealed that earlier this year Unciphered had hacked the popular OneKey hardware wallet by extracting a private key by exploiting a vulnerability in the firmware – the embedded programming that gives machine instructions. OneKey disclosed the vulnerability in a statement, acknowledging Unciphered’s role in tracking down the vulnerability and saying it quickly resolved the issue.
“Software ages like milk,” said Chris Wysopal, computer security expert and advisor to Unciphered. “At a certain point I don’t care anymore how good the security system is. It may take months, it may take years, but someone will find a problem with it. Because it’s not perfect.”
The story is a reminder that while crypto wallets are often seen as the more secure and do-it-yourself alternative to storing digital assets on centralized exchanges, users are sometimes on their own when it comes to problems with the wallets.
Chainalysis, a blockchain analytics company, has reported that up to 23% of bitcoin (BTC) could be lost forever due to lost or forgotten keys – the password consisting of a series of letters and numbers that allows you to access and manage crypto funds. That equates to about 3.79 million BTC, or nearly $90 billion, a staggering figure that represents nearly one-tenth of the total market cap of all cryptocurrencies.
“Most of the loss happened early on in Bitcoin, in the early days of crypto,” Kimberly Grauer, the research director at Chainalysis, told CoinDesk.
Early stats on ether (ETH), the second-largest cryptocurrency by market capitalization, are harder to come by. However, data provided to CoinDesk by Crypto Asset Recovery shows that 7% of presale wallets have never had a crypto move. of the 8,893 wallet addresses, or 521,574,608 ETH (about $875 million today).
Some users may have lost money through no fault of their own but due to errors in the wallet’s underlying code. In such cases, getting help from a recovery specialist can be like calling a private investigator to look for clues.
“Some of our jobs are more or less traceable to forensics jobs or have a sizeable digital forensics component,” Frank Davidson, Unciphered’s co-founder and chief information security officer, told CoinDesk.
One of the most prominent cases with Unciphered involved an older version of ethereumwallet.com, founded by Anthony Di Iorio, a co-founder of the Ethereum blockchain.
The Unciphered team attempted to recover the wallet of a customer who was unable to login to their EthereumWallet, even though they had the correct seed (recovery) phrase and private key.
Unciphered checked the code and discovered a vulnerability in the wallet that affected a much larger number of users.
“Helping this one customer helped us find this bigger problem,” Unciphered co-founder Eric Michaud said in an interview with CoinDesk.
In this particular version of the EthereumWallet, known as the legacy wallets, Michaud said his company was able to find more than 15,000 ETH (about $25 million) exposed.
After this discovery, Michaud realized that Unciphered could get cash back for more customers who locked their crypto in their old EthereumWallets. If there are more people who can’t access those wallets, Unciphered wants to help those people get their money back.
“He opened this whole door,” Michaud said of this first client, who got the ball rolling to recover other clients’ funds locked away in the old EthereumWallets. “There are countless people who have been locked out that we have not yet contacted or hoped would come to us because they are clearly still locked out.”
When contacted by CoinDesk, Di Iorio said that the various versions of EthereumWallet were never considered to have left beta or testing phases. There is a warning on the website: “We recommend only small amounts and remind you that use of this software is at your own risk.”
Di Iorio’s company decided to shut down the wallet in 2018 and informed customers to switch to Jaxx, another user-friendly wallet that Di Iorio founded. Di Iorio later deprecated the EthereumWallet, meaning users couldn’t access their funds if they didn’t transfer it within a certain time frame. According to Di Iorio, there were multiple reports and even grace periods prior to sunset.
Di Iorio said he has no contact information for former users to share with Unciphered.
“I don’t see how I can help,” Di Iorio told CoinDesk.
The customer who opened the doors to Unciphered’s EthereumWallet recovery spoke to CoinDesk and confirmed the details of the case.
Five years after the client lost his crypto to the bug vulnerability, Michaud said that “we actually returned him his crypto on Christmas Eve,” a nice gift.
Unciphered takes 10% to 35% of the recovered funds, depending on the risk of accidentally breaking the wallet and the cost of carrying out the actual attack.