Image: Dan Kitwood/Getty Images
For at least a year, hackers have been passing around and trying to break into a Bitcoin wallet that potentially holds around $690 million, or 69,370 BTC. This would be the wallet with the seventh highest amount of Bitcoin in circulation, according to a site that tracks wallets quantities, so if anyone could crack it, it would be quite the coup.
Ever since Bitcoin’s launch in January of 2009, people have lost the passwords to their wallets, or thrown out the hard drives where they were storing their bitcoins, effectively locking themselves out of their hard earned digital money. With the value of Bitcoin going up and down, people have desperately tried to unlock those wallets, to the point of recently enlisting a Google security engineer in an epic attempt to unlock $300,000 worth of the digital currency. There’s even a marketplace now, called All Private Keys, where people can purchase, download, and attempt to hack into Bitcoin wallets that need cracking.
On Monday, Alon Gal, the Chief Technology Officer of cybercrime intelligence company Hudson Rock, noticed that the $690 million Bitcoin wallet—whose address is 1HQ3Go3ggs8pFnXuHVHRytPCq5fGG8Hbhx—was advertised on the popular hacking forum RaidForums.
“Stealing Bitcoin wallets from victims worldwide is a common goal among cybercriminals. Wallets tend to be protected by strong passwords and in the event that a cybercriminal manages to obtain a wallet and cannot crack the password he might sell it to opportunistic hash crackers who are individuals with a large amount of GPU power,” Gal told Motherboard in an online chat. “In the case of this Bitcoin wallet, it seems that it had been circulating for a while with no luck to those who attempt cracking it.”
In fact, hackers have been trading the wallet on various occasions. On June 29 of last year, someone nicknamed humerh3 tried to sell the wallet on Bitcointalk, one of the most popular forums dedicated to the cryptocurrency. Another forum member noticed a listing on All Private Keys for the $690 million wallet earlier this year as well. That listing is now gone, but another site has it on sale.
There is no guarantee, however, that this wallet.dat file that’s going around actually holds the lost Bitcoin. It’s possible that someone forged this wallet so that it would have the 1HQ3Go3ggs8pFnXuHVHRytPCq5fGG8Hbhx address but not its corresponding private key, which is what one would need to get the bitcoins, according to cryptocurrency experts.
“It’s possible to doctor a Bitcoin wallet.dat file to make it seem like it contains a high balance,” Dave, the person who runs Wallet Recovery Services, a service that decrypts wallets with lost passwords for a fee. “The wallet file contains pairs of public key & encrypted private key of the addresses it controls. So one could modify the file in a binary editor and change the public key of one of the address pairs to that of a high value BTC address.”
In practice, that means there’s no way to know that this wallet actually holds the coins unless you crack and decrypt it. The wallet could have been forged or modified to fool people into paying for something that is not what it’s supposed to be.
And decrypting it may very well be impossible.
That’s because it’s likely that the wallet is protected with a long and unique password, and the wallet.dat file is encrypted using two algorithms—AES-256-CBS and SHA-512—that are very slow to process. That makes it very hard to brute force. Another company that sells wallet recovery services wrote in a blog that a wallet file like this one, which has “a password with a length of 15 plus characters using Upper/lower case, numbers, special and foreign characters would be impossible to crack using brute force in a lifetime.”
“I think it’s a hell of a longshot. It’d have to be a fairly weak password to be cold cracked. Or someone getting really, really lucky,” Jeremi Gosney, the founder and CEO of Terahash, told Motherboard in an online chat. “I certainly would not waste any resources on it.”