Cryptographer cracks Encrypted ZIP File with $300,000 Worth of bitcoins trapped in it

Michael Stay, an experienced cryptographer successfully cracks an encrypted ZIP file with about $300,000 worth of bitcoins trapped in it

By · Aug 10, 2020 . 10min read

Encrypted ZIP File with $300,000 Worth of bitcoins

Michael Stay, an experienced cryptographer, successfully cracks an encrypted ZIP file with about $300,000 worth of bitcoins trapped in it for a guy who independently contracted him.

In a recent YouTube video, Michael Stay, who is the CTO of Pyrofex Corporation, give details of how he was able to achieve this. Stay says he was contacted by a person whom he refers to as “The Guy” on LinkedIn. Apparently, going through the message, the other fellow had lost access to the password of an encrypted ZIP file with his private keys.

Interestingly, The Guy has bought some $10,000 worth of bitcoins in January 2016. This was when Bitcoin price peaked at $458 with a total market cap of $6.9 billion.

Bitcoin price as at 2016 during which the time The Guy bought and used an encrypted ZIP file to protect his bitcoins private keys

Fast forward to 2020, the same amount of Bitcoin was now worth $300,000. But The Guy has a more significant problem between him and his new big fortune. He could no longer remember the password with which he encrypted the ZIP file.

A ZIP file is a popular file format used for “lossless” compression of large files. Stay, about Nineteen years back, wrote a piece which he published on how to crack encrypted files carefully. Running the numbers in his head, he assumed it would cost about $100,000 to crack open the particular ZIP file to gain access to the private keys for The Guy.

Obviously, The Guy who would still be in profit and he took up the offer. As Stay narrates, he said:

It’s the most fun I’ve had in ages. Every morning I was excited to get to work and wrestle with the problem. The zip cipher was designed decades ago by an amateur cryptographer—the fact that it has held up so well is remarkable.

Michael Stay

Stay was fortunate to know the encryption zip program version helping to narrow the search down to an order of quintillions.

Even though many implementations of ZIP can be insecure, this one, in particular, was different. Newer generations of zip programs use robust cryptographic standard AES. However, outdated versions like the one used in The Guy’s case—use Zip 2.0 Legacy encryption that can often be cracked. Moreover, the degree of difficulty depends on the implementation.

More importantly, Stay was fortunate to know encryption zip program version. Also, the timestamp of when the file was created, which the Info-ZIP software uses to inform its cryptography scheme was also visibly apparent. Stay being an experienced cryptographer was able to narrow it down to something on the order of quintillions. He did this using a massive pool of passwords and encryption keys.

Subsequently, Stay enlisted the efforts of his firm – Pyrofex, renting its cloud graphics-processing units. These were Nvidia Tesla general-purpose GPUs which he used to implement the cryptanalysis code.

The Setback in the quest for the search for the keys to the encrypted ZIP file with bitcoins

Initially, it ran for ten days and failed. A persistent but disappointed Stay said

“We’d had lots of bugs before, but the tests I ran on my laptop all worked perfectly. If it was a bug, it had to be a subtle one, and I worried that it would take us a long time to find.”

Reverse-engineering what may have happened, Stay stumbled upon a new idea which is trying out some number he calls “seed” as the starting point for the random number generator was using in the cryptographic scheme. Apparently, this was where the bug lied. Stay and others like The Guy and Foster, Pyrofex CEO, noticed the GPU didn’t process the correct password on the first attempt.

Subsequently, upon fixing this and rerunning it, the encrypted ZIP file housing the private keys for the bitcoins. Surprisingly, the whole process cost between $6,000 to $7,000 instead of the initial $100,000 projection. Interestingly, The Guy was happy to pay about $25,000 for a job well done.

Not every encrypted ZIP file with bitcoins can be cracked, especially crypto wallets.

As typical, a story like this attracts both good and bad responses. To make this clear, Nash Foster, Pyrofex CEO, says:

“Projects like this are just completely unusual. If the details of his situation had been different, if he had used a slightly more recent version of zip, it would have been impossible. But in this particular case, there was something we could do.”

Nash Foster, Pyrofex CEO

Moreover, as Stay pointed out, the zip attack has nothing to do with cryptocurrency wallets. Even though cryptocurrency wallets may come with vulnerabilities, they are usually made with strong and modern encryption.

Follow Cryptodose for daily updates

         All News