Crypto Opinions & News They Cracked the Code to a Locked USB Drive Worth $235 M in Bitcoin. Then It Got Weird

Disclaimer: Any information contained on this forum is provided as general market commentary, and does not constitute investment, financial, trading or other sort of advice.

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,527
In late September, a hacker who asked to be called Tom Smith sent me a nonsensical text message: “query voltage recurrence.” Those three words were proof of a remarkable feat—and potentially an extremely valuable one. A few days earlier, I had randomly generated those terms, set them as the passphrase on a certain model of encrypted USB thumb drive known as an IronKey S200, and shipped the drive across the country to Smith and his teammates in the Seattle lab of a startup called Unciphered.

Smith had told me that guessing my passphrase might take several days. Guessing it at all, in fact, should have been impossible: IronKeys are designed to permanently erase their contents if someone tries just 10 incorrect password guesses. But Unciphered's hackers had developed a secret IronKey password-cracking technique—one that they've still declined to fully describe to me or anyone else outside their company—that gave them essentially infinite tries. My USB stick had reached Unciphered’s lab on Tuesday, and I was somewhat surprised to see my three-word passphrase texted back to me the very next morning. With the help of a high-performance computer, Smith told me, the process had taken only 200 trillion tries.

Smith’s demonstration was not merely a hacker party trick. He and Unciphered’s team have spent close to eight months developing a capability to crack this specific, decade-old model of IronKey for a very particular reason: They believe that in a vault in a Swiss bank 5,000 miles to the east of their Seattle lab, an IronKey that's just as vulnerable to this cracking technique holds the keys to 7,002 bitcoins, worth close to $235 million at current exchange rates.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,073

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,073
That was a good read. I did not realize this:

Making matters worse is the face that the IronKey device has a built in mechanism that only allows for 10 password guesses before its contents are destroyed.
fwiw, I have an IronKey USB, a very early version. I have not used it in years, but last time I checked I could still get into it, but "is it safe?" :rolleyes:
 

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,527
fwiw, I have an IronKey USB, a very early version. I have not used it in years, but last time I checked I could still get into it, but "is it safe?" :rolleyes:
Good question, I have flash drives that are about 10 years old and I wonder how long I can expect them to last, one of them has been through the washer and dryer twice 😁
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
Thanks for the article. When I read in the article: "The New York Times wrote that Thomas already had “more riches than he knows what to do with,” thanks to other crypto ventures."
How about let them decrypt the key for 10% and donate the other 90%? Or how about donate money in general it's not like the world hasn't enough people starving....
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top