By: Dr Tristan Jenkinson

Introduction

Helping users who have lost access to their cryptocurrency investments is a noble endeavour… but there is definitely a sliding scale on the measure of good intentions where hackers and cryptocurrency meet. This article discusses some of the good, bad and ugly of stories from the last week (or so) involving cryptocurrencies, from helpful hackers to retracted journalism, through money laundering and claims of fraud…

The Good

There have been many stories about users having lost a fortune in bitcoin, having for example discarded or deleted wallet details or forgotten passwords. Some have even resorted to trying hypnosis to try to recall credentials (see for example https://fortune.com/2017/12/20/bitcoin-investors-hypnotherapy).

An alternative approach was highlighted in an article this week from the BBC (https://www.bbc.co.uk/news/technology-60318946). The article speaks about the recovery of lost bitcoin fortunes through the use of hackers. One focus is the story of Rhonda, who had a printout of her wallet details, but had not realised that the printout was missing some of the final digits.

Rhonda turned to Charlie and Chris Brooks who run Crypto Asset Recovery (https://cryptoassetrecovery.com/), who were able to recover the Bitcoin from Rhonda’s wallet, worth around $175,000.

The Crypto Asset Recovery website gives a glimpse into some of the methodologies they use, for example pulling together what information they can about potential passwords to wallets, and building a dictionary of passwords to try against the wallet.

The BBC article also mentions another hacker, Joe Grand (known better to some under his hacker alias ‘Kingpin’), who has assisted individuals with recovering locked crypto investments, this time involving hardware keys.

Rather than having to remember, store or write down the complex key that is needed to access crypto currencies (to arrange payments or withdrawals etc.) hardware keys are USB type devices that can store the complex details and can be secured with a simpler password or PIN. Then to be able to make payments etc. you can just connect your hardware key to the computer and enter the PIN. This does mean however, that without the PIN, you are (typically) a little stuck.

Last month, an article was published on theverge.com  (https://www.theverge.com/2022/1/24/22898712/crypto-hardware-wallet-hacking-lost-bitcoin-ethereum-nft) covering Joe’s work to recover $2m in Theta from a Trezor hardware wallet.

Joe’s work, as reported on theverge.com and also on YouTube (https://www.youtube.com/watch?v=dT9y-KQbqi4) was to assist an individual in recovering investments that they had lost.

Joe’s method involved combining two separate previously used approaches. The first was used by Saleem Rashid to assist Wired editor Mark Frauenfelder recover $30,000. It is well worth reading Mark’s first hand account about his ordeal (https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/) including how he tried hypnosis prior to working with Saleem to get access to his wallet.

The second was a method dubbed wallet.fail and was the subject of a “Refreshing Memories” conference talk by Thomas Roth, Dmitry Nedospasov and Josh Datko (https://www.youtube.com/watch?v=Y1OBIGslgGM or alternatively here https://media.ccc.de/v/35c3-9563-wallet_fail#). This approach was to use “glitching” to gain access to RAM at a specific point when the PIN was temporarily moved there (the relevant section on glitching attacks on the Trezor One starts at around 35 minutes in).

Combining the two, Joe was able to retrieve the PIN to the hardware wallet.

“Lost” Bitcoin and Addressing the Fear of Running Out (FORO)

A point covered in a number of these articles is the amount of Bitcoin which is estimated to have been lost (other cryptocurrencies are available!). As reported by the BBC, Chainalysis suggest that up to 3.79 million Bitcoin (about 23% of all Bitcoin currently mined) may have already been lost (https://www.newsbtc.com/news/bitcoin/chainalysis-up-to). At current value (based on xe.com) this would be worth around $160,000,000,000,000 ($160 trillion). That is a lot of money sitting around unused.

By comparison, there are only roughly 2.1 million Bitcoin left to be mined. (Yes, there are a limited number of Bitcoin – see for instance https://www.investopedia.com/tech/what-happens-bitcoin-after-21-million-mined/).

With around 19 million bitcoin already mined, the immediate reaction is that we are going to run out of Bitcoin in the next few years. However, because of the methods used to mine and manage Bitcoin, it is estimated that Bitcoin is not likely to run out until 2140. That doesn’t mean that things will continue as they are until then.

Two particular features of Bitcoin could come into play – Bitcoin halving and the self-correcting difficulty of mining.

Bitcoin Halving

When each set of 210,000 blocks is mined, the reward for mining is halved.

This not only means that miners are paid less for successfully mining a block, but also slows the rate of new Bitcoins being created.

Bitcoin halving is the main feature meaning that despite roughly only 10% of bitcoins remaining to be mined, it will take until around 2140 to do so.

Halving events do seem to correlate with boom and bust cycles, with each halving increasing the value of Bitcoin (see for example https://cointelegraph.com/bitcoin-for-beginners/bitcoin-halving-how-does-the-halving-cycle-work-and-why-does-it-matter). The next halving event is expected in 2024.

See https://www.investopedia.com/bitcoin-halving-4843769 on bitcoin halving more generally.

Self-Correcting Mining Difficulty

When each set of 2016 blocks is mined, the Bitcoin algorithm resets the difficulty of mining by altering the problem that miners need to solve to successfully mine a block. It typically takes around two weeks for 2016 blocks to be mined.

The difficulty level for miners is dependent on the hash rate. This is a measure of the level of processing power of all miners working to mine bitcoin. In theory as more miners are working to mine Bitcoins, they become more difficult to mine.

As Bitcoin mining has grown in popularity, the difficulty has noticeably grown. Other fluctuations are also present, for example, it is widely thought that power outages in China’s Xinjiang region last year knocked out so many bitcoin miners that the hash rate tumbled, resulting in the difficulty being lowered (https://www.independent.co.uk/life-style/gadgets-and-tech/bitcoin-price-china-power-cut-b1834446.html). Similarly China’s crackdown on Bitcoin miners has also had an effect as they sought to relocate (see for example https://www.cnbc.com/2021/06/15/chinas-bitcoin-miner-exodus-.html and https://www.cnbc.com/2021/08/12/bitcoin-mining-becomes-more-difficult-as-algorithm-adjusts.html).

So, if mining power increases (with more people mining, or more powerful systems being developed and used for mining), the hashrate also increases leading to the difficulty level of mining to increase.

As these two features combine, miners could well see significantly diminishing returns in the future. These could be somewhat offset by an increase in the value of Bitcoin, but that is by no means certain given the volatility of the cryptocurrency market.

The use of ASICs (Application Specific Integrated Circuits – see https://www.investopedia.com/terms/a/asic.asp) and enormous Bitcoin mining farms (for example see https://www.sunbirddcim.com/infographic/largest-bitcoin-mining-farms-world) means that Bitcoin mining is becoming increasingly less profitable for “small players” in the mining community – for example 0.1% of miners control 50% of all mining capacity – as calculated by Fortune (https://fortune.com/2021/10/26/bitcoin-mining-capacity-ownership-concentration-top-investors-nber-study/).

Returning to Chris and Charlie Brooks from Crypto Asset Recovery, they estimate that by using computers to try various login ID and password combinations, it could be possible to recover around 2.5% of the “lost” Bitcoin – around $3.9 billion worth.

So, should we worry that some of the bitcoin mining farms, especially the “small players” seeing diminishing returns from their mining will switch to trying to access addresses where some of the lost millions are stored?

While the approach for cracking would use similar methods and computing power as mining, at current it is generally believed that processing power is just not enough, without other vulnerabilities or information to exploit. See for instance https://news.bitcoin.com/how-hard-is-it-to-brute-force-a-bitcoin-private-key/.

This is a point that Crypto Asset Recovery appreciate, with a specific highlight that they will not be able to help if a user has no idea what their password is, or if it was 15+ randomly chosen characters.

Potentially brute forcing a bitcoin key remains, thankfully, unlikely. This is perhaps especially important since it easy to identify where such an endeavour might start…

Because Bitcoins transactions are stored on the Blockchain and publically available, it is easy to identify the highest value addresses. For example, you can see the “Bitcoin Rich List” here https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html. Further, transactions involving so called “Whale” addresses are often published – for example see https://www.independent.co.uk/life-style/gadgets-and-tech/bitcoin-whale-btc-wallet-mystery-price-b1971959.html.

A Craig Wright Interlude

If you were looking to claim one of the rich list Bitcoin addresses as your own, you may want to do so with some care… For example, you may not want to claim that a wallet tied to a major hack of a cryptocurrency exchange was yours.

This was exactly what Craig Wright did in February last year, when he made claims that he owned the “1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF” (“1Feex”) address. To note, this address is, at time of writing number 9 in the Bitcoin Rich List.

Per the Financial Times (https://www.ft.com/content/56ba5a61-367e-4b10-abc8-4f79bab4144d), it was claimed that Wrights personal computer was “hacked by persons unknown and encrypted private keys to two addresses, which hold substantial quantities of Bitcoin… were stolen”. One of those addresses, according to the accompanying PDF (https://uk.ontier.net/news/2348/letter-before-action-from-ttl-to-btc-developers/en/) was the 1Feex address.

Rather than going after the apparent hackers (or contacting Charlie and Chris Brooks), Wright took another approach. He had his lawyers demand that the Bitcoin developers give Wright access and control of the bitcoin associated with that address.

One of the apparent problems with that claim was that this address was directly linked to funds that were transferred from Mt. Gox, with approximately 80,000 bitcoin being transferred to that account as part of the Mt. Gox attack in 2014 (see for example https://cryptopotato.com/was-craig-wright-behind-the-mt-gox-hack-in-2014/).

Another apparent issue would be the immutability for which Bitcoin’s blockchain design is famous (i.e. content on the blockchain cannot be manipulated). According to the FT article, Wright’s lawyers said that Wright was not seeking to alter the immutability, Wright wanted to be issued with new tokens to the same value as the old ones. As the FT put it:

“The idea, it seems, is to ensure both the thief and the victim can keep the money. This differs to a conventional payment network, where an illicit transaction can be reversed, thus reimbursing the victim but also confiscating the proceeds of crime from the thief. The question then is: who is on the hook for reimbursing the victim?”

Wright was also allegedly to face potential claims from those that lost their investments in the Mt. Gox hack – see for example https://www.coindesk.com/markets/2021/02/25/mt-gox-victim-issues-legal-notice-to-craig-wright-over-stolen-funds-in-1feex-address/.

In December last year, evidence was put forward suggesting that Wright’s claims to ownership of the 1Feex address were false (see for example https://fullycrypto.com/craig-wright-1feex-wallet-claim-proved-to-be-false and https://medium.com/coinmonks/the-faketoshi-tale-of-1feex-5dbeb230a090).

The evidence put forward includes claims that Wright could not have bought have bought the bitcoin stored in the 1feex address from WMIRK in 2011, as he apparently claimed, because WMIRK only started dealing with Bitcoin in 2013. Further there were some significant inconsistencies reported with the paper wallet that Wright had included a photograph of in legal disclosures to support his ownership of 1Feex.

The fact that there was a paper wallet also raises the question of why Wright would not use the information from the paper wallet to transfer out the funds in the 1Feex address once it was compromised by hackers… rather than leaving the content untouched for the hackers to withdraw at their leisure… something which they appear to have yet to do as the address still has around 80,000 bitcoin.

The Bad

Having mentioned the Mt. Gox hack, we move onto another major hack – the Bitfinex hack in 2016.

On Tuesday last week (8 February) Ilya Lichtenstein and Heather Morgan were arrested in Manhattan for laundering money from the Bitfinex hack (https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency). Of an estimated total of $4.5 billion, it was announced that around 94,000 bitcoin worth approximately $3.6 billion had been seized.

It is believed to be the largest seizure performed by the Justice Department.

The IRS Criminal Investigation Cyber Crimes Unit were able to use advanced techniques to decode and track the movement of funds, with Assistant Attorney General Kenneth A. Polite Jr. stating (https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency) :

“Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system”

Similarly, Jim Lee of the IRS Criminal Investigation team said (https://www.linkedin.com/feed/update/urn:li:activity:6896867704545107968/):

“The work of our agents continues to show that the perceived anonymity of virtual currency is a myth. It can and is being tracked by our agency when used for criminal purposes”

What is perhaps intriguing about the arrests is that Lichtenstein and Morgan are not being prosecuted for the hack itself, but for laundering the proceeds. This could mean that further arrests are expected.

The two individuals involved certainly appear to be characters. While Lichtenstein apparently describes himself as an “occasional magician” (https://www.independent.co.uk/news/world/americas/crime/bitcoin-hack-couple-cryptocurrency-bitfinex-b2011417.html), Morgan, as well as having apparently published by Forbes, is a part time rapper under her pseudonym “Razzlekhan”. Morgan has described herself as “The Crocodile of Wall Street” (https://fortune.com/2022/02/09/who-is-crocodile-of-wall-street-heather-morgan-bitcoin-hack-bitfinex/).

An example of Razzlekhans music can be found on YouTube in the video for her single “Versace Bedouin” – https://www.youtube.com/watch?v=8IUyltbbFZM which is, according to the lyrics “for the entrepreneurs and hackers” and in which Morgan describes herself as “a real risk taker… badass money maker”.

On which note, I’ll move on to the “Ugly” section.

The Ugly

For the ugly section, I wanted to cover another story from last week. On Wednesday BBC was due to broadcast a documentary called “Birmingham’s Self-Made Crypto-Millionaire” as part of the We Are England series. A related article put up by the BBC has since been removed, but is still accessible through internet archive sites (https://archive.fo/6taZ8).

The article, and corresponding broadcast were to focus on Hanad Hassan, who claims to have made an investment of $50 into $8 million over just nine months – a simply staggering return. Hassan is also credited with starting his own cryptocurrency “to support charity” with friend and colleague Ahmed Mohammed.

The BBC appear to have accepted the story on face value, rather than digging into some fairly apparent red flags. Those that have dug into the story, such as The Guardian’s media editor Jim Waterson (https://twitter.com/jimwaterson/status/1491361991541538817) found that the cryptocurrency set up by Hassan (Orfano) had ceased trading, with many investors complaining of being left high and dry. The Guardian also ran an article discussing the BBCs retraction https://www.theguardian.com/media/2022/feb/10/bbc-cryptocurrency-documentary-pulled-from-air-at-last-minute.

Examples of information found by those digging into Hassan’s backstory include Twitter posts and reddit conversations between apparently disenfranchised investors – https://www.reddit.com/r/Orfano/comments/qhowu4/lol_what_happened_to_orfano/. Some claim that the whole setup was a scam.

Unfortunately, there are many scams involving cryptocurrency out there. Chainalysis reported (https://www.cnbc.com/2022/01/06/crypto-scammers-took-a-record-14-billion-in-2021-chainalysis.html via CNBC) that scammers walked away with $14 billion of cryptocurrencies in 2021 – a rise of 79% from 2020.

It was likely a good decision from the BBC to pull the article and programme, but it is still concerning to see claims such as those made by Hassan amplified by the likes of the BBC who have put together some fantastic content on cryptocurrencies, such as the excellent Missing Cryptoqueen podcast (https://www.bbc.co.uk/programmes/p07nkd84/episodes/downloads).

Remember, if an investment opportunity seems too good to be true, it probably is.