After a tech entrepreneur and investor lost his password for retrieving more than $600,000 in bitcoin and hired experts to break open the wallet where he kept it, they failed to help him. But in the process, they discovered a way to crack enough other software wallets to steal $1 billion or more.
Tech is not your friend. We are. Sign up for The Tech Friend newsletter.
On Tuesday, the team released information about how they did it. They hope it’s enough data that the owners of millions of wallets will realize they are at risk and move their money, but not so much data that criminals can figure out how to pull off what would be one of the largest heists of all time.
Their start-up, Unciphered, has worked for months to alert more than a million people that their wallets are at risk. Millions more haven’t been told, often because their wallets were created at cryptocurrency websites that have gone out of business.
The story of those wallets’ vulnerabilities underscores the enormous risk in experimental currencies, beyond their wild fluctuations in value and fast-changing regulations. Many wallets were created with code containing profound flaws, and the companies that used that code can disappear. Beyond that, it is a sobering reminder that underneath software infrastructure of all kinds, even ones explicitly dedicated to securing funds, are open-source programs that few or no people oversee.
“Open-source ages like milk. It will eventually go bad,” said Chris Wysopal, a co-founder of security company Veracode who advised Unciphered as it sorted through the problem.
The company shared its process and conclusions with The Washington Post before going public.
The risk of bad open-source code was laid bare in 2021 when it was discovered that Log4j, a ubiquitous tool used by software servicers that few consumers were even aware of, could be used to execute malicious code. The revelation panicked companies worldwide and made open-source security a top priority for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which is now pushing companies to map out all the programs they depend on.
“Every man-made technology contains flaws that originate within its creators,” Unciphered co-founder Eric Michaud said.
Stefan Thomas, the technologist who created the software used to create the wallets, told The Post that he had done so as a hobby and had taken the key part of the code from a program published on a Stanford University student’s page, not checking to see if it was sound.
“Instead, I was obsessed about making sure that I didn’t make any mistakes in my own code,” Thomas said. “I’m sorry to anyone affected by this bug.”
Unciphered is calling the flaw “Randstorm,” because it stems from wallet programs that created cryptographic keys that weren’t random enough. Instead of crafting electronic keys that were one in a trillion and therefore very hard for an outsider to forge, they made keys that were one in some number of thousands — a randomness factor easily hacked.
The person who set the ball in motion is investor Nick Sullivan, an early bitcoin believer who used the site Blockchain.info, since renamed Blockchain.com, to make a wallet in 2014. Not long after, he wiped his computer’s memory without realizing that he had not saved to his password manager the blob of letters and numbers that would give him access to his crypto account.
“It was a pretty frustrating set of circumstances,” Sullivan told The Post. At the time, he was out around $18,000. That amount is now worth more than $600,000 — enough to make it worthwhile for him to hire the hackers and National Security Agency veterans at Unciphered to try to recover it.
Unciphered, one of a handful of outfits dedicated to recovering trapped electronic funds for a fee, began searching for Sullivan’s money in January 2022.
ADVERTISING
It turned out that the information Sullivan had about how he had created the account wasn’t enough to let Unciphered’s experts crack the wallet. But in studying the problem, the Unciphered team uncovered a bigger issue: Thomas’s code, known as BitcoinJS, which was supposed to create wallets with random keys, didn’t always make them random enough.
Compounding the problem, Thomas’s BitcoinJS was used not only by Blockchain.info but also by many other sites from 2011 on, including the main source of wallets for the former joke currency dogecoin, Dogechain.info. An executive at that site’s owner, Block.io, did not respond to an email from The Post seeking comment.
“BitcoinJS is terribly broken up till March 2014,” Michaud said. “Anyone directly using it is on the very high end of risk to attack.”
Tech is not your friend. We are. Sign up for The Tech Friend newsletter.
On Tuesday, the team released information about how they did it. They hope it’s enough data that the owners of millions of wallets will realize they are at risk and move their money, but not so much data that criminals can figure out how to pull off what would be one of the largest heists of all time.
Their start-up, Unciphered, has worked for months to alert more than a million people that their wallets are at risk. Millions more haven’t been told, often because their wallets were created at cryptocurrency websites that have gone out of business.
The story of those wallets’ vulnerabilities underscores the enormous risk in experimental currencies, beyond their wild fluctuations in value and fast-changing regulations. Many wallets were created with code containing profound flaws, and the companies that used that code can disappear. Beyond that, it is a sobering reminder that underneath software infrastructure of all kinds, even ones explicitly dedicated to securing funds, are open-source programs that few or no people oversee.
“Open-source ages like milk. It will eventually go bad,” said Chris Wysopal, a co-founder of security company Veracode who advised Unciphered as it sorted through the problem.
The company shared its process and conclusions with The Washington Post before going public.
The risk of bad open-source code was laid bare in 2021 when it was discovered that Log4j, a ubiquitous tool used by software servicers that few consumers were even aware of, could be used to execute malicious code. The revelation panicked companies worldwide and made open-source security a top priority for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which is now pushing companies to map out all the programs they depend on.
“Every man-made technology contains flaws that originate within its creators,” Unciphered co-founder Eric Michaud said.
Stefan Thomas, the technologist who created the software used to create the wallets, told The Post that he had done so as a hobby and had taken the key part of the code from a program published on a Stanford University student’s page, not checking to see if it was sound.
“Instead, I was obsessed about making sure that I didn’t make any mistakes in my own code,” Thomas said. “I’m sorry to anyone affected by this bug.”
Unciphered is calling the flaw “Randstorm,” because it stems from wallet programs that created cryptographic keys that weren’t random enough. Instead of crafting electronic keys that were one in a trillion and therefore very hard for an outsider to forge, they made keys that were one in some number of thousands — a randomness factor easily hacked.
The person who set the ball in motion is investor Nick Sullivan, an early bitcoin believer who used the site Blockchain.info, since renamed Blockchain.com, to make a wallet in 2014. Not long after, he wiped his computer’s memory without realizing that he had not saved to his password manager the blob of letters and numbers that would give him access to his crypto account.
“It was a pretty frustrating set of circumstances,” Sullivan told The Post. At the time, he was out around $18,000. That amount is now worth more than $600,000 — enough to make it worthwhile for him to hire the hackers and National Security Agency veterans at Unciphered to try to recover it.
Unciphered, one of a handful of outfits dedicated to recovering trapped electronic funds for a fee, began searching for Sullivan’s money in January 2022.
ADVERTISING
It turned out that the information Sullivan had about how he had created the account wasn’t enough to let Unciphered’s experts crack the wallet. But in studying the problem, the Unciphered team uncovered a bigger issue: Thomas’s code, known as BitcoinJS, which was supposed to create wallets with random keys, didn’t always make them random enough.
Compounding the problem, Thomas’s BitcoinJS was used not only by Blockchain.info but also by many other sites from 2011 on, including the main source of wallets for the former joke currency dogecoin, Dogechain.info. An executive at that site’s owner, Block.io, did not respond to an email from The Post seeking comment.
“BitcoinJS is terribly broken up till March 2014,” Michaud said. “Anyone directly using it is on the very high end of risk to attack.”
