Ex-Ripple CTO can almost reach his 7,002 Bitcoin

In 2011, software developer Stefan Thomas published a YouTube video about the still-unknown cryptocurrency Bitcoin. As a thank you, a fan sent him 7,002 Bitcoin. The gift, which was worth several thousand dollars at the time, was stored on an IronKey brand USB stick. These are considered particularly secure. After ten incorrect password attempts, the contents are deleted. One suspects: Thomas, CTO at Ripple between 2012 and 2018, misplaced the piece of paper with the password - can no longer access the asset, which is now worth $240 million. He has already had eight failed attempts; two remain.

The IT company Unciphered claims to have developed a new procedure that bypasses the lock. This is also explosive because the IronKey procedure was developed to secure highly sensitive data. But it seems Stefan Thomas is in no hurry at all.

Not your keys, not your coins

It sounds like the long-awaited breakthrough: the developers of Unciphered claim to have found a method to bypass the password function of the particularly intractable IronKeys, which is limited to ten attempts. As proof, they cracked the password lock of an editor of the tech magazine Wired. It would have taken 200 trillion attempts, all performed by a powerful computer. In the end, however, they found the three-word passphrase.

They took the success story to Stefan Thomas, whose business has been well-known in the cryptoscene for several years. They didn't believe their ears: Even before it could come to negotiating orders, Thomas was talking back. Two other companies had already been awarded contracts, he said, and had priority, even though they had not yet found technology. After 12 years, he seemed to have exercised patience.

"We came in."

In a public letter the company Stefan Thomas has now offered help again. In it they also hint how they succeeded. In detail they do not go - professional secrecy. But also because "most devices certified for this level of protection are used to store sensitive government data." IronKey was actually co-funded by the U.S. Department of Homeland Security. It was intended for the U.S. government, military and intelligence agencies.

"We started by reverse-engineering all the communication protocols between the chips, then the controller firmware and cryptographic implementation details, and finally we merged all aspects of how your device works," said the succinct implementation. It said it had "invested millions of dollars in building the technological and legal infrastructure." A few images of the test rig were obtained by Wired.

According to the statement, a USB flash drive was scanned and taken apart using computer tomography. The chip was cut out with a laser cutter and dipped in nitric acid, then the epoxy layers were removed. A silica solution and felt pad were used to abrade the chip, and each layer was photographed with an optical microscope or a raster electron microscope. The developers repeated the process until they could create a full 3D model of the processor.

"Then we researched everything we knew about the device and used the expertise of some of the best hardware hackers, crypto-mathematicians and exploit developers in the industry to look for signs of vulnerabilities," Unciphered explains. "After we accomplished this feat the first time, we trained and practiced. We had to make sure that every aspect of the hack was repeatable. And since then, we have repeated this process thousands of times."

More than three million Bitcoin lost

Even if Stefan Thomas does not take him up on his offer, there are plenty of peers who could get their hands on Bitcoin they thought they had lost using the new method. Especially in the early days, when it was not foreseeable that there would ever be much money to be made from Bitcoin, passwords were handled carelessly. The analysis company Chainalysis estimates that 3.7 million Bitcoin could be lost forever.