zlacker

$4 billion has got to buy an awful lot of compute time, but still, how did they decrypt the file?

>>colinm+(OP)
A fancy (or even basic) dictionary attack has a very high chance of working.

>>raverb+y
$4B should buy a very, very fancy dictionary.

>>raverb+y
Random example but my passwords look something like chOf$Tyl83fhn@54R. I keep them written down because they are hard to remember. My threat model is no one. Seems so amateur to use a simple password that could be brute forced. Especially with so much on the line.

>>14+g3
>Seems so amateur to use a simple password that could be brute forced. Especially with so much on the line.

There's selection bias going on because only dumb criminals get caught, so you only hear about the dumb opsec practices of those criminals. Conversely, you'll never hear about the opsec practices of that professional crew with perfect opsec that hacked an exchange/difi contract and disappeared into thin air.

>>gruez+u9
Until the least bright member of the crew makes a mistake, gets caught, and turns in the rest. Being perfect is difficult to maintain forever, though it's possible in principle. It might require the thief to live like a grad student even though he has billions of dollars/euros worth of stolen wealth; being flashy attracts attention and if nothing else, the tax authorities.

>>not2b+Je
If a person is that financially rich but still has to live like a grad student, it seems like the only point of that wealth is to rebel against the legal system. Even if one isn't caught, there's still a loss of freedom to avoid getting caught.

I haven't studied criminology, but I alternatively suppose someone who does that just doesn't think that far ahead. This likely also explains why the vast majority of people with these capabilities choose to live a life in accordance to their country's laws.

>>14+g3
https://www.useapassphrase.com/

>>raverb+y
It doesn't unless you chose something stupid like "correct horse battery staple" or "word + word + number". 7 words chosen from 1000 word dictionary password encrypted AES 256 cannot be cracked with existing technology, 8 words impossible with future tech.

>>colinm+(OP)
>how did they decrypt the file?

keyloggers for example.

>>colinm+(OP)
Here is the most likely approach: https://xkcd.com/538/

>>lupire+R2
Should be able to get rainbow table with fucking octarine for that money…

>>openkn+0i
There's money laundering; have a front business and gradually mix in a bit of the illegal money and pretend it came from the business. That's how mobsters do it.

>>paulpa+7j
Is there any "standard" 1000-word dictionary?

>>colinm+(OP)
One route would probably be to start with a warrant to search their house in hopes of finding some passwords written down somewhere

>>not2b+UF
That's right; your comment brings to mind this scene where the character Saul Goodman explains money laundering in Breaking Bad (this clip is supposedly shown as part of university lectures): https://www.youtube.com/watch?v=RhsUHDJ0BFM

>>everyb+QJ
There is for example this https://www.kaggle.com/wjburns/common-password-list-rockyout...

But you can refer to https://hashcat.net/hashcat/

>>everyb+QJ
You wouldn't want to use that one.

>>everyb+QJ
bitcoin developers have taken a crack at it: https://github.com/bitcoin/bips/blob/master/bip-0039/bip-003...

>>paulpa+7j
This depends on the key derivation function used. PBKDF2 or BCrypt with strong enough difficulty factor makes even fairly short passwords difficult to crack. On the other hand, a straight SHA-256 hash method can be broken insanely quick with fairly long passwords.

>>paulpa+7j
Yeah, but at the end of the day these keys have to be used by human beings so the passwords were likely something practically sized and easy to use.

Especially since in general the likeliest failure mode would be the user forgetting the password to their millions of dollars worth of Bitcoin keys, followed by someone attacking the password.

>>14+g3
> I keep them written down because they are hard to remember.

With the Feds involved, that would be sufficient to crack the data.

>>colinm+(OP)
Is it me or should he have literally just gotten a hardware wallet, transferred everything to that account, then burned the old key?

Of course that txn would show up on-chain, but if you don't have possession of the private key for the first account, and no digital device has ever "seen" the hardware account then he would've been fine.

This is assuming the key piece of evidence was his private key, and he wouldn't have been prosecuted without it.

Additionally, putting your key in cloud storage sounds like the dumbest thing ever... Just memorize your seed phrase and write it down. Its 4bn for christ sake.

>>Gasp0d+di
"Lorem ipsum dolor sit amet"

"Approximate Crack Time: 61,103,576,810,655,170 centuries"

Yeah, sure:)

>>fisher+PL
Under what premise are they getting the warrant?

This absolutely sounds like parallel construction.

>>gruez+u9
Minor conspiracy theory:

Or, the TLA involved have some sort of crack or acceleration procedure; the TLA say "the criminals were dumb" because the people involved can't combat that without admitting guilt, and who'd believe them. The real reason is the TLA used illegal access and tools that we wouldn't be happy they're using against the civilian population? Oh, and the people using the tools are guilty by association so they're inhibited from whistleblowing.

>>tevon+MX
Yeah, a hardware wallet is good, although for a billion dollars, 100 hardware wallets would be better. Could even go so far as to split a private key into seven horcruxes using Shamir's Secret Sharing and bury them in locations around the world.

Memorizing a seed phrase leaves you vulnerable to a $5 wrench attack, I wouldn't recommend it.

>>pshc+v61
> Memorizing a seed phrase leaves you vulnerable to a $5 wrench attack, I wouldn't recommend it.

Of course the problem is the attacker may not know what method you used and resort to the $5 wrench attack anyway :)

Not stealing $3.6B might be an even safer bet.

>>pshc+v61
The famous Bitcoin family reportedly spread their hardware wallets across the globe.

https://www.cnbc.com/2021/08/11/bitcoin-family-hides-bitcoin...

>>tevon+MX
> Just memorize your seed phrase and write it down.

The article mentions he had many wallets.

>>hnburn+Bc1
The article suggests each location contains 100% of the key, not using Shamir’s Secret Sharing.

> Taihuttu is trying to put a crypto cold wallet on every continent so it’s easier to access his holdings.

I hope it’s at least encrypted with an additional passphrase, otherwise it’s only as strong as the weakest bank’s security.

>>hnburn+Bc1
Wow.

> Taihuttu has two hiding spots in Europe, another two in Asia, one in South America, and a sixth in Australia.

> We aren’t talking buried treasure – none of the sites are below ground or on a remote island – but the family told CNBC the crypto stashes are hidden in different ways and in a variety of locations, ranging from rental apartments and friends’ homes to self-storage sites.

I hope this is all a decoy or else it’s the worst opsec I’ve seen since about five hours ago.

>>hnburn+Bc1
Or the Winklevoss twins who store their codes in separate banks across the country.

>>pshc+lf1
I would not want to be a friend to the sort of idiots who would say stuff like this. Having a target painted on my back as a decoy somehow makes it even worse.

>>square+eY
Well, that one isn't in Have I Been Pwned's password database, so it may in fact be somewhat secure.

>>pshc+v61
Reminds me of the man who was sent to jail for refusing to reveal his keys. think this happens alot.

https://arstechnica.com/tech-policy/2020/02/man-who-refused-...

>>14+g3
You wrote them down - where do you store them? Seems like bad opsec if you are at risk of search and seizure...

>>antihe+os
I LoL so hard at this one... A fellow Discworld fan!

>>gruez+u9
Or the one that stole $3.9B worth, went to great lengths to put $3.6B where it could get tracked down, but linked to somebody else. Then they took $200M and made it even harder to track down, but linked to somebody else. Then they kept $100M with insane opsec knowing that the incentive to recover it had been reduced by 90+%.

>>tevon+MX
With a hardware wallet there is still a paper trail that you bought the device. So the feds will be looking for them.

Printing the paper wallets, putting them in a $1 glass jar with a silica packet and burying in your back yard would have been 100 times smarter.

>>everyb+QJ
Not 1000, but the EFF diceware long word list has my vote.

https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt

>>pshc+v61
You don’t need splitting the private key. Bitcoin has multisig setup. For example, you can setup your wallet such that 6 out of 10 private keys need to sign in order to transfer funds. Spread that 10 private keys out. Or 3 out of 10. Or 2 out of 5. Any n out of m.

>>pbhjpb+S31
I assume they’d get it on roughly the same basis as the warrant they got for the cloud storage.

I’m also curious what here looks like parallel construction to you - I thought the statement of facts was surprisingly mundane, but perhaps I missed some red flags?

>>nether+HT1
You're right, gathering multisigs would be much safer than gathering SSS shares because you wouldn't be carrying around bits of the private key.

>>foxyv+yO
>fairly long passwords

how long are we talking?

>>pshc+v61
For the attacker, the problem isn't about protecting the crypto but to launder.

If gov got to you, it probably doesn't matter how well you got it protected.

>>pshc+tX1
Any single SSS share does not disclose any additional information about the private key (i.e. it is not like splitting the key itself into parts).

>>paulpa+7j
That depends entirely on the hash function being used.

With a bad choice like SHA256, a 7 word passphrase could be cracked in as little as a few months with a single ASIC. The US government probably has a bunch of them already, so I think that an 8 word passphrase is already within reach for current tech.

Of course, with a real key derivation function like Argon2id, things would look much better.

>>anon77+jA1
There is zero link between a hardware wallet's private key and the original account that purchased the wallet.

>>colinm+(OP)
Private key was uploaded to cloud storage that Feds had access to with a search warrant.

>>sratne+lc2
And SSS also allows n out of m.

>>GekkeP+f91
still: physical threat + seed phrase cracked > physical threat

>>pshc+v61
You're still memorizing the seven locations around the world. It's the same thing with extra steps.

>>tevon+MX
There really is no such thing as a "hardware wallet."

>>grwgre+Ra2
I never really did the math before but I whacked something together real quick in Excel. At $0.30/THash BTC we can come up with some cost expectations for password lengths. Here I will use a 74 possible character password using 26 upper and lower case letters, 10 numbers and 12 symbols. Totally random of course. Using (Possible Chars ^ Password Length) as the number of combinations and guessing we will find our answer at about %50 of our guesses. (See! Super rough)

With SHA-256 it takes about $21 to crack a 6 character password.

$1500 to crack 7 characters.

$108,330 to crack 8 characters.

$7.8 million to crack 9 characters.

$561 million to crack 10 characters.

$40 billion to crack 11 characters.

$3 trillion to crack 12 characters.

$200 trillion to crack 13 characters.

Edit Note: BTC is kinda expensive per hash right now. Usually this would all be cheaper. Past 14 characters it could be 1 cent and still outrun the usual US budget for a couple years.