The quest to liberate $300,000 of bitcoin from an old ZIP file

Getty Images

reader comments

58 with 49 posters participating

In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys—and wanted Stay’s help getting his $300,000 back.

It wasn’t a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published a paper detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in.

In a talk at the Defcon security conference this week, Stay details the epic attempt that ensued.

Zip is a popular file format used for “lossless” compression of large files, like the little drawstring sack that can somehow contain your sleeping bag. Many implementations of zip are known to be insecure, to the point that US senator Ron Wyden of Oregon called on the National Institute of Standards and Technology last summer to investigate the issue. “If we find the password successfully, I will thank you,” The Guy wrote with a smiley face. After an initial analysis, Stay estimated that he would need to charge $100,000 to break into the file. The Guy took the deal. After all, he’d still be turning quite the profit.

“It’s the most fun I’ve had in ages. Every morning I was excited to get to work and wrestle with the problem,” says

Continue reading – Article source