Michael Stay, a former software engineer with Google and the current CTO of smart contract and decentralized application (Dapp) firm, Pyrofex, claims to have successfully hacked a zip file containing the private keys to over $300,000 in Bitcoin (BTC).
In a blog post, Stay says that his journey began when he received a message from “a Russian guy” on LinkedIn about six months ago.
The Russian had read a paper authored by Stay in 2000 describing a technique that he had used to successfully attack zip files.
“He had read that paper I’d written 19 years ago and wanted to know if the attack could work on a file with only two files, Stay writes, adding: “A quick analysis said not without an enormous amount of processing power and a lot of money.”
“Because I only had two files to work with, a lot more false positives would advance at each stage. There would end up being 273 possible keys to test, nearly 10 sextillion. I estimated it would take a large GPU farm a year to break, with a cost on the order of $100K. He astounded me by saying he could spend that much to recover the key.”
The files contained the private keys to what had been roughly $12,500 in BTC when the Russian purchased the coins during 2016. “Now they were worth upwards of $300K and he couldn’t remember the password,” says Stay.
“Luckily, he still had the original laptop and knew exactly when the encryption took place. Because InfoZip seeds its entropy using the timestamp, that promised to reduce the work enormously—”only” 10 quintillion—and made it quite feasible, a matter of a couple of months on a medium GPU farm.”
We made a contract and I got to work,” he adds.
After several months of testing, including the discovery of a bug in his GPU farm, Stay claims to have cracked the file and returned the private key to the Russian.