BLOCKSMYTH

Trusted Recovery

Crypto Wallet recovery

You’ve heard of crypto for years now and you finally decided to get into it. The first thing you need to do is get a wallet to store all your assets. You picked one and start setting it up. “Do you agree…?” ‘Yes, yes, just get on with it.’ You say to yourself. “Have you written down your passphrase because…”. ‘Yeeess! Keep it moving’. Finally, the setup is done and you can start buying your favourite crypto. Fast forward a few months or years and the device you setup your wallet on has been lost, stolen, broken, whatever and you’ve lost access.

Sound familiar? If your thinking thats crazy, no one would ever do that. Think again. We are approached by clients daily who have found themselves in this exact scenario. The reality is, everything we do requires a password of some kind. According to a report by NordPass, the average person has around 100 passwords. This number can vary depending on the individual’s online activity and the number of online accounts they have. Its a mission to remember all these and most of the time we use a common password of something familiar to us so we think ‘Its ok ill remember it’. Unfortunately, we rarely do remember. Fortunately, almost all sites and platforms have a “forgot password’ feature. All? No quite.

Enter the world of crypto…

Different Types of Crypto Wallets

Broadly speaking, there are two types of crypto wallets: 1) Self-custodial and 2) custodial 

A corner stone of crypto is that you have full control over your assets. Theres no institution you need to trust with your funds. This has great benefits but the catch is, ONLY YOU have control over your assets. If you lose access to your wallet, theres no support line to call. No ‘forgot password’ button. Remember those little warning messages you clicked yes to? Thats what they were explaining. If you didn’t write down the seed phrase or private key, theres no getting the funds back.

These type of wallets are called ‘Self-custodial’ wallets, also called non-custodial wallets. In other words, you and you alone are the custodian of the wallet. 

Its a little like putting your valuables in a lock box and burying them somewhere in the desert. Fantastically secure as no one else on earth knows where the box is unless they have the coordinates. But lose them and you would be ‘attached to another object by an inclined plane wrapped helically around an axis’.

Custodial wallets though are a little more forgiving. Generally one is automatically generated for you when you sign up for an exchange. They are very convenient since the exchange stores all the information and you just sign in with your regular credentials like ‘username’ & ‘password’, or even google credentials. If you forget your password, your CAN just hit the reset button and alls well. The down side is that you generally don’t have access your wallet should something happen to the exchange ( ala ftx ). 

So, each has pros and cons

By this time you may be thinking, “Hang on, I thought you offered a wallet recovery service?”. Lets explain how this is possible…

How Wallet Recovery Works

Wallet recovery is more like search and rescue than magic. 

What happens when someone goes missing at sea? Does the coast guard immediately jump into helicopters and boats and fly off into every direction in hopes of stumbling across the person? Well they could. But there are few issues with that. Firstly, the person adrift in the ocean can only last so long without succumbing to thirst, heat, exhaustion etc.  Second, it costs a lot to run several boats and helicopters day and night with full crews. 

In order to have the best chances of finding the person they need information and expertise. What was the persons last location? How far and in what direction would the currents in that part of the ocean likely carry the person? That would narrow down the search grid considerably. Then, specialised search patterns are used to maximise the coverage of an area.

Recovery is the same. We COULD start by trying every possible password possible until we find the right one. But lets see what that might look like:

26 Characters In the English alphabet. Letters a-z, lowercase. This is called a character set.

10 numbers, 0-9.

33 special characters, #$*) etc.

So if you have a password of 8 characters in length containing all these character sets, the possible passwords look as follows:

First-position: 26 + 26 + 10 + 33 ( 4 character sets ) = 95 possible characters for each position

95 x 95 x 95 x 95 x 95 x 95 x 95 x 95 = 6,095,689,385,410,816 possibilities

Modern GPU’s have made possible incredible computing speeds. A typical one can manage 300,000Hashes/second if all goes well. Thus it would take 642,000 years to crack. Starting to look like the ocean isnt it?

So how do we recover it? Not by flying off in all directions.

Stage 1: Social Engineering Attack

Gathering all the information we can about the person who created the password. This is also called social engineering.

As people we tend to use the same pattern of passwords. Childs name + birthday + special char ( for ultimate security 🙂 ). Patterns like this are common. So now we can narrow down the possibilities. 26 x 26 x 26 x 26 x 26 x 10 x 10 x 33 = 12,658,189,760 possibilities

This would take approx 11.7 hours. 

Ok well thats a different scenario altogether. We might actually save this one!

Of course, we are making a number of assumptions here: 1) the password is 8 characters in length 2) it follows a common pattern. 

This is not always the case. But we start with the most likely candidates and work out from there. 

Stage 2: Dictionary attack / Common passwords

Should the above method not produce results we move on to common passwords and mutations thereof. Over the years there have been many leaked passwords made public on the internet. Oddly enough ( not really ) people use the same passwords. So we give these a try.

Stage 3: Brute-force attack

As a last resort we use a brute force attack, like we demonstrated above. 

Remember we’re using powerful GPU’s to make all these attempts and these cost. As resources are stretched and likely candidates dwindle, the process begs the question, ‘Is this worth it?’. Especially in Crypto, wallets often have substantial balances justifying spending a decent amount in recovery costs. 

Critical note:

In order for any of this to work, we need an encrypted private key or backup wallet file. 

Thinking of this as a key and lock situation. We can attempt to ‘break’ the lock but first we need one.

There is also the possibility of recovering a wallet by means of either a partial or scrambled seedphrase.

Tips for successful recovery

As we’ve mentioned, the chances for a successful recovery increase exponentially the more information we have before starting out. when a legitimate recovery service asks for your information it may feel invasive. Its paradoxical that we’re so guarded about our private information ( and rightly so ) and yet so much of it is out there on social media for unethical parties to exploit anyway. Be assured though, a professional service will guard your information as closely as their own, if not more.

Preventive Measures to Avoid Wallet Recovery

“Prevention is better than cure” – someone perhaps famous

Its true though. So, Write down your private key and passphrase.

And when you have, store it somewhere safe! More on this in a future article.

The future of wallet recovery

As long as there have been passwords and ciphers, there have been those cracking them. ( ever seen national treasure? ). In truth, there are very few unbreakable passwords. Technology is ever advancing and more readily available. Currently anyone can rent a GPU capable of 1150Teraflops. Whats that mean? The same password we mentioned earlier, that would take an averagely good GPU 11hours would take this GPU 11 seconds. That bears repeating:

12,658,189,760 passwords in 11 SECONDS!

Corporate and government clusters can do even better.

Algorithms and cracking methods will continue to advance but human behaviour will always be human behaviour. So the future of wallet recovery is looking bright 🙂

Conclusion

Cyrpto and the tech space is complicated and sometimes scary, we know. But we’re here to help you. In the weeks and months to follow we’re going to be producing some great content to help you navigate it, use it, profit from it and even love it!

Stay safe!

Theres never been a better time to recovery your lost crytpo

let us help you recover your funds and put your money to work before the next Bull Market