Kingpin: “This is how I ‘hacked’ a cryptocurrency wallet with 2 million dollars. Now I want to turn it into a job” | Technology

“I forgot the password,” his friend told Dan Reich, an electrical engineer and startup founder in New York. The password was for a wallet with Theta, a cryptocurrency. In 2018 the two had bought $50,000 worth of Theta and by the end of 2020, after never going over a few cents, it started to rise. In just three months the $50,000 was around $2.5 million. Reich’s friend who had forgotten the password is a professional poker player. His job is precisely to remember: “Remember the registration numbers of our friends from high school. He plays poker for a living playing 8 tables at a time and remember how dozens of different players play”, Reich tells in a web article about him.

There was an added problem. The crypto wallet, which is a kind of USB stick, was self-deleting after 16 wrong attempts. And they had a dozen. As a good electronics engineer, Reich knew there had to be another solution: “Chats with our friends were getting ridiculous,” he explains. “If we couldn’t find a technical way to release the money, we’d find a chemical way: we’d go away for a weekend and I’d feed him hallucinogens until he remembered the password.” The thing was serious.

In the end, after finding a mysterious secret Swiss group with a laboratory in Paris that did not convince them, he found Joe Grand. Grand is better known within the hacker community as the Kingpin. He was the youngest member of the legendary group L0pht, who in 1998 appeared in the Senate with their hair, suits and faces of nerds to answer a wonderful question from a senator: “I have been informed that in 30 minutes you seven can render the internet useless for the entire country.” “Correct,” they replied. Grand is now dedicated to giving classes and courses around the world. But, deep down, he says in a video call with EL PAÍS from his laboratory in Portland (Oregon, USA): “I’m still the 16-year-old hacker who likes to annoy people.”

Dan Reich told Grand about his case in February 2021. It was a time of pandemic and Grand spent time trying to figure out the solution. Grand is a hardware hacker, a special category within the world of him. The attack to retrieve the information inside the wallet had to be at the chip level, not just with code. In crypto, money is only accessible with your private key, which is what is kept in these wallets. Without that key, also protected by a low-digit password in the case of Reich, there is nothing to do.

Both agreed to record the entire process in a professional video. The recording was in May 2021, but the video was only uploaded to YouTube on January 24. In three weeks, it had the incredible figure of more than 4 million views and now it is already at 4.6 million. The 32-minute video manages to wonderfully explain the complexity of the technical attack process and the solutions that Grand is providing: “hacking It’s not what you see in the movies,” Grand says in the video. “It’s a big roller coaster, solving puzzles, forcing computers and hardware to do things they weren’t expecting to do, you want them to break their function in a way that you can control.”

Now Reich and Grand, along with others, are partners in a new company that primarily wants to help crypto owners who have lost access to their wallet. Grand does not explain the incredible success of the video, which had an article version in TheVerge: “Whatever it is, it shows that people have problems with cryptocurrencies, it’s not an easy thing to use,” he says. “They are overwhelming us with emails, hundreds and hundreds and hundreds of messages,” she adds. Some have come from Spain and Latin America.

Not all cases are of crypto wallets with lost money. There are people who have been scammed and are looking for help, others have an encrypted device and do not know how to access it. “But then there are some that are good, legitimate cases of problems that we can help with. It’s exciting to see this kind of response,” she says. The release of portfolios is especially interesting because its benefits are a percentage of the money recovered.

Grand has been in contact since last year with one of the most notorious cases of losing money. Although there are many more than we can imagine: a widely cited report by Chainanalysis says that 20% of bitcoins in circulation are ownerless. There are many billions of euros. James Howells threw away a hard drive that contained his keys and kept another just like he did not have them. His case has come out everywhere. The BBC has an article with one of the most obvious sentences in the history of journalism: “Howells says he wishes he hadn’t thrown away the hard drive.” It’s not hard to get into the head of someone who lives in a Welsh town and could have over €200m and doesn’t.

The problem, according to Grand, is community, not technical. To search the hard drive you need permission to remove the dump. “He’s been trying to come to terms with this fact for almost 10 years,” Grand explains of his talks with Howells. “I have hope. I believe that with the right processes and the right people it can happen. It’s a good story because he threw away a hard drive, but nobody cares. The question is how to benefit the community,” she explains.

The company that Grand has created is not the only one that has seen a gold mine in recovering lost wallets with millions in crypto. There is another problem in this sector: not all people who think they have millions really do. “I’ve talked to people who do this and they say they live in a constant state of disappointment. There are times when they tell you they have money and then you find 2 dollars. A lot of people exaggerate,” says Grand.

This new Grand business is not only a technical challenge, but also a vital one. With the Grand lockdown, he asked himself bigger questions than he usually does when faced with IT challenges: “I got burned. I lost the energy for engineering and even hacking. I had been traveling like crazy and designing products with really stressful 18-hour days,” he says. Those products were “passes” to access the famous Def Con hacker conferences, which are works of engineering art, with internal challenges of electronics, hardware, code analysis or cryptography. The task gave prestige within the community, but the effort required wears out.

“I ended up wondering what my life is like, why people are going to remember me. Everybody has done something maybe memorable and nobody is going to give a damn about it anyway, you become a footnote to something. So I accepted my mortality, I think. I came to the conclusion to only do what I like, ”she explains. Crypto wallet hacking came just at the right time.

With the calm of the lockdown, he was able to spend three months understanding how to attack Dan Reich’s crypto wallet. He was from the Trezor brand, perhaps the most popular. The software was out of date, which Grand took advantage of to carry out the attack. But he doesn’t have many problems with other challenges: “Everything is hackableeverything,” he says. Although the old version of Trezor’s software facilitated the attack, Grand has the resources to access new versions, which he does not disclose for now.

Trezor, of course, does not like being the protagonist of a video attack that millions of people see. They ran to confirm that this attack was useless today, that it was patched. Grand understands his position: “When something like that comes out, they don’t like it very much. And I feel bad and I would love to help them,” he says. But Grand has bigger causes: “My purpose is to make people think and see things they haven’t seen. It’s like kicking the hive a bit to get pressure and fix products or raise awareness. Be hacker it is to show that side that is perhaps controversial and that people may not like. People see it as magic, but it’s not,” he adds.

Grand created a card to trick parking meters in the city or a command to open garage doors: with each click the code it sent changed and in the end the door opened. “I promise I never used it for anything bad,” he says.

“I am a hacker that gives equal opportunities: I am not loyal to anything and I question whether I distrust everything”, he adds. For this reason, Grand is a “technological minimalist”: technology is his life, but he uses as little as is strictly necessary because he knows its risks. On the mobile it only has calls and maps, neither social networks nor email.

“I try to compartmentalize,” he says. “And I know that I am being tracked by my phone, when I use a smartphone. So there is a limit to that, but I am aware of what the technology is and what the companies that are giving it to you are doing with your data,” she adds.

“I don’t have any Amazon Echo or Alexa, because I know that even if they say it only listens when you say ‘hey Alexa,’ it’s not true, because it has to listen for it to hear you when you say ‘hey Alexa,'” he reasons. And he adds: “I only use what I need to use, and only if it has a specific purpose and I will not bring those things into the house unless they have a purpose.”

With his new project he hopes that people perceive the positive side of the world hacker: “People like to see what is hackers who do good things,” he says.

If you have more information on this subject, you can write to [email protected]

You can follow THE COUNTRY TECHNOLOGY on Facebook and Twitter or sign up here to receive our weekly newsletter.