A Bitcoin veteran and his father recently discovered the theft of ~25 BTC ($919,000) HODLed since 2012 ❗❗❗
In this article, we will review:
👉 What did it happen
👉 How the theft could have been prevented
👉 What is our take on how the theft took place
What Did It Happen?: Seed Phrase Exposed
A video by @RMessit (aka Rick) posted on Twitter (X) revealed that the seed phrases to their Bitcoin wallet were stored in a self-hosted password manager, KeePass.
The KeePass vault was protected by a 30-bit password (too weak❗❗❗) known only to the father and son, but it was breached.
While uncertain about the breach, Rick suspects the following:
☠️ Most probably the device, where the password manager was installed, had been hacked
☠️ And the hacker was able to install a keylogger or was able to crack the 30-bit password.
What they did do correctly?
Rick and Father had the seed phrases stored using a 'relatively' secure system (Even though we know that there can be a lot of debate if the system was secure enough or not...).
The password to access the password manager was not written or stored anywhere but in their heads.
What could have been improved?
The password manager was stored in an electronic device (most probably a laptop or mobile phone) that can be hacked.
Rick and his father, while knowledgeable, may have underestimated the security and safety threats that we all are exposed to.
The 30-bit password is far too weak, as described by the KeePass Password Quality Estimation Page.
👉 Learn about entropy using this Password Entropy Calculator
Secure Your Crypto Assets with Hardware Wallets
In the video, Rick urges Bitcoin users to adopt hardware wallets for cold storage.
Why does Rick give such advice?
Unlike a password manager, a hardware wallet is not exposed even if your laptop, computer, or mobile device becomes compromised.
- Offline Storage Isolation: Unlike software wallets or password managers on internet-connected devices, hardware wallets store private keys offline. This isolation from online threats makes it extremely difficult for hackers to gain unauthorized access.
- A more Secure Element: Hardware wallets are equipped with a secure element chip, providing an extra layer of protection. This chip is resistant to tampering and unauthorized access attempts.
- Immunity to Keyloggers or Malware: Since the private key never enters an online device in an accessible format, it is immune to keyloggers. Even if a user accesses their hardware wallet on a compromised computer, the private key remains secure
👉 But, ❗❗❗ take note because this is very important ❗❗❗, if you do not SAFELY STORE YOUR HARDWARE WALLET SEED PHRASE AND PRIVATE KEY you will find yourself in a similar unpleasant and stressful situation:
- If you store the seed phrase or private key in an electronic form, they may get stolen, the same as what happened to Rick.
- You may want to consider storing your seed phrase and private keys in written form (on a piece of paper) and storing them in a safe place, like a home safe, protected from robbers and accidents.
- In any case, if you have any valuable amount of crypto or digital assets, you want to learn how to protect them from hacks, scams, and accidents by increasing your crypto safety knowledge and applying good safety practices.
The Efforts to Track Down the Thief - Community Support At Its Best 👍
Bitcoin enthusiasts have initiated efforts to trace the stolen coins.
👉 @coinableS observed the hacker's reuse of Bitcoin addresses and identified weak attempts at coin mixing.
👉 The hacker withdrew funds to one of his addresses from Binance's hot wallet, prompting Rick to seek assistance from Binance and its founder, Changpeng Zhao (CZ), in identifying the culprit.
👉 If the stolen funds are recovered, the victim plans to keep 1 BTC, allocate 1 BTC to charitable causes, and reward the bounty hunter with the remaining recovered amount.
Our Take On What Could Have Happened
It is suspicious that after 10 years of HODLing, the crypto was stolen while on a trip.
Rick has stated that most probably the device where the password manager was installed was compromised.
Based on that, we can speculate about the following two scenarios as a possible cause for the theft:
Scenario 1: Rick or his father connected to an unsecured network and they were victims of a Man-in-the-Middle (MitM) attack.
In our post 'Be Careful! A Surprisingly Simple Way To Bypass 2FA' we explain how MitM attacks can be used to bypass 2FA. But MitM attack can be used to inject malware into the victim's device. And that malware can be used to spy on the victim's activity.
Scenario 2: Rick and his Father were identified by hackers as high-value targets
It gives the impression that Rick and/or the father didn't keep a low profile.
We don't know to what extent their portfolio was made public but if a hacker group figured out that they hold +25 BTC, that made them very vulnerable.
They are not the first to be hacked due to maintaining a public profile.
In our previous posts, we have explored two similar cases:
If you think... How could this happen?
Well, with enough information and technical expertise, an organized group can 'easily' take over digital accounts and electronic devices.
As an example, have a look at this article explaining how a simple-looking cable can be used to hack your mobile devices.
If you hold a valuable amount of crypto assets:
- You may want to keep a low profile
- Or pump up your crypto and digital safety and security as much as possible
Our most sincere appreciation goes out to @RMessitt for his openness, allowing us all to learn valuable insights from his unfortunate experience.
As well, our sincere gratitude extends to the Crypto Community for showing outstanding support and actively participating in efforts to aid Rick in recovering the stolen cryptocurrency.
@RMessitt, we empathize with the anguish and stress you and your father are enduring. Our deepest apologies that you find yourselves confronted with such a distressing ordeal.
The reality is that anyone can fall prey to hacks, scams, or unforeseen accidents. However, as we collectively increase our understanding of these risks, the likelihood of such incidents decreases.
If any member of our community faces adversity, let us stand united in providing unwavering support for one another.
Together, we can navigate and overcome the challenges posed by the ever-evolving landscape of digital assets.
Congratulations on completing this 5-minute digital safety power-up.
We hope this short article has helped increase your digital safety knowledge and awareness, and the 5 minutes read was worth the time.
For more 5-minute Power Power-Ups, please consider subscribing to our blog.
Alternatively, please visit us at www.cryptosafetyfirst.com