The man who lost and recovered $300,000 worth of Bitcoins from a zip file

Imagine you bought a lot of BTCs when they still had single or double digit prices, but you forgot them inside an encrypted zip file, so now you want to recover those private keys. What would you do? Well, read this story of how Michael Stay managed to recover $300,000 in Bitcoin from an old encrypted zip file.

Crypto scams: New kind of extortion through Bitcoin, sextortion

The $300,000 Bitcoin story in a zip file
In this real-life story, a man contacts a former Google security engineer to help him regain access to his Bitcoin private keys, and with it, recover more than US$ 300,000.

The former engineer is Michael Stay, but… how did this person get to him? The Internet is the answer. Specifically, through LinkedIn after the owner of the BTC read an article published by Stay, nineteen years ago, about a technique for breaking encrypted zip files.

This person invested around US$ 10,000 in BTC during January 2016, long before the boom. However, for security measures, he had encrypted Bitcoin’s private keys in a zip file and forgotten the password. Tragic.

In order to meet the challenge, Stay estimated that he would need to charge US$100,000 to get into the archive. The owner of the BTC accepted the deal. After all, he’d still be making big profits. Once the work began, it was fun for Stay in his own words.

„Every morning I was excited to be able to work and struggle with the problem,“ says Stay, who today is the chief technology officer of the blockchain software development firm Pyrofex. But while some zip files can be easily decoded with standard tools, the protagonist of this story wasn’t so lucky.

How did Michael Stay know that the person was telling the truth and that he owned those cryptomonkets?

Mainly because the person who contacted him still had the laptop he had used to create and encrypt the zip file.

Other clues to getting the hard work started, Stay knew which zip program had encrypted the file and which version was running. He also had the time stamp from when the file was created, which the Info-ZIP software uses to inform its encryption scheme.

However, from a massive set of passwords and encryption keys, Stay was able to narrow it down to something close to quintillion possibilities. As they delved deeper into the project, Stay was able to refine the hack to the archive and reduce the amount of time it would take to produce results.

„We spent more time developing the hack, but only needed to run it for about a week. That saved the guy a lot of money on infrastructure costs,“ he explained.

By February, four months after LinkedIn’s first message, they started hacking. It worked for 10 days and failed. Stay later wrote that he was „heartbroken. So, while they were trying to decipher the error, Crypto Cash price was falling and the owner of the BTC was becoming more impatient.

However, after a few revisions to their random code generator program, they succeeded: they broke the encrypted key of the file.

In the end, the infrastructure costs of executing the hack increased from $6,000 to $7,000, instead of the approximately $100,000 they had originally estimated. The owner paid approximately a quarter of the original price.

In this case, decryption was possible because he used an older version of Zip, but, according to Stay himself, if the person had used a slightly newer version of Zip, it would have been impossible.