In January 2016, a veteran tech journalist named Mark spent $3,000 to buy 7.4 Bitcoins, cryptocurrencies that use the blockchain to register transactions on their network. At that time it seemed very beneficial because his experiments with Bitcoin had been great. He Previously used it in Meltdown Comics in Los Angeles to purchase graphic novels. But he had no way of knowing that this deal would trigger a wild race to prevent losing a small fortune. The coins have almost tripled in value since he bought them and his cryptocurrency inventory started to turn into some real money. Numerous Bitcoin online services keep their customers’ Bitcoin keys. This means that accounts are susceptible to piracy, as was the case for MT. Gox lost 850,000 Bitcoins to clients’ accounts in 2014. Bitcoin experts told Mark that the most secure way to protect his cache is to use a ‘ Hardware wallet’, a USB key that records each user’s Bitcoin keys and enables him to approve transactions without revealing these keys on the Internet so that they are not captured by malicious actors.
Mark stored his Bitcoin keys in an online wallet, but he wanted to move them to a safer place so he picked a device called Trezor which the manufacturer described as “bulletproof”. After setting up his Trezor device, he was asked to write 24 words randomly which are recovery words that he can use to create his Bitcoin master private key, also to create a personal identifier number. He wrote them on a piece of orange paper so he wouldn’t forget them.
After that, he switched his currency from his web wallet to Trezor and then threw both the Trezor and the orange piece of paper into his home office drawer. Then he decided to hide the paper under his daughter’s pillow, and after a while, he returned to search for it but didn’t find it. later his wife Clara remembered that they had requested the cleaning service when they were outside the country. so she called the housekeeper, who said she had found it but she did throw it away. Mark put on a pair of nitrile gloves and went to the recycling bins to look for them. But nothing but eggs boxes and espresso grind. Now he will need to send all of Trezor’s bitcoins to an online wallet, reformat Trezor, create a new word list, and return Bitcoins to Trezor. All he had to do was to remember his PIN and which he thought was 551445. He plugged Trezor into his laptop and entered his number. But the PIN entered was wrong. He thought he made a mistake when entering the number, he tried again, making sure to enter the numbers correctly this time but the Pin is wrong again. He then changed the number to 554445 but it was incorrect.
Well, what about 554 145 ? …
“The wrong PIN entered”.
How is that possible? He had entered his number more than 12 times in the preceding month!
The countdown began, He had to wait a few seconds before he could try another PIN. During that time, he visited the wallet manufacturer’s website and unfortunately found that the delay doubles each time an incorrect PIN is entered. The Hucker will have to wait longer than the PIN check-in time, meanwhile, the customer will have enough time to transfer his money to a new device or wallet from the hard copy backup. He made many guesses until he started to feel nausea after his sixth attempt. His PIN was delayed 2,048 seconds or close to 34 minutes. He didn’t even save the PIN code in the Password application and He will likely drop off his 7.4 bitcoins and forever. His mind now is suffering from the mixed switching of PINs and He can think of nothing except the pin. Suddenly, a number popped up in his head: 55144545, He went to the office, he typed the code and, as usual, the PIN code was entered improperly and he had to wait an additional 4,096 seconds to try again.
He was barely able to sleep that night and he had nightmares about the numbers. It wasn’t the $8000 that bothered him but he was ashamed of being stupid enough to lose the paper and forget the PIN. He also hated the fact that bitcoin might increase in value and that he would not be able to access it. He received an email on the Reddit forum from a user with the Zero404cool handle stating that all his information is still stored inside Trezor and that there are people who know how to get all the information necessary to make his wallet work again. In another email, he was asked to keep Trezor safe and not to try different PIN codes to get back all his bitcoins. He thinks that zero404cool could be smarter especially after reading about the actions trezor took to make its devices impenetrable by hackers. The manufacturer has also confirmed that Trezor can withstand any attempt of piracy and the site stated that the installation of an unofficial firmware designed to unlock the PIN and keywords will only affect Trezor’s storage space. He sent an email to Trezor explaining his whereabouts and he received a link Telling him that a PIN or a basic redemption code is required to access his money and without knowing at least one, nobody can access the funds stored in that account. In the meantime, zero404cool sent him a direct message on Reddit offering help. It said that a professional can extract all the information in just 10 seconds, but his ID has to be verified first because he could be hacking into someone else’s account. so he gave them his name on Google to figure out whether they can trust him. After some time, they inform him that they can proceed with this recovery, but they are busy at the moment and he must wait. And ever since, he hasn’t heard of them. He went to the hypnotherapist Michelle Guzy hoping she could help him remember his I.D.The exercises brought nothing into his mind. He felt relaxed, but he did not feel hypnotic. After nearly four hours in her office, he decided the PIN was 5514455 but when he tried the number, Trezor told him it was incorrect. Now, he had to wait 16384 seconds or around four and a half hours, so he can try again.
No matter how hard he tried to stop thinking of bitcoin, he couldn’t. What made it even worse is the fact that the price of bitcoin was increasing sharply. According to John McAfee, a software entrepreneur, a Bitcoin would be worth over $500,000 within three years.
He could not escape the fact that the only thing that could stop him from acquiring a fortune was a single number. He received another email from Satoshi Labs, the manufacturer of Trezor indicating that there is an update aimed at solving a security problem affecting all devices that have firmware versions and that he has to update his firmware as soon as possible. And to make sure of that, he googled it. He found an article in Medium entitled “Trezor Security Flaws Reveal Your Private Keys” published by someone who claims that he knows how to hack a Trezor device using the vulnerability mentioned in an email. It was the same guy who texted him on Reddit five months ago! He accessed his previous private messages with zero404 and discovered another message from him two months after their last contact, in which he says that he discovered his PIN, yet he requested that he receive half of the coins recovered to give it to him. Before accepting the offer, Mark thought about asking a Bitcoin expert named Andreas M. Antonopoulos, author of the Internet of Money. He asked him whether the vulnerability could provide an opportunity to retrieve his Bitcoins. The man told him that the vulnerability described in the article can be used to recover the money, but only if the customer has not yet updated the firmware, Because doing so will wipe the storage on the Trezor device, permanently erasing the metadata and pin. Then told him about a teenager, “a programming expert who did excellent work on Trezor named Saleem Rashid and he suggested speaking privately with him on the Telegram app.”
Mark gave Saleem 0.05 BTC ($ 200) in advance and promised him an additional 0.2 BTC ($ 800) if he could manage to get him back his coins. To do that, Saleem needed an open-source Ubuntu Linux operating system to install on an old MacBook Air. It took him so long that he raised the price. He Wanted the equivalent of $ 3,700, four times the original fee, but he was worth it and it was a much better deal than the one offered by zero4040cool. After Mark agreed he received two files from Saleem, one called Explit.bin and the other a 10-minute video clip containing instructions for installing and exploiting the firmware without wiping the SRAM, which would allow him to see his PIN. Following the appropriate instructions, the Trezor test yielded a pin (2468) and wrote the seed of 24 words that it had generated. Then Mark installed the exploit, entered around ten different Linux commands, and pressed the buttons to reset Trezor … and here it worked! The practice of Trezor was broken with success, and he is finally able to see the dreaded PIN on the screen.