
‘I forgot my PIN’: An epic tale of losing $30,000 in bitcoin - scotty79
https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/?mbid=synd_digg
======
davidgh
Whoa that read like a Tom Clancy novel. I started reading right before we had
to go somewhere so I told my wife when we got into the car (I was driving)
“please read this out loud”. At the end she and my daughter were completely
captivated and wrapped up in the drama.

Then from the backseat I hear my daughter say, “What’s a Bitcoin?”

------
tptacek
What the fuck kind of cryptographic hardware security device is unlocked with
a PIN _and stores the plaintext of the PIN_? What cryptosystem generates a
recovery key and then _stores the recovery key_? That is a clown-car
vulnerability.

 _Later_

You know what I bet? I bet the PIN check is literally a string comparison,
between the input PIN, and a stored "correct" PIN that they decrypt every time
you try a PIN.

~~~
zwily
The recovery key isn’t just used for recovery - every operation is derived
from the recovery key. The device has to know it, in plaintext, in order to
actually do anything.

~~~
tptacek
From the Trezor MCU source code on Github, it looks like I was right, and the
PIN check is literally a string comparison.

~~~
zwily
Yeah, I don't know why they do that. I was just responding to the decrypted
key being stored in memory.

------
Scoundreller
> when the Trezor is powered on, its firmware (basically, the Trezor’s
> operating system) copies its PIN and 24 seed words into the Trezor’s SRAM
> [...] in an unencrypted form.

> If you do what is called a “soft reset” on the device—accomplished by
> delicately shorting two pins on its printed circuit board—you can then
> install the exploit firmware without wiping the SRAM’s memory. This allows
> you to see your PIN and seed numbers.

There's the primary vulnerability.

I fear there are other vulnerabilities that could defeat the anti-PIN cracking
delays...

Old-school pay-tv hackers (Chris Tarnovsky anyone?) would probably have a
field-day with micro-probers and more invasive recovery techniques on these
hardware wallets. At $100 and in small volumes (plus the cost of flashy UIs
and marketing), who knows how secure the silicon is.

The more I think about it, the more I think PIN-enabled wallets are the wrong
way to go for long-term storage. Print your recovery words, store them
appropriately (not all with one person and/or in one place, etc.) and then
crush the generation device. Hopefully its random numbers can't be predicted.

~~~
solotronics
Treat the hardware wallet as securely as the seed words. The advantage is
being able to sign and spend from the addresses on the hardware wallet without
exposing to an untrusted computer each time you spend.

~~~
Scoundreller
You're assuming the hardware wallet to be a trusted computer...

------
incompatible
That's a funny story. He may have got lucky: if he hadn't been locked out for
so long, he may have been tempted to sell the bitcoins after the value doubled
or so.

------
Tomte
He put the recovery code (only copy) under his daughter‘s pillow and then
forgot about that? How stupid is that?

A big folder with emergency/in case of death information (including Bitcoin
recovery codes, but also, oh maybe banking information, which insurance
companies you‘ve used, a will, medical directives etc., would have been a
better idea.

And then put it where you keep big folders and people will actually find it
when they‘re looking for it while in distress.

„My father died, he has this shelve with document folders, but let‘s ignore
that and search _my_ room“ said nobody ever.

~~~
valkum
That is where a thief would search too. You have the possibility to store
those things at a bank for example but this leads to other problems (what is
it your are on a run). Or you dig a hole in your garden only to forget the
exact location. There is no distinct answer to where should I store those I
think.

------
llamataboot
This article compelled me to go back and find old wallets that I may have left
trace amount of BTC in when last I was mining in 2011 or so. So far I've found
1.09 BTC combined between them! Thanks article for compelling me to search the
couch cushions for $6k!

------
s17n
> This decentralized nature of the bitcoin network is not without
> consequences—the main one being that if you screw up, it’s your own damn
> problem.

This is going to be a deal-breaker for most people. For mass adoption, you'll
need bitcoins to be held by institutions that take responsibility for screwups
like lost keys (ie, banks).

~~~
Karunamon
This isn’t a problem with cash - why is it a problem with bitcoin?

I think this is a perception problem. BTC isn’t an online credit card, it’s
online cash. With everything that implies.

~~~
s17n
It's not a "problem with bitcoin" per se, it just means that bitcoin will have
to be supported by banks in the same way that cash is - your assets are kept
in an account that the bank is responsible for and you only hold a small
amount of cash at a time - for it to be useful to people.

------
learntofly
Brilliant story. Pleased both the author and "hacker" we're happy with the
deal struck.

------
benmcnelly
I don't read wired, so not sure if my story is similar, but I have a damage
hard drive with 30+ coins on it. It may be worth trying a little harder to
restore it...

~~~
ringaroundthetx
Its just ~$180,000 worth of bitcoin

no big deal, no need to waste your time on that

------
DougN7
Anyone know of a simple way to store bitcoin on paper or digital that won’t
depend on a specific app being available in 10 years?

~~~
colecut
write down your address and private key.

you only have access to your private key if your wallet is not on an exchange.

------
pwinnski
How do you misspell 'losing' when quoting a title in which it is spelled
correctly?

~~~
scotty79
I manually changed it to lowercase since after I copied it, it was all caps. I
was posting from my phone (hard to edit things there) in between talking to my
mom about unrelated things.

