Backup Header Below

How a Presale Ethereum Wallet Containing 1000 ETH Was Recovered by KeychainX

He was a part of the Ethereum pre-sale in 2014 and amassed a fantastic 1000ETH today worth about 4 million USD for a mere 300USD – an astonishing 13000x increase in value.

The story began when Alex sent the KeychainX team a question about whether if the team dealt with damaged wallets. Alex suspected the wallet to be corrupt or the encryption to be wrong, as he had the password saved in Splash ID together with other passwords and used to copy-paste it into the pre-sale webpage to join in the Ethereum token sale.

He was worried that using multiple systems like iPad, mac and phone and various language setups (Alex was half French), there might be some hiccup or language character decryption errors.

Since the password was pretty long (99 characters) and contained several special or non-ASCII characters, it was a devious task. However, inserting a random character at an arbitrary position is doable for shorter passwords. For an almost 100-character-long password, it was impossible.

But Alex was pretty sure of the password, so KeychainX “just” had to look up what was wrong. Of course, the password was also sexual, so writing the various password deviations using sexually explicit language was hilarious.

Being stubborn, the KeychainX team started by adding random characters at the positions the team suspected were those with possible problems. For example, sometimes, if a character were non-English, the code would translate it to a double character, which ultimately would cause the search space to increase dramatically. So doing that produced no result.

So the team went back to look at the Splash ID source code and tried to reverse engineer it to reproduce the problem. There were many versions of Splash ID, and their page did not offer it to be open source. No luck.

Then a few weeks later, a Russian client contacted KeychainX with a completely different wallet using Cyrillic characters. Most of KeychainX’s custom-written tools were written for English or Latin passwords, so the team had to look into an old tool’s source code and look how to translate those to fit into the system.

It gave an idea for Alex’s wallet.

What if the tools used, and the unique characters that encrypted his wallet, were translated through the encryption software just like Cyrillic characters.

Going back to the Presale wallet, the team attacked those special characters positions using the same approach as if they were Cyrillic. Boom! the team found the password; however, there was an issue.

Most wallet software that would generally import the wallet and display the private key did not work, and the password was not getting accepted since the special characters were outside the boundaries of their respective code or character set. Instead, the team had to manually decrypt the wallet to export the private key using the foreign character set.

After moving out the funds, KeychainX tried to call Alex multiple times, but it kept going to his answering machine. So the team mailed Alex, and yet still no answer.

It took almost three days before he got back to KeychainX, which was a little nerve-wracking sitting on someone’s 4 million USD without knowing where the person was. Ethereum price also swung a lot, so the value moved hundreds of thousands daily in both directions.

So the team transferred Alex his share of the funds, said good luck and stay safe, and then never heard from him any more. KeychainX hopes he has fun with his newly recovered, long-lost fortune!



Other Press Releases