The question still remained, though, whether all that GPU-crunching would actually work. After months of hammering on the problem, Stay was finally ready to try. The Guy hadn’t given the entire ZIP file to Stay and Foster; he likely didn’t trust that they wouldn’t steal his cryptocurrency if they did manage to crack the keys. Instead, because of how encryption is implemented in ZIP files, he was able to just give Stay and Foster the encrypted “headers,” or informational notes about the file, without sharing its actual content. By February, four months after that first LinkedIn message, they queued it all up and started the attack.
It ran for 10 days—and failed. Stay later wrote that he was “heartbroken.”
“We’d had lots of bugs before, but the tests I ran on my laptop all worked perfectly,” he says now. “If it was a bug, it had to be a subtle one, and I worried that it would take us a long time to find.” It didn’t help that throughout February, bitcoin’s price was dropping, and the value of the ZIP file’s contents with it. The Guy was antsy.
Stay combed through his attack, worried about some obscure, incorrect assumption or a hidden bug. He soon struck on a new idea about which number, or “seed,” to try as the starting point for the random number generator used in the cryptographic scheme. The Guy combed the test data as well, and noticed an error that occurred if the GPU didn’t process the correct password on the first attempt. Stay and Foster fixed the bug. With both of these revisions to the attack in place, they were ready to try again.
“Poof! Out came a bunch of Bitcoin,” Foster says. “It was such a relief,” Stay adds.
In the end, the infrastructure costs to run the attack were $6,000 to $7,000 dollars instead of the roughly $100,000 they had originally estimated, Foster says. The Guy paid about a quarter of the original price tag.
“He got a smoking deal,” Foster says. “Projects like this are just completely unusual. If the details of his situation had been different, if he had used a slightly more recent version of ZIP, it would have been impossible. But in this particular case there was something we could do.”
Stay says that since publishing his technical account of the project in April, a number of people have reached out asking him to help them recover the passwords to their Bitcoin wallets. Unfortunately, it’s a common plight. Even WIRED itself feels that pain. But the ZIP attack has nothing to do with cryptocurrency wallets, which can occasionally have hackable flaws but are made with strong, modern encryption.
Still, the fact that ZIP is so ubiquitous means that Stay and Foster’s research does have larger implications.
“It’s really cool from a crypto fiddling perspective,” Johns Hopkins’ Green says. “It’s one of these ancient attacks on a crummy scheme and nobody would have thought about it being relevant. But believe it or not, this bad stuff is still out there everywhere, so it’s actually really relevant. And the fact that there’s a pile of money at the end of it is really great.”
We should all be so lucky.
More Great WIRED Stories