According to the article ‘the Australian Federal Police (AFP) will allege that an analytics specialist from the AFP’s Criminal Assets Confiscation Taskforce deciphered Mr Jung’s cryptocurrency account’s “seed phrase”.’
The word ‘decipher’ is doing a lot of heavy lifting. I’m wondering if they socially engineered or just found it written somewhere in the house?
Anyway, curious as to how they did it.
I highly doubt they did anything remotely like “hacking” the seed phrase. I don’t care for cryptocurrency, but I hate cop bullshit even more, so here’s my 2 cents.
or just found it written somewhere in the house?
this one.
A seed phrase is just an encoding of a long binary number which can be used to derive the secret key. Trying all the possibilities probably isn’t possible, and I think it’s also unlikely that they found a way to weaken it. What they probably did is find it and type it in. They DID raid the dude’s house, where he was probably keeping a copy of it.
“Twenty or thirty years ago, police did not hack, that was not a thing that they did, but that’s very much part of the bread and butter of a modern police force nowadays,” Mr Uren said.
LMAO fuck off with this. I don’t doubt they have some tech guys on hand. I don’t think they have access to the quantum computer you’d need for this.
They have guys that point guns at your face. This is their version of hacking.
Ah, the ol’ “Brute Force” hack.
The shopping list on the suspect’s fridge apparently required
- Nebula
- Tangle
- Horse
- Piper
- Green
- Sharp
Our technician called Coles and Woolies, who confirm these are not regular grocery items, and then he had a lightbulb moment: Beat the suspect with an extension cord until he gave up the seed phrase
I wrote a script to generate seed phrases and look up if that derived into a key with any value. Then did the maths on how impossible that is and decided to stop.
I mean if someone comes into your house with a clipboard and safety vest and a gun your probably going to let them do what they need if you can’t fight them off.
“Twenty or thirty years ago, police did not hack
Can confirm this is totally untrue. None of my in-laws would say either way, but for sure they wouldn’t NOT say either way, if that makes sense.
Often times this language is used to drum up funding for exactly these types of things.
He was being intimidated by men with guns. I suspect he probably willingly gave it up. Or it was written down somewhere, as you mentioned. Either that or he had it stored rather insecurely on his device such as in a notes app or something.
The old password deciphering wrench attack. https://xkcd.com/538/
nah, they just told him who had hits out on him, and that he’d be fed to the wolves if he didn’t help.
The protective punishment of the state is probably a lot lighter than the street justice of global networks of criminal gangs.
Yeah, they probably just guessed his Google Drive password lol
Most likely written down somewhere. The seed phrase is the backup method of storing a private key to a crypto wallet. You’re supposed to put it somewhere safe as a way to recover the wallet if the normal way to access it (a software app or a hardware device) fails.
Brute-forcing a full 12 or 24 word phrase would take centuries to millennia, so there’s only a few possibilities:
- They just found the full phrase written on a card in a safe somewhere, in which “deciphering” it is as simple as typing it into a fucking wallet app;
- He was smart enough to split the phrase up and keep different parts of it in different places, so they might have had to brute-force part of it;
- They found a hardware wallet and hacked into it to recover the phrase;
- (exceedingly unlikely) they figured out that the random number generator he used to generate the phrase was broken and had predictable output patterns.
The word ‘decipher’ is doing a lot of heavy lifting. I’m wondering if they socially engineered or just found it written somewhere in the house?
You can plausibly brute force up to 4, maybe 5 words of a seed phrase. It takes longer than a normal password because every seed phrase is technically valid, so the only way to know if your brute force is successful is to generate thousands of addresses at each of the different derivation paths you may expect funds to exist at.
The same seed phrase is used for Bitcoin, Ethereum, Monero, etc, but each currency uses the seed phrase to generate addresses in a slightly different standard. Additionally, each wallet uses a slightly different variation of that. Within each wallet is a notion of accounts, and within each account you could have dozens of addresses. You need to generate each of those addresses, and scan each cryptocurrencies blockchain to see if those addresses have ever been used.
Realistically one of three things happened: his seed phrase was written down and they found it, it was password protected or on a drive with weak AES encryption and they cracked THAT instead, or finally, he used a hardware wallet and they exploited a firmware vulnerability to lift the PIN and transfer out funds and/or read the seed from the device
They show a phone on life support, so maybe they dumped it from RAM?
I lol’ed at that pic as well…