(Bad News?) Irish Police Crack First of 12 Bitcoin Wallets in $418M Drug

[CryptSafe]

I have come to realize long ago that the government can go to any extent to do whatever they want and get away with it as it pleases them, which is why they do not bother about certain things, because if they want to get it, they know how to go about it.

So the government cracking such a wallet is not something new, though, because I know that they have so much to benefit from while having such a wallet under their custody, as they have nothing to worry about.

[Nwada001]

The Blue wallet on my phone can just be opened without even a password. If you can unlock my phone, you can steal all the coin on my Blue wallet. No need to break bitcoin, you just break weak security practices.

You personally did not add the password to the BlueWallet, or the version you are using doesn't support passwords? I'm just asking because I use BlueWallet, and it's also password protected. No matter how secure I consider my phone to be, I still protect apps that have to do with finances with an additional password to give penetrators a hard time to access them.

[Cookdata]

Highlights:
* The 12 wallets were obtained by authorities in 2019
* After years of frustration they have cracked/decrypted a valuable bitcoin stash in one of the wallets
* The seed phrases were permanently lost years ago

For discussion: How is Bitcoin considered safe if the Government can now access and decrypt private keys?**
Also, is saying (for example) "Oh those are old addresses" similar to admitting all old addresses can now/soon be cracked by top experts?
**(EDIT) Honestly, it's not completely clear if they literally broke Bitcoin's encryption, or busted into the wallet software and found the keys.

Your thoughts?

From all the articles I have seen online, there is no official confirmation from Irish police or the government they are responsible for the Bitcoin movement but the fact that the Bitcoin was moved to coinbase points as government activity, no sane person will sent that kind of Bitcoin to any exchanges unless the person is trying to do something that we all know nothing about. Coinbase is a no go area to send such kind of coin that is publicly on chain surveillance watch list.

I don't know where you read about encryption but it's not only applicable to Bitcoin, anyone can encrypt a file with a password and since it's a two way function, you can decrypt the file with the right key. We can't say what went down but an encrypted file with small characters of key can be brute force, these means the owner didn't use long key to avoid been forgotten and the was able to get it. We can't say for sure until there is a confirmation or official report from the Irish police or government.

[Nothingtodo]

It seems like a coincidence to me and it must be admitted that they only managed to access one of the 12 wallets. If they had been that successful, they could have accessed all 12 wallets.
The Irish government and security cybercrime must have hacked a wallet with a weak password and entered the wallet. In this case, they did not find the seed phrase and entered the wallet. Moreover, they did not reveal how they entered in the incident but they did say that they were able to access it. This incident does not prove in any way that Bitcoin is weak and that any government or anyone can attack a Bitcoin wallet.

[OgNasty]

The article don't mention how this was done but if I had to guess I would say he had a wallet file that got recovered then bruteforced for using weak password? Not really a big deal. Whatever it was, it definitely wasn't done using the address alone if that's what you're implying.

I think you are right that they must have just brute forced a password.  If they actually brute forced an address it would be the first time in history wouldn't it?  All those posts saying that Bitcoin would take millions of years to crack an address and all the electricity the sun can provide or whatever would be laughably wrong.  Not to mention it would shake the foundations of businesses like Strategy, Blackrock, Coinbase, etc...

It is stories like this that normies latch onto to shape their opinion of Bitcoin.  A shame it was written the way it was.

[PepeLapiu]

Both can have a password. Almost every self custody wallet allows that and at the same time, you can decide to leave your wallet unencrypted. It is a choice which isn't forced by a wallet.

If you choose to use it without a password then it doesn't matter Electrum or BlueWallet. Anyone that can access your device can access it and it is not limited to mobile devices. Electrum asks to set up a password while creating your wallet, I don't think BlueWallet does that.

Did you purposely write this?

To the best of my knowledge, the Blue wallet doesn't have an option for a password lock.
And BTW, I don't use that wallet for that reason. But I still have it installed on my phone because some people I introduce to bitcoin here in El Salvador are running iPhone.

But regardless if you use Electrum or Blue, or any other mobile wallet, they are infinitely easier to hack because you only need a password, not the whole mnemonic phrase.

[nullama]

~snip~
For discussion: How is Bitcoin considered safe if the Government can now access and decrypt private keys?**
Also, is saying (for example) "Oh those are old addresses" similar to admitting all old addresses can now/soon be cracked by top experts?
**(EDIT) Honestly, it's not completely clear if they literally broke Bitcoin's encryption, or busted into the wallet software and found the keys.

Your thoughts?

Bitcoin is still safe. It's safe because of math, not because you need to trust someone.

They probably had access to partial information about the key, which made it possible to access it.

It's basically similar to how many of the Bitcoin puzzles are solved. If you have some information about the key, it is easier to crack, but if you don't have any information, then it's pretty much impossible.

Just have a look at the Satoshi-era addresses still holding BTC... if anyone was able to crack them, the BTC would have been long gone.

[JeffBrad12]

I have come to realize long ago that the government can go to any extent to do whatever they want and get away with it as it pleases them, which is why they do not bother about certain things, because if they want to get it, they know how to go about it.

So the government cracking such a wallet is not something new, though, because I know that they have so much to benefit from while having such a wallet under their custody, as they have nothing to worry about.

Its not about government just getting the wallet, its more about how the government able to crack bitcoin. I'm pretty sure with my guess that the guy who got arrested only storing his private key behind bitlocker or something.
If it's about government seizing the wallet, its normal for a government to do that when they got the right if the court ruling say so.

[davis196]

For discussion: How is Bitcoin considered safe if the Government can now access and decrypt private keys?**
Also, is saying (for example) "Oh those are old addresses" similar to admitting all old addresses can now/soon be cracked by top experts?
**(EDIT) Honestly, it's not completely clear if they literally broke Bitcoin's encryption, or busted into the wallet software and found the keys.

Your thoughts?

The Irish government have tried to crack those wallets for around 7 years and they have finally succeeded with the help of Europol cybersecurity experts. 7 years looks like a pretty long time to crack a wallet. Bitcoin is safe... for now. I don't know what would happen if AI becomes super smart and capable of brute forcing wallet passwords and private keys in several minutes. And what about quantum computers?
Maybe we have to upgrade to 125-character long passwords and seed phrases, that contain 120 words instead of 12.
I don't think that this news would cause panic on the BTC markets and trigger massive sellouts of BTC. Bitcoin is going to be fine in the next 5 years at least.

[LoyceV]

if I had to guess I would say he had a wallet file that got recovered then bruteforced for using weak password?

That would be my guess, with one change: they brute-forced a strong password. If the password would have been weak, it wouldn't have taken them years with (probably) massive resources.
I'm more curious how much money they spent on computing power to crack this.

@OP: there's no need to add "Bad News?" to the topic title. That's creating FUD.

* The seed phrases were permanently lost years ago

Says who? The drug dealer who doesn't want to hand over his retirement plan?

Maybe we have to upgrade to 125-character long passwords and seed phrases, that contain 120 words instead of 12.

A longer seed phrase is not safer than the current 12 word standard.

[coinlary]

To the best of my knowledge, the Blue wallet doesn't have an option for a password lock.
And BTW, I don't use that wallet for that reason. But I still have it installed on my phone because some people I introduce to bitcoin here in El Salvador are running iPhone.

))lll
I don't really understand what you mlllean by "Blue wallet doesn't have an option for a password lock."
Check your BlueWallet settings,the security page has the option to set up a password. It works just like plausible deniability.

The storage is encrypted that way so even if you manage to get their wallet files with apps, tools or on a rooted Android device, it will still be encrypted and you will need to decrypt it before you can do anything with it.

I get the point that Electrum is always ahead though.

[macson]

-.-

))lll
I don't really understand what you mlllean by "Blue wallet doesn't have an option for a password lock."
Check your BlueWallet settings,the security page has the option to set up a password. It works just like plausible deniability.

The storage is encrypted that way so even if you manage to get their wallet files with apps, tools or on a rooted Android device, it will still be encrypted and you will need to decrypt it before you can do anything with it.

I get the point that Electrum is always ahead though.

That means he doesn't understand Blue Wallet, because if he did, he wouldn't have said that. It's clear that BlueWallet supports passwords, and I think anyone using it would set that up because it's crucial for the wallet's security.

[Z-tight]

It is stories like this that normies latch onto to shape their opinion of Bitcoin.  A shame it was written the way it was.

Yeah, and it was probably written this way to create fud, so some people might believe that they cracked the keys are moved the coins. Luckily, a lot of us in here know better, but there are a lot of people out there, with minimal BTC knowledge that could fall for this fud and start to panic as a result.

for now. I don't know what would happen if AI becomes super smart and capable of brute forcing wallet passwords and private keys in several minutes. And what about quantum computers?

That is all speculation and the fud created about quantum computers. We have also had a lot of discussions about quantum computers, so you can go back and read them.

[lionheart78]

I also think that the way the Irish Polic crack the wallet is due to the recovered document that somehow has the hint of password of the encrypted wallet.  The techology of brute forcing the wallet through public address has yet to be discovered (IMHO) else we can see huge stashes being hacked left and right.

It is possible that the article just left the method used secret from the masses and let them think negatively on the security of the Bitcoin network.  This is somehow an indirect statement telling people that Bitcoin security is not that secure which is misleading and can cause panic and chaos if someone influential used it to spread FUD.

[o48o]

-cut-
**(EDIT) Honestly, it's not completely clear if they literally broke Bitcoin's encryption, or busted into the wallet software and found the keys.

Your thoughts?

They didn't broke Bitcoin's encryption, which you would see if you read the source instead of MEXC rephrased summary.

They cracked the wallet, meaning they cracked a password. Which is WAY more possible to do with brute force, especially when you can use all the other texts and password lists to brute force it. That password might even have just been in some .txt file among mountain of other material.

[Ambatman]

Countries are really having it easy in making Money from Bitcoin
Find a crime the owner has done
Seize their funds free money.
With the US holdings and what the Irish police were able to recover
If it was brute forced directly
They wouldn't have published it but kept it a secret until they have benefited more from it.

[retreat]

Your thoughts?

That’s not bad news - don’t make a big deal out of something that’s actually quite ordinary. Right now, there’s no "tool" capable of decrypting a Bitcoin seed phrase. As people here have said, all they’re doing is brute-forcing wallet file, which isn’t impossible. Just ignore it, it’s not something you need to be so afraid of.

[PrivacyG]

That would be my guess, with one change: they brute-forced a strong password. If the password would have been weak, it wouldn't have taken them years with (probably) massive resources.

I have my personal doubts about this.  It may be subjectively coming from the distrust I have in the Authorities of my own country and from their lack of interest in solving cases.  My Authorities would probably give up in a matter of hours and never care again.

Do you think it is possible that they kept running a brute force for years or that it may have rather been a semi strong Password they gave up on a long time ago and re attempted in the last months instead?

If the cracked Wallet was obtained in 2019 and they have been continuously attempting a brute force on it since, which is almost SEVEN years, that is crazy.

[LoyceV]

It may be subjectively coming from the distrust I have in the Authorities of my own country and from their lack of interest in solving cases.  My Authorities would probably give up in a matter of hours and never care again.

I believe they're much more motivated to recover money that will be theirs. In this case, they recovered 500 Bitcoins:

“Europol hosted operational meetings at its headquarters in The Hague, the Netherlands and provided critical support to Bureau investigators and analysts with the provision of highly complex technical expertise and decryption resources vital to the success of the operation.”

That's worth $33 million at the moment.

I'm more curious about this part:

He then hid the document in a fishing rod case at one of his rented properties in Co Galway. In interviews with gardaí he claimed he never saw the case again after a break-in at his home. However, a clear-out of the property after his arrest may also have resulted in the loss of the document.

If that's true (which I doubt), someone walks around with a fishing rod case holding hundreds of millions of dollars

Do you think it is possible that they kept running a brute force for years or that it may have rather been a semi strong Password they gave up on a long time ago and re attempted in the last months instead?

I think it's plausible they restarted the cracking after they gained access to "expertise and resources".

If the cracked Wallet was obtained in 2019 and they have been continuously attempting a brute force on it since, which is almost SEVEN years, that is crazy.

It's a warning for anyone who uses encrypted data: someone could be patiently waiting for decryption tools to be fast enough to crack it in the (far) future.

[hugeblack]

The decrypt.co^[1] report provided further details, which I will quote below:

Collins created 12 wallets to store his growing Bitcoin fortune and recorded the private keys in a document hidden in a fishing rod case at a rented property in Co Galway. In interviews with gardaí, he claimed he never saw the case again after a break-in at his home, though reports indicated a clear-out of the property after his arrest may have resulted in the loss. The original seizure in 2019 was valued at $61 million (€53 million).

Apparently, the 12 wallets are private keys contained within a document. document was apparently password encrypted, and the government cracked the password to access the private keys.

In short, this isn't directly related to Bitcoin, but it highlights the importance of using passphrases to mitigate the impact of physical attacks.

[1] https://decrypt.co/362295/irish-police-crack-first-of-12-bitcoin-wallets-in-418m-drug-seizure