Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Consensual Phishing: How to Crack Your Half-Forgotten Crypto Password

posted by Fnord666 on Tuesday September 17 2019, @04:11PM   Printer-friendly
from the your-assistance-is-needed dept.

MrPlow writes:

Submitted via IRC for SoyCow2718

Phil Dougherty has a side hustle as a friendly hacker. By day, he's a software developer at the University of Wisconsin, building free educational games and conducting research on the ways people play them. Meanwhile, back at home, Dougherty is the shepherd of a program that's constantly running down ways to break into other people's cryptocurrency wallets.

Dougherty works with folks who have lost, forgotten or incorrectly written down their Ethereum passwords, locking themselves out of their wallets and forfeiting the digital cash that's lurking within. These people are, essentially, shit out of luck. There's no customer support hotline for Ethereum, no security questions to answer, no "Forgot password?" link.

[...] Dougherty got his start in cryptocurrency cracking in 2017, after reading a Reddit post from someone who wanted to brute force their way into their own Ethereum wallet. The Redditor remembered part of their password and generally what it looked like, handing Dougherty a puzzle perfectly suited to his interpersonal coding skills. He and five other programmers ended up racing to crack this user's password. Dougherty won.

"I successfully unlocked that guy's password, and then straight from that post I started getting, 'Well wait, hey, could you try to help me with that?'" Dougherty said. "Things organically grew from there."

Source: https://www.engadget.com/2019/09/13/forgot-password-ethereum-cryptocurrency-lost-expandpass/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Consensual Phishing: How to Crack Your Half-Forgotten Crypto Password | Log In/Create an Account | Top | 2 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by looorg on Wednesday September 18 2019, @12:27PM

    by looorg (578) on Wednesday September 18 2019, @12:27PM (#895602)

    Was wondering that to. From the article it seems he is just running a, somewhat curated form of, dictionary attack from one computer. So the only thing separating him from the crocks that go out looking for weak (or having selected a bad) password for their wallets is that people ask him to do it and hope that he is later honest about it -- anyone with a million bucks or so in their wallet willing to test him and his service out?

    Still isn't it a bit of a weakness in the wallet system if you accept unlimited password guesses? I guess it's hard to get around thou, perhaps some kind of blockchain solution could be found ...

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2