According to the article ‘the Australian Federal Police (AFP) will allege that an analytics specialist from the AFP’s Criminal Assets Confiscation Taskforce deciphered Mr Jung’s cryptocurrency account’s “seed phrase”.’
The word ‘decipher’ is doing a lot of heavy lifting. I’m wondering if they socially engineered or just found it written somewhere in the house?
Anyway, curious as to how they did it.
You must log in or register to comment.
I highly doubt they did anything remotely like “hacking” the seed phrase. I don’t care for cryptocurrency, but I hate cop bullshit even more, so here’s my 2 cents.
or just found it written somewhere in the house?
this one.
A seed phrase is just an encoding of a long binary number which can be used to derive the secret key. Trying all the possibilities probably isn’t possible, and I think it’s also unlikely that they found a way to weaken it. What they probably did is find it and type it in. They DID raid the dude’s house, where he was probably keeping a copy of it.
“Twenty or thirty years ago, police did not hack, that was not a thing that they did, but that’s very much part of the bread and butter of a modern police force nowadays,” Mr Uren said.
LMAO fuck off with this. I don’t doubt they have some tech guys on hand. I don’t think they have access to the quantum computer you’d need for this.
They have guys that point guns at your face. This is their version of hacking.
Ah, the ol’ “Brute Force” hack.
The shopping list on the suspect’s fridge apparently required
- Nebula
- Tangle
- Horse
- Piper
- Green
- Sharp
Our technician called Coles and Woolies, who confirm these are not regular grocery items, and then he had a lightbulb moment: Beat the suspect with an extension cord until he gave up the seed phrase
I wrote a script to generate seed phrases and look up if that derived into a key with any value. Then did the maths on how impossible that is and decided to stop.
I mean if someone comes into your house with a clipboard and safety vest and a gun your probably going to let them do what they need if you can’t fight them off.
“Twenty or thirty years ago, police did not hack
Can confirm this is totally untrue. None of my in-laws would say either way, but for sure they wouldn’t NOT say either way, if that makes sense.
The word ‘decipher’ is doing a lot of heavy lifting. I’m wondering if they socially engineered or just found it written somewhere in the house?
You can plausibly brute force up to 4, maybe 5 words of a seed phrase. It takes longer than a normal password because every seed phrase is technically valid, so the only way to know if your brute force is successful is to generate thousands of addresses at each of the different derivation paths you may expect funds to exist at.
The same seed phrase is used for Bitcoin, Ethereum, Monero, etc, but each currency uses the seed phrase to generate addresses in a slightly different standard. Additionally, each wallet uses a slightly different variation of that. Within each wallet is a notion of accounts, and within each account you could have dozens of addresses. You need to generate each of those addresses, and scan each cryptocurrencies blockchain to see if those addresses have ever been used.
Realistically one of three things happened: his seed phrase was written down and they found it, it was password protected or on a drive with weak AES encryption and they cracked THAT instead, or finally, he used a hardware wallet and they exploited a firmware vulnerability to lift the PIN and transfer out funds and/or read the seed from the device
