Check out all the on-demand sessions from the Intelligent Security Summit here.
If you’ve ever had that sinking feeling that you’ve lost something valuable for good, you’ll understand what it’s like to lose access to the cryptocurrency assets you own. And your efforts to recover your funds might lead you to a father-and-son team dubbed Crypto Asset Recovery.
These losses happen when owners lose track of their passwords and their assets are stored in secure crypto wallets where you can’t just do a “forgot my password” and generate a new one with an email response. And a lot of people have lost a lot of money this way.
Chainalysis, which tracks cryptocurrencies to help companies and legal authorities, said in 2018 that it’s possible that around 3.79 million Bitcoin, or 23% of the total, has been lost to date. That’s well over $62 billion at today’s prices and it was worth about $170 billion at the market peak.
Chris Brooks (the father) and Charles Brooks (the son) have made it their business to help people recover their lost cryptocurrency. Their aim is to break into a crypto wallet when the password has been forgotten. They take a 20% cut if they are successful and then return the rest to the rightful owner.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
In 2021 and 2022, the company recovered more than seven figures worth of cryptocurrency in each year. They’re almost exclusively paid in Bitcoin. Sometimes it can take five minutes once they get the relevant information from a client. And sometimes it can take more than a year.
Chris Brooks was a former vice president of technology at Carescout and a programmer at Fidelity Investments.
Chris Brooks said he got familiar with Bitcoin in 2014 when a business coach told him to check out the cryptocurrency. He read the white paper and concluded it wasn’t really going anywhere important. He ignored it for a few years and then got excited again.
“I looked at some mining opportunities and some trading opportunities, and they just didn’t work for various reasons,” he said. “And then I started coming across forum posts of people saying, ‘Hey, I’ve lost the password to my wallet. And I thought, ‘I’m a programmer.’ I know how to solve that problem. And so I started this in 2017.”
He ran it for about six months but then the price of Bitcoin came crashing down. He decided to put more work into another business and put the recovery business on hold.
But in response to huge market demand late 2020 and early 2021, Chris Brooks returned to the business and his son Charles, a computer science student at the University of Vermont, joined his father as cofounder and CTO.
The young Brooks had completed his freshman year and was on a break from college. He started exchanging ideas about business opportunities with his father. As they were both programmers, they decided to take the skills that hackers use to break into accounts — only doing this for good.
“For me, it’s like digital treasure hunting. And it really has this life-changing bounty at the end of a rainbow sometimes,” Charles Brooks said. “We decided to spin up Crypto Asset Recovery again. And we spun it up kind of on the presumption of running this for a month or two to see if we have market fit.”
They started to get their first successful recoveries and more clients started coming in.
“It was pretty clear there was market fit and a need for this kind of service in the space,” Charles Brooks said.
I talked to the Brooks folks for the first time in late 2021, and then I did so again this month. The big difference was that we had another pair of crashes in the cryptocurrency market, which caused the value of Bitcoin to tumble dramatically. Bitcoin started the year valued at $47,024, and it lost more than 60% of its value and one Bitcoin is now worth $16,635.
Still, the Brooks team is soldiering on, working on cases that can take a long time to solve. The company is getting busier now because of the FTX crash.
“It’s a scary place to be in custody of your own funds. And it’s a scarier place to have someone else hold custody over your own funds, as we just saw with FTX,” Charles Brooks said.
Some people are worried about the money they have stored in exchanges as a result of that crash and FTX’s bankruptcy.
“Many people are moving over to self-custody wallets right now,” Chris Brooks said. “I don’t think people should be managing that money themselves. I think it makes perfect sense for you to work with a Fidelity or Vanguard. And my personal belief is that for crypto to get really wide adoption, we’re going to have custodians who can be trusted to manage people’s funds so that if I walk out the door and get hit by a bus, there’s a way for my family to actually get those funds back.”
They take advantage of password-cracking software and their best hardware, often using brute force to repeatedly try different passwords on an account. They have some tricks to circumvent the limitations many accounts have for password guessing. And they try to narrow the search down by relying on any memories the account owners have for possible passwords.
The usual problem
If you have Bitcoin or any other cryptocurrency in a self-custody wallet, where you are in charge of managing your own private keys, and you lose the password to that wallet, then no one can reset that password. It’s not like a bank account or a custodial wallet on a service like Coinbase.
“There have been a ton of stories of people just having devastating losses, whether it’s 1,000 lost Bitcoin, or whether it’s $500 worth of Bitcoin — it’s a devastating amount of money to lose,” Chris Brooks said.
To help them, the Brooks duo asks for anything the owner might remember about the password, from their best guesses to the usual things they use to remember passwords. If they find the password that decrypts the private key, then they give the owner control of the private key and their funds again.
How to solve it?
Operating like hackers, Crypto Asset Recovery uses different attack vectors. The main task they pursue is password recovery. For that, they need an encrypted backup of an account’s private key. That is just a long string of random ASCII characters that controls your address for the wallet. They need an encrypted copy of that private key before they can even begin cracking the password.
The next piece of information they need is the client’s guesses for a password, like historically used passwords, commonly used phrases, important names, numbers and more. They asked the client how they construct passwords.
Of course, this means you might have to divulge a lot of private information to Crypto Asset Recovery. That can be unnerving as well. But it’s often the only hope of recovery.
“The best client we can get is one that is willing to work closely with us,” said Charles Brooks.
They only take on a client if they have a reasonable chance of finding the password. That means they turn down offers when the owner has no idea at all what the password was or the private key info. The success rate for the clients who have some guesses is around 33%.
They set up shop at home in New Hampshire. They started getting busier with the run-up in Bitcoin prices as it soared past $50,000 per Bitcoin in November 2021. They were getting 100 emails or calls a day.
There’s almost always a dramatic story behind the stories from the clients. They often involve writing a password down on a piece of paper and then losing it. Some often had no clue of the importance of keeping passwords and ways to recover them from wallets.
Many people keep funds in their accounts because they’re concerned about the tax implications of converting cryptocurrencies to fiat currency, such as the U.S. dollar, or because they don’t want to lose out on possible market gains. And so these accounts can build up a lot of value.
Since blockchain technology is decentralized, the cryptocurrencies that use it like Bitcoin or Ethereum are secure from many types of hacking. But cryptocurrency wallet companies like MetaMask don’t store a copy of a password, the private key to unlock an account. Sometimes users send cryptocurrency to the wrong account. And sometimes the owners die and leave a puzzle for heirs to unravel.
With hardware wallets — which are SSDs they require a password to unlock them — there are restrictions on how many pin attempts you can make. Crypto Asset Recovery tries to steer clear of these problems. In other cases, you’re trying to guess a password for a login password. If you guess wrong a few times, you’ll be automatically locked out for a time. If you keep doing this, you’ll get blocked.
So Crypto Asset Recovery works with the encrypted wallet backup. They put it on a computer that can be easily unplugged from the internet and any communications. They put the backup on a dedicated GPU password-cracking rig. Most clients they work with have wallets on blockchain.com, a non-custodial wallet. They never stored private keys and so they have a backlog of wallets that need to be cracked.
They take a user’s ID and use blockchain.com’s API to download a copy of the encrypted private key. A client gets an email that this has happened and they have to authorize a download. They put the download on the rig and retrieve access to the backup. Then they take it offline and perform a hashing algorithm on it. Once they do this, they can get an unlimited number of password guesses without bumping up against a limit. They randomize possible related password guesses and then generate millions or even billions of password variations.
“We take this password list that is custom-tailored to the client,” Charles Brooks said. “We compute its hash using the same hashing algorithm as the wallet file. And then we compare the two files and if the hashes are the same, we know that we’ve identified the right password. And then we you know, we proceed with withdrawing funds and sending money to the client, or sending the password to the client.”
Sighs of relief or desperation
If you have lost funds, Crypto Asset Recovery is a no-risk option, as you don’t pay if they can’t crack the password. They do that because they know in a lot of cases that they can’t recover funds.
“If they can’t get some wallet backup, even if they know the actual password, that was their password, there’s nothing we can do to help them,” Chris Brooks said. “That means that certain types of folks who have lost funds are better clients than others.”
They helped one woman who went into a CVS store in 2013 and bought $300 worth of Bitcoin, or about 3.25 Bitcoin. She lost access to it and Crypto Asset Recovery was able to recover it for her. At the time, the account was worth $150,000 at the time.
“She was able to pay off her daughter’s college bill, and she had just retired. So that was a great story,” Chris Brooks said.
This is one of those reasons why the younger Brooks hasn’t gone back to college yet. And he gets to be his own boss.
In another case, the team worked on an account for over a year. They managed to crack it, and as a result the owner didn’t have to sell off a different property as expected.
“We can’t crack every password. But when we can, it can often be really meaningful for the person,” Chris Brooks said.
It’s also heartbreaking when they can’t do something for someone in a poor country where Bitcoin is a common way to do banking and the person has lost their life savings. They also often see romance scams where someone scams another person out of their Bitcoin in an investment scheme. There is often no way to get that money back once it’s been transferred to another account. (If it is a non-custodial account, it may be possible to get the exchange to freeze an account and withdraw its funds).
“We get people who are absolutely desperate to get their funds back. And we certainly do our best but we crack a little over one in three wallets that we work on,” Chris Brooks said. “And so by that very nature, like, we can’t help half the people that come to us.”
Crypto Asset Recovery stays away from cases where there are questionable facts, like possibly stolen Bitcoin or an account that is in contention between people getting a divorce.
When or if the price of Bitcoin rises again, the business will be better.
“It’s a cyclical businesses, and definitely these massive price swings in Bitcoin are mirrored in our revenue,” Chris Brooks said.