Researchers cracked an 11-year-old password to a $3M crypto wallet

Original Article ↗ Hacker News Discussion ↗

Crypto’s Value vs. Stocks and Fiat

  • Some argue stocks are backed by productive businesses, while crypto “is tied to nothing.”
  • Others counter that many traditional instruments also lack clear intrinsic value and that value comes from collective desire, not backing.
  • Comparisons:
    • Dollars are said to be backed by the US economy/military (and tax obligations).
    • Supporters analogize crypto’s “backing” to mining networks and their cost/effort.

Use Cases: Transfers, Crime, and the Global South

  • Proponents: crypto enables cheap, fast, cross‑border transfers, especially valuable in countries with weak banking systems; cited as easier/cheaper than wires for some users.
  • Critics: practical use is limited; you usually must convert to fiat via KYC exchanges, adding fees, delays, surveillance, and tax questions.
  • Some say crypto is mostly useful for black/grey markets, sanctions evasion, and ransomware; others respond that most Bitcoin volume is legal, though much is speculative.
  • Debate over how to interpret studies: small share of total volume is illicit, but a large share of spending on goods/services may be illicit.

Password Manager Flaw and Security Implications

  • The crack targeted the password manager, not the wallet’s crypto algorithms.
  • Weakness: passwords were generated by a PRNG seeded with datetime; knowing approximate creation time drastically reduced the search space.
  • Clarification: this is seeding, not salting.
  • Some see this as a serious design flaw that could affect many users, especially where many login attempts are possible (e.g., crypto wallets).
  • Strong criticism that the vendor fixed the issue but apparently did not clearly warn users to regenerate passwords; others downplay risk as requiring high effort and precise conditions.
  • General point: most crypto systems fail via implementation bugs (e.g., PRNGs), not broken algorithms; “don’t roll your own” randomness.

Hacking Video and Media Depictions

  • Mixed reactions to the YouTube video:
    • Praised for production quality and accessible explanation for non‑technical audiences.
    • Criticized as overlong, overly “entertaining,” and better suited to a short blog post.
  • Broader side discussion on realistic vs. cinematic portrayals of hacking in films/TV.

Investment Behavior and Risk

  • Divisive reactions to the wallet owner keeping most of the recovered BTC:
    • Some call it extreme risk/greed; others say holding is rational given Bitcoin’s past performance and inflation in fiat.
  • Dispute over whether holding BTC vs. converting to dollars is “riskier,” with debate about volatility vs. guaranteed fiat inflation.
  • Acknowledge that concentration of >90% of net worth in Bitcoin is inherently high‑risk, regardless of prior gains.

Lost Wallets, Entropy, and Future Cracking

  • Playful ideas:
    • “Moore’s Law Fund” where you intentionally lose access to enforce long‑term holding.
    • Funds or actors that acquire lost wallets/storage and systematically try to crack them (noted as already happening in practice).
  • Emphasis on “mind your entropy”: securely generated, high‑entropy secrets remain practically uncrackable; weak randomness makes even strong algorithms moot.