The state of the art in cryptocurrency wallet cracking… hasn’t changed much.
I happened upon cracking my first ethereum wallet almost 5 years ago. I’ve since built software tools, hardware cracking rigs, and have been able to successfully help a lot of people get into their cryptocurrency wallets (ethereum, bitcoin, ERC20 tokens, altcoins, all via pbkdf wallets, secret phrases, and even raw private keys). But I still have a backlog of wallets I’m working on, and it’s larger than the list of my successes.
Cracking cryptocurrency wallets is simultaneously very hard, and pretty simple. The cryptographic strength of the system has more at stake than a handful of people getting access to million dollar wallets, so the only real space for innovation is efficient navigation of the crack space.
The winning pair here is still hashcat and expandpass. Both have had minor updates over the years, but the formula is the same: expandpass slashes massive amounts of fat from a brute force attempt, and hashcat ploughs what remains through computing hardware.
In my line of work (targeted, cooperative cracking of a single wallet with the wallet’s creator), it might be surprising to hear that expandpass does a majority of the heavy lifting. There are rare cases where raw crack power is appropriate (and I have access to rigs where that is the case!) and hashcat can really deliver, but modern wallets are strong and require order-of-magnitude reductions in crack space. Expandpass is the tool to offer that.
I’d like to put two calls out:
One: If you need a cryptocurrency wallet cracked, shoot me an email at phildo211@gmail.com! As an experienced wallet cracker and the creator of expandpass, I’ve built up expertise in navigating crack spaces - the reduction of which is often the key to accessing a wallet’s funds.
Two: The next innovation is to make hashcat and expandpass work together natively. The hashcat people have been generous in supplying an API for expandpass, and there are a small handful of challenges that need to be addressed before everything can fit together (primarily: making the reduced crack space countable). This would allow expandpass to work well with something like hashtopolis, which could be a huge benefit to the cracking world generally. If this sounds like a challenge you’re interested in, expandpass is open source, and I’d love any contributions!
I’ll keep cracking wallets, improving expandpass, and will keep an eye out for any wallet cracking game-changers. But if the past 5 years are any indicator, this is what we have to work with with. Fortunately, expandpass and hashcat continue to deliver.
