According to the article ‘the Australian Federal Police (AFP) will allege that an analytics specialist from the AFP’s Criminal Assets Confiscation Taskforce deciphered Mr Jung’s cryptocurrency account’s “seed phrase”.’

The word ‘decipher’ is doing a lot of heavy lifting. I’m wondering if they socially engineered or just found it written somewhere in the house?

Anyway, curious as to how they did it.

  • Technus@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    Most likely written down somewhere. The seed phrase is the backup method of storing a private key to a crypto wallet. You’re supposed to put it somewhere safe as a way to recover the wallet if the normal way to access it (a software app or a hardware device) fails.

    Brute-forcing a full 12 or 24 word phrase would take centuries to millennia, so there’s only a few possibilities:

    1. They just found the full phrase written on a card in a safe somewhere, in which “deciphering” it is as simple as typing it into a fucking wallet app;
    2. He was smart enough to split the phrase up and keep different parts of it in different places, so they might have had to brute-force part of it;
    3. They found a hardware wallet and hacked into it to recover the phrase;
    4. (exceedingly unlikely) they figured out that the random number generator he used to generate the phrase was broken and had predictable output patterns.
  • shortwavesurfer@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    He was being intimidated by men with guns. I suspect he probably willingly gave it up. Or it was written down somewhere, as you mentioned. Either that or he had it stored rather insecurely on his device such as in a notes app or something.

  • xantoxis@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    I highly doubt they did anything remotely like “hacking” the seed phrase. I don’t care for cryptocurrency, but I hate cop bullshit even more, so here’s my 2 cents.

    or just found it written somewhere in the house?

    this one.

    A seed phrase is just an encoding of a long binary number which can be used to derive the secret key. Trying all the possibilities probably isn’t possible, and I think it’s also unlikely that they found a way to weaken it. What they probably did is find it and type it in. They DID raid the dude’s house, where he was probably keeping a copy of it.

    • Agent641@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      The shopping list on the suspect’s fridge apparently required

      • Nebula
      • Tangle
      • Horse
      • Piper
      • Green
      • Sharp

      Our technician called Coles and Woolies, who confirm these are not regular grocery items, and then he had a lightbulb moment: Beat the suspect with an extension cord until he gave up the seed phrase

    • peopleproblems@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I mean if someone comes into your house with a clipboard and safety vest and a gun your probably going to let them do what they need if you can’t fight them off.

    • corsicanguppy@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      “Twenty or thirty years ago, police did not hack

      Can confirm this is totally untrue. None of my in-laws would say either way, but for sure they wouldn’t NOT say either way, if that makes sense.

    • muntedcrocodile@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I wrote a script to generate seed phrases and look up if that derived into a key with any value. Then did the maths on how impossible that is and decided to stop.

  • bjorney@lemmy.ca
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    The word ‘decipher’ is doing a lot of heavy lifting. I’m wondering if they socially engineered or just found it written somewhere in the house?

    You can plausibly brute force up to 4, maybe 5 words of a seed phrase. It takes longer than a normal password because every seed phrase is technically valid, so the only way to know if your brute force is successful is to generate thousands of addresses at each of the different derivation paths you may expect funds to exist at.

    The same seed phrase is used for Bitcoin, Ethereum, Monero, etc, but each currency uses the seed phrase to generate addresses in a slightly different standard. Additionally, each wallet uses a slightly different variation of that. Within each wallet is a notion of accounts, and within each account you could have dozens of addresses. You need to generate each of those addresses, and scan each cryptocurrencies blockchain to see if those addresses have ever been used.

    Realistically one of three things happened: his seed phrase was written down and they found it, it was password protected or on a drive with weak AES encryption and they cracked THAT instead, or finally, he used a hardware wallet and they exploited a firmware vulnerability to lift the PIN and transfer out funds and/or read the seed from the device