- Recovering inaccessible wallets is “like police work”
- Biggest amount ever recovered was “not less than six figures”
- KeychainX is developing a keyless crypto wallet
KeychainX bills itself as the premier Bitcoin and Ethereum wallet recovery service. From lost seed phrases to damaged laptops, these are the guys you turn to to try and recover your funds. CEO Robert Rhodin is an experienced coder and cryptocurrency miner turned wallet recovery specialist, as well as helping design the world’s first keyless crypto wallet.
We sat down with Robert to discuss how he goes about recovering people’s lost crypto, who the biggest culprits are, and how a keyless wallet works.
Could you tell me how you got into the business of crypto wallet recovery?
I know programming and coding very well, and two or three years ago I got into cryptocurrency mining. While was mining, an old friend of mine in the US asked me if there was a business he could invest in. At the same time I saw a lot of people writing about different problems they had with different wallets. When Ethereum started to go down in price, I realized that the same GPU cards I used for mining could be used to recover wallets. So I told my friend that we could start a wallet recovery service, that if he could back it up with money I could back it up with programming, and that was how KeychainX started.
What’s the process you go through when someone needs help?
Initially it’s a bit like police work. I try to figure out who the person is, something about their habits, where they come from, when they were born. You try to find out as much as possible about the person, and try to work out the password from those hints. If there is no hint available we try a brute force across the whole space, but if the password is more than nine or ten characters it’s not possible without a clue of some sort.
In another case we had someone who could not access his Ledger device because the button was broken. Ledger will not fix their wallets, but we were able to fix the button and access the wallet again for him.
Do you ever get hackers trying their luck?
I do get sent the Ethereum foundation address or address of a Binance cold wallet sometimes – it doesn’t take much to know it’s a scam. There are also a couple of wallets that float around that are stolen that I have to check before I accept.
Do you have a ‘typical’ client?
There is no ‘typical’, but the most common is that they have nothing, just a public key. In those cases I have to tell them it’s just not possible. People think you can crack anything, but you can’t. The second most common instance is when people have a backup wallet but they’ve completely forgotten the password. So I start asking them questions about themselves, and usually it is part of that – it’s much simpler than people think.
What’s the timescale involved in cracking a wallet?
The detective work takes a day or two to go through the usual questions and try them out. Then if we can’t do it that way we try the physical method using GPUs and CPUs. We can recover a wallet in as little as one second, and the longest we have spent on successfully cracking a wallet was six months. We have wallets that we have spent over a year on that we are working on in the background. We have a stash of GPUs that run 24/7, and when they run out of work on one wallet we go back to some of the older ones and try new algorithms, because there’s always something new to try. If I were to stop accepting wallets right now there would be 2-3 years’ worth of work with what we have left to crack.
How do you decide how to allocate your resources?
We strike a balance between how quickly we think we can crack the wallet with the available information, but we also have to consider the value of what is on the wallet. We started working on some Ethereum wallets when Ethereum was $900 and now it’s $140, so we have to think about how much the coins are worth. We always check on the most common libraries and algorithms that we use, then I ask for some hints, and if they can’t give me any hints I move on to the wallets that are most likely to crack. We never take an up-front fee – everything is based off the potential value of what is on the wallet.
Do you accept all wallets and coins?
We have scaled down on the type of wallet we search. In the beginning we accepted all kinds of wallets, but now I try and concentrate only on Bitcoin and Ethereum. If you have to support a range of alt coins you have to update the whole blockchain that they’re on and you have to keep track of all the new wallets that they produce, and all the different wallets have different algorithms on how they create the password or the mnemonic phrase. So let’s say five percent of the wallets are non-Bitcoin or non-Ethereum but they would require fifty per cent of the work – it’s just not worth it.
Do you see more wallets from OGs or recent adopters?
In the early days most of the people were tech-savvy so they knew about the technology, whereas most of the people today just download the wallet, transfer some money to it, and then they just close down the computer. They don’t care about saving the mnemonic or the backup. So I would say it’s getting worse recently.
What is the most you’ve ever recovered for a client?
I can’t specify, but it was not less than six figures. In that particular case, the guy took a week to tell me where he wanted me to send his share. That was awkward. You don’t know who else has access to the wallet or who he has contacted. You don’t want to send him an email and then two days later the funds move without him knowing.
What security measures do you have to implement?
Well if someone asked me to go down to North Korea or the Congo I would think twice! Usually if I need to meet someone I do that in a public place – I wouldn’t go to downtown LA at eleven pm on a Friday night to meet someone. If they’re trying to remain too anonymous then I say no, I can’t do that. In terms of the industry, security means keeping the operation locked down. One of our competitors uses cloud services, which I don’t think is a good idea.
You are also developing a keyless crypto wallet. How did that come about?
Most people we recover wallets for ask us what type of wallet we should use instead of the one they are using, and I soon realized there is no wallet I would recommend one hundred per cent. I soon realized that that most people forget the key, so we tried to figure out a way for you to store your funds without having to remember a long password or long key.
How far into development are you?
Right now we are implementing the fingerprint reader, which we have built ourselves. We have patents pending in Europe, the US and Japan and also a fourth worldwide. We have an MVP (minimum viable product) ready, which is based on your location, your social identity, and your personal data. We would love to have it out in the next six months. With the other market leaders you have to remember a key, with our device you are the key. So unless you forget who you are, you always have the private key!
What advice would you give to someone buying or downloading a new wallet today?
One of the biggest threats right now is that people put out malicious code such as keyloggers in torrents, so downloading a pirated game or film could lead someone to getting access to wallets on that device. So the first thing I would say is never download any torrents or pirated software. Other than that, the absolute best way is to write down the password or seed key on a piece of paper rather than keeping it in a digital-only format. Also, don’t keep the majority of your funds on an exchange.
KeychainX are based in California, but offer a worldwide service. Their Twitter account features regular updates of hacks and security issues in the crypto space, as does their website. Should you have a wallet that you can’t access for any reason, you can contact KeychainX at [email protected].
