Whopping 25 Bitcoin (BTC) Stolen After 10 Years Of HODLing

20 Nov 2023

A Bitcoin veteran and his father recently discovered the theft of ~25 BTC ($919,000) HODLed since 2012 ❗❗❗
In this article, we will review:
👉 What did it happen
👉 How the theft could have been prevented
👉 What is our take on how the theft took place

What Did It Happen?: Seed Phrase Exposed

A video by @RMessit (aka Rick) posted on Twitter (X) revealed that the seed phrases to their Bitcoin wallet were stored in a self-hosted password manager, KeePass.
The KeePass vault was protected by a 30-bit password (too weak❗❗❗) known only to the father and son, but it was breached.
While uncertain about the breach, Rick suspects the following: 
☠️ Most probably the device, where the password manager was installed, had been hacked
☠️ And the hacker was able to install a keylogger or was able to crack the 30-bit password.
👉👉👉 You can watch the full 5 minutes video in this Twitter (X) post.

What they did do correctly?

Rick and Father had the seed phrases stored using a 'relatively' secure system (Even though we know that there can be a lot of debate if the system was secure enough or not...).
The password to access the password manager was not written or stored anywhere but in their heads.

What could have been improved?

The password manager was stored in an electronic device (most probably a laptop or mobile phone) that can be hacked.
Rick and his father, while knowledgeable, may have underestimated the security and safety threats that we all are exposed to.
The 30-bit password is far too weak, as described by the KeePass Password Quality Estimation Page.
👉 Learn about entropy using this Password Entropy Calculator

Secure Your Crypto Assets with Hardware Wallets

In the video, Rick urges Bitcoin users to adopt hardware wallets for cold storage.

Why does Rick give such advice?
Unlike a password manager, a hardware wallet is not exposed even if your laptop, computer, or mobile device becomes compromised.
- Offline Storage Isolation: Unlike software wallets or password managers on internet-connected devices, hardware wallets store private keys offline. This isolation from online threats makes it extremely difficult for hackers to gain unauthorized access.
- A more Secure Element: Hardware wallets are equipped with a secure element chip, providing an extra layer of protection. This chip is resistant to tampering and unauthorized access attempts.
- Immunity to Keyloggers or Malware: Since the private key never enters an online device in an accessible format, it is immune to keyloggers. Even if a user accesses their hardware wallet on a compromised computer, the private key remains secure

👉 But, ❗❗❗ take note because this is very important ❗❗❗ if you do not SAFELY STORE YOUR HARDWARE WALLET SEED PHRASE AND PRIVATE KEY you will find yourself in a similar unpleasant and stressful situation:
- If you store the seed phrase or private key in an electronic form, they may get stolen, the same as what happened to Rick.
- You may want to consider storing your seed phrase and private keys in written form (on a piece of paper) and storing them in a safe place, like a home safe, protected from robbers and accidents.
- In any case, if you have any valuable amount of crypto or digital assets, you want to learn how to protect them from hacks, scams, and accidents by increasing your crypto safety knowledge and applying good safety practices.

The Efforts to Track Down the Thief - Community Support At Its Best 👍

Bitcoin enthusiasts have initiated efforts to trace the stolen coins.

👉 @coinableS observed the hacker's reuse of Bitcoin addresses and identified weak attempts at coin mixing.

👉 If the stolen funds are recovered, the victim plans to keep 1 BTC, allocate 1 BTC to charitable causes, and reward the bounty hunter with the remaining recovered amount.

Our Take On What Could Have Happened

It is suspicious that after 10 years of HODLing, the crypto was stolen while on a trip.
Rick has stated that most probably the device where the password manager was installed was compromised.
Based on that, we can speculate about the following two scenarios as a possible cause for the theft:

Scenario 1: Rick or his father connected to an unsecured network and they were victims of a Man-in-the-Middle (MitM) attack. 

In our post 'Be Careful! A Surprisingly Simple Way To Bypass 2FA' we explain how MitM attacks can be used to bypass 2FA. But MitM attack can be used to inject malware into the victim's device. And that malware can be used to spy on the victim's activity.

Scenario 2: Rick and his Father were identified by hackers as high-value targets

It gives the impression that Rick and/or the father didn't keep a low profile.

We don't know to what extent their portfolio was made public but if a hacker group figured out that they hold +25 BTC, that made them very vulnerable.
They are not the first to be hacked due to maintaining a public profile.
In our previous posts, we have explored two similar cases:
Mark Cuban 870K USD Hot Wallet Hack -Could Have Been Prevented?
Blockchain Capital Bart Stephens SIM SWAP Hack - Could Have Been Prevented?

If you think... How could this happen?
Well, with enough information and technical expertise, an organized group can 'easily' take over digital accounts and electronic devices.
As an example, have a look at this article explaining how a simple-looking cable can be used to hack your mobile devices.

If you hold a valuable amount of crypto assets:
- You may want to keep a low profile
- Or pump up your crypto and digital safety and security as much as possible
Our most sincere appreciation goes out to @RMessitt for his openness, allowing us all to learn valuable insights from his unfortunate experience.
As well, our sincere gratitude extends to the Crypto Community for showing outstanding support and actively participating in efforts to aid Rick in recovering the stolen cryptocurrency.
@RMessitt, we empathize with the anguish and stress you and your father are enduring. Our deepest apologies that you find yourselves confronted with such a distressing ordeal.
The reality is that anyone can fall prey to hacks, scams, or unforeseen accidents. However, as we collectively increase our understanding of these risks, the likelihood of such incidents decreases.
If any member of our community faces adversity, let us stand united in providing unwavering support for one another.
Together, we can navigate and overcome the challenges posed by the ever-evolving landscape of digital assets.
Congratulations on completing this 5-minute digital safety power-up.
We hope this short article has helped increase your crypto safety knowledge and awareness, and the 5 minutes read was worth the time.

For more short but important articles about Crypto Safety topics, please consider subscribing to our blog.

Write & Read to Earn with BULB

Learn More

Enjoy this blog? Subscribe to CryptoSafetyFirst


Seed phrases always OFFline
Gary Cartlidge
Good ol bitcoin ay lol
Thanks for sharing this and the importance of securely storing seed phrases. Hopefully the misfortune for Rick can educate many others to prevent or limit this from happening again.
This news always makes me very anxious
such scams are part of crypto market and in this case interesting thing is they HOLD the STOLEN BTC for 10 years. amazing !!
Surely witnessing the beauty of 25 Bitcoins vanish into thin air must be truly devastating. I feel so sorry for them...
I love this article
Very interesting article, thank you very much!
oh dear this poor people ;(
I guess it goes without fail, never show yourself around the social media - if you have anything of value to protect. Secondly, I keep my passkey on paper. No amount of hacks - unless someone broke into my house, go through my small - not identifiable as something priceless note, and stole it. lol. Can't be too safe these days, I'd never leave any password or keyphrase in my comp.
What ?? There is a fortune
very very good
thanks for the information this is need to know info and good lesson
thanks @CryptoSafetyFirst for your article. That's terrible, losing 25 BTC after 10 years
This was a fantastic write up. You really went over that with an eye for detail. Appreciated!
The story of this stolen Bitcoin serves as a cautionary tale for all cryptocurrency holders. The author's analysis of the potential vulnerabilities that may have led to the theft provides valuable insights into improving security practices. I found the discussion of phishing scams and social engineering attacks to be particularly informative.
Great article explaining in detail how hackers work. A good source of information on how to be safe.