My $200,000 bitcoin odyssey

How I recovered cryptocurrency from a broken laptop.

This was not what I expected to be doing with my October. But there I was, on a flight to Hong Kong, hoping I would be able to retrieve $200,000 worth of bitcoin from a broken laptop.

Four years ago, I was living in Hong Kong when a fellow journalist named Mike* and I decided to invest in bitcoin. I bought four while Mike went in for 40; I spent about $2,000 while he put in $15,000. At the time, it seemed super speculative, but over the years, bitcoin surged and Mike seemed downright prescient. I had since relocated to Los Angeles and had been texting Mike about the 2,000 percent rise in our investment.

*Name changed for anonymity.

Strangely, I wasn't getting much of a response from him. He had 10 times as many bitcoins as I did -- shouldn't he at least have been excited? Finally, when the price of one bitcoin broke $4,000 this summer, I sent him this message: "You do still have those bitcoins right?" That's when he broke it to me: "Maybe not ..."

Here's what happened: At some point in 2013, Mike had rightfully become concerned about security. He initially kept his coins in an exchange called LocalBitcoins. Exchanges are commonly used to buy and sell cryptocurrency, but you shouldn't keep your coins there. The most infamous bitcoin scandal to date was when Mt. Gox, an exchange based in Japan, lost 850,000 of its users' bitcoins.

Exchanges can also suddenly close, as some did in China this year when the Chinese government suddenly made them illegal. Any serious cryptocurrency investor will tell you that your coins are best kept in "cold storage" (an offline hardware wallet). That's what I'd done with mine, but Mike hadn't gone that far three years ago when he started thinking about security. Instead, he set up a software wallet. It was a good step, but he would soon learn, it was not foolproof.

Today, there are many sophisticated and intuitive wallet options, but choices were narrower in 2013. Mike used MultiBit, which was popular at the time but has since been discontinued due to numerous flaws.

It's obvious MultiBit was written in a hurry: The interface is counterintuitive, presenting you with a prominent button that says "create wallet" that allows you to generate new wallets inside the software. Most users only need one wallet, but MultiBit practically demands that you set up multiple. On top of this, it allows you to add multiple passwords to each wallet, even though these aren't required. With only a few minutes of clicking, you could create dozens of wallets, each with dozens of passwords. In short, it has a lot of room for error.

In March 2014, on an unseasonably sweaty night in Hong Kong, Mike created a new wallet on Multibit, moved his 40 bitcoins into it and then added a password. In the infinite wisdom of the MultiBit programmers, there was no option to double-confirm the password. Hope you typed it in right! The problem was, Mike knew he hadn't. He tried what he thought was the password, and it was rejected. Again and again he was bounced. His finger had slipped when he entered the password, he was sure of it -- there was an extra keystroke somewhere. But which key, and where?

Since Mike was in the bitcoin game for the long haul, he moved on after a week or two of trying and retrying his password. The years ticked by, and the bitcoin price languished for between $200 and 400, so it didn't feel urgent. He figured that there would be a solution one day, and so he put his 2007 MacBook with his MulitBit wallet in a safe corner of his office, where it quietly died from a motherboard failure.

Mike called me earlier this year. "I have to tell you the truth, and this is a major mental block for me, but I may have totally lost my bitcoins." He told me about the now dead laptop and the MultiBit fiasco. He spoke like he was in a confessional, cowed with shame and begging for forgiveness. The price of bitcoin at that time put Mike's loss at about $180,000 and rising. He told me he was planning to fly to the offices of KeepKey, the new owners of the legacy MultiBit products, and ... pray maybe? I told him to wait.

As I listened to his problem, I got it into my head that I could fix this for him, even though I wasn't sure how. I knew a fair bit about how bitcoin wallets work, but I was certainly no expert. I guess I liked the tantalizing challenge -- after all, bitcoin was skyrocketing, and we were approaching $200,000 of real stakes here. In short, it was worth a shot.

Getting the hard drive from his old MacBook would be easy, just a matter of plugging the drive into a new computer. The challenge was the MultiBit side of things. I tracked down an old version of the now discontinued software and discovered that there were multiple ways to restore wallets using MultiBit. The software generates encrypted backups for each wallet, and it also encrypts separate backups of the private keys. The entire program and all wallets inside of it could also be restored from the seed words, but Mike had, of course, lost those too.

It soon became clear that we had, at best, a 50 percent chance of success: We could either decrypt a wallet backup or a key backup. To do either, we'd have to use a password that Mike would have to remember. I broke the news to him, and he offered to pay me a percentage of whatever we could recover. Although I could try to restore his wallet remotely, he wanted me to come and sit there with him. This was as much a personal failure as an IT failure, and he needed someone to share the experience with.

I arrived in Hong Kong at the beginning of the Mid-Autumn Festival. This is the full moon festival, celebrating the fall solstice. In Hong Kong, this means several days of public holiday.

First things first, we had a technician from one of Hong Kong's bustling computer malls transfer the data off the dead hard drive -- we got him on his last day before the holiday. Retrieving the data was an easy enough operation. Soon, we were looking at the MultiBit backup files on my computer: So far, so good.

It's helpful here to understand what a bitcoin actually is. The best explanation I've heard is metaphorical: Money began as a physical object, and then it shifted to become your identity (i.e., your name on your bank account). But cryptocurrencies like bitcoin are virtual objects, which means they exist in the digital space, not tied to anyone's identity.

Like a digital dollar bill, a bitcoin can be traded, stolen or lost. But this is still just a symbolic representation of the actual fact: A bitcoin is really just a cryptographically locked address on the blockchain, so rather than having a bitcoin "on" your computer, what you actually have is the private key that can unlock a bitcoin's location on the blockchain. It was that key that we were searching for in Mike's mess of MultiBit folders.

Now that we had the backup files, it was time to get to unlocking. Mike had seemingly created half a dozen or so different wallets when he was securing his bitcoins -- no doubt, a result of the software's baffling interface. The good ol' process of elimination would narrow this down to the wallet that was the ultimate destination for the bitcoin. We loaded up the first wallet file and entered the password Mike had intended to type all of those years ago, and it unlocked. That was a good sign: It meant we knew the password Mike remembered actually worked with at least some wallets -- just not, perhaps, the only one that mattered. The wallet started syncing to the blockchain.

The blockchain is often described as a decentralized public ledger. In practical terms, that means it's a long list of every transaction that has ever occurred. It's "decentralized" because every transaction is confirmed via a math problem solved by computers set up as "miners." Updating the chain from years ago would take time -- about 80 minutes in our case. The full moon was rising in Hong Kong, and we ate Thai food, anxiously waiting for the blockchain to sync.

Each time we saw the $200,000 worth of coins arrive on Nov. 20th, 2013, and vanish on March 20th, 2014.

We watched as the wallet displayed 40 bitcoins arriving on Nov. 20th, 2013. It also displayed the current value: $200,000.

This looked like success, but I urged caution: The chain was still four years behind present day. And sure enough, when March 20th, 2014, rolled around, the balance in the wallet dropped to $0 as all the bitcoins were transferred out.

We went through four or five other wallets, waiting more than an hour for the blockchain to sync to each one, and each time we saw the $200,000 worth of coins arrive on Nov. 20th, 2013, and vanish on March 20th, 2014. At some point it stopped being tragic and started becoming darkly comical.

At 1 AM, we checked another wallet. This time, March 20th, 2014, passed, and the coins remained. We waited an agonizing additional half hour for the blockchain to finish syncing, and ... the balance stayed. We had found what we were looking for.

All that was left was to transfer the coins out of this mess and into a modern wallet (we decided on using Exodus, which is easy to use, simple and secure). But the transfer asked for another password. Remember, MultiBit lets you add additional passwords to wallets. This is what Mike had done on that sweaty night back in 2014. We tried the password we knew, and ... wrong. We tried again and again, carefully calling out each character as we entered it. Wrong, wrong, wrong. We had found ourselves on the bad side of the fifty-fifty.

Why does MultiBit encourage you to use multiple passwords? Why doesn't it at least ask you to confirm your password before saving it? So many questions, shouted into the obsolete software void.

Mike, despairing, wanted to give up, but I hadn't flown halfway around the world for nothing. We opened a spreadsheet and started logging different permutations of the password, trying to brute-force our way through his keystroke error. But after 50 attempts, it seemed like a Sisyphean task. MultiBit accepts all characters, cases, symbols and spaces as valid password characters -- the number of potential solutions were staggering. We turned the air conditioning off in Mike's apartment in an attempt to recreate the "sweaty" temperatures Mike recalled from the fateful night, but nothing worked.

We checked all of his email correspondence from around that date. We found that, teasingly, he had emailed himself three times the day after March 20th about his MultiBit fuckup, but each email was useless, containing irrelevant information Mike thought was important. Mike was a journalist: Perhaps he wrote down password possibilities in a notebook when it was fresh in his mind? But as soon as I asked that question, we found a 2014 Google Chat he had with me five days after the fiasco: In it, Mike told me he was feeling flustered and did some cleaning and threw out all of his notebooks.

Wrong. Wrong. Wrong.

We then resigned ourselves to a new eternal hobby: We figured we'd be trying out various password combinations for as long as we lived, and if the value of bitcoin continued to rise, then we'd be all the more determined to crack this puzzle. Even in my cloud of optimism, this was clearly a recipe for Lovecraftian madness.

I began looking into writing a program that could brute-force permutations of the password, and Mike was becoming increasingly Zen-like. He sat on his sofa, stewing over the nature of the loss, while I turned to sift through his backup files. Suddenly, I was struck with an idea: The additional password that Mike created applied to the wallet itself, but perhaps it didn't apply to the key backup file.

He sat on his sofa, stewing over the nature of the loss, while I turned to sift through his backup files.

I created a new wallet in MultiBit, loaded the key file and unlocked it with the password that we knew worked. As Mike rambled therapeutically about the fleeting nature of money, hopes, dreams, our lives and this very world, I watched as the blockchain synced. Nov. 20th, 2013, rolled around, and $200,000 showed up, as expected. Then March 20th rolled around, and ... the balance stayed.

Interesting. I went to the "send" tab, where we had just spent five hours banging our head against the wrong password rock only to discover that the "send" button was active now, glowing and ready to click -- no password required. This meant that I could click it and ...

Holy bejesus, it worked.

The balance dropped to zero as the transaction was broadcast to the blockchain, and my heart rate spiked. This meant that, as soon as the transaction was confirmed, we would have control of these bitcoins in a new secure wallet.

You typically need two confirmations before a transaction clears to most wallets or exchanges, but you really want seven, which is considered irreversible. After 15 minutes, there were no confirmations. An hour passed. We still had zero confirmations.

We had just stumbled upon another reason that MultiBit is irretrievably broken software: The transaction fee is hard-coded at a miniscule amount. Transactions on the blockchain are confirmed by miners in exchange for a small cut -- but in the three years since this wallet was first written, fees have climbed a magnitude over what was hard-coded into MultiBit. This meant that our fee was pathetically small and the transaction could be left to languish in the mempool (the list of pending transactions) forever. No miner would ever see it, let alone confirm it.

Hong Kong is beautiful at night, especially during the Mid-Autumn Festival. Everyone is at home or on vacation, and the streets are empty -- and yet, the city does not feel turned off. It's idling, waiting to start again. That night, the moon was the brightest and biggest it would be that year. And something unexpected happened in the strange moonlight.

The next morning, I checked the blockchain explorer to find that our transaction had five confirmations. How?! Mike and I rushed to a café to wait for the final two confirmations. As we waited, I furiously Googled and discovered that the mempool could get pretty low sometimes during periods of low transactions, such as ... the Mid-Autumn Festival in China, where most bitcoin miners are located.

Eventually, the confirmations rolled in. By luck, the blockchain had delivered. In a weird way, Hong Kong, and the Mid-Autumn Festival, had delivered. It was a quiet morning in the cafe, but for a moment, the peace was broken by two idiots, cheering and high-fiving in front of a laptop.

In the darkest moments of that night with Mike, it seemed absurd that this encrypted address on a digital ledger mattered so much. But it's no less absurd than the bills in my wallet or the figures in my bank account. Our economy is built on mutual belief and hope.

If something goes wrong in the traditional economy, there's supposed to be someone there to help you. A hotline. A customer service rep. A support ticket. But with bitcoin, there was no institution to save us. We had to do that ourselves. People like JPMorgan Chase CEO Jamie Dimon ridicule cryptocurrencies, dismissing bitcoin as a scam, a Ponzi scheme or a bubble. But he is the institution, after all. He wants a world where we need a JPMorgan Chase to manage our money.

Wealth disparity is at record levels and the ultrarich have cornered the market on every asset class, but with bitcoin, an entirely new economy has sprung into existence. That's the pitch for decentralized cryptocurrencies: They offer hope that there might be another, fairer way of doing things.

Just make sure you secure your hope properly.

Images: Steve Fung (inline Hong Kong); Mat Smith (plane wing)