I arrived in Hong Kong at the beginning of the Mid-Autumn Festival. This is the full moon festival, celebrating the fall solstice. In Hong Kong, this means several days of public holiday.
First things first, we had a technician from one of Hong Kong's bustling computer malls transfer the data off the dead hard drive -- we got him on his last day before the holiday. Retrieving the data was an easy enough operation. Soon, we were looking at the MultiBit backup files on my computer: So far, so good.
It's helpful here to understand what a bitcoin actually is. The best explanation I've heard is metaphorical: Money began as a physical object, and then it shifted to become your identity (i.e., your name on your bank account). But cryptocurrencies like bitcoin are virtual objects, which means they exist in the digital space, not tied to anyone's identity.
Like a digital dollar bill, a bitcoin can be traded, stolen or lost. But this is still just a symbolic representation of the actual fact: A bitcoin is really just a cryptographically locked address on the blockchain, so rather than having a bitcoin "on" your computer, what you actually have is the private key that can unlock a bitcoin's location on the blockchain. It was that key that we were searching for in Mike's mess of MultiBit folders.
Now that we had the backup files, it was time to get to unlocking. Mike had seemingly created half a dozen or so different wallets when he was securing his bitcoins -- no doubt, a result of the software's baffling interface. The good ol' process of elimination would narrow this down to the wallet that was the ultimate destination for the bitcoin. We loaded up the first wallet file and entered the password Mike had intended to type all of those years ago, and it unlocked. That was a good sign: It meant we knew the password Mike remembered actually worked with at least some wallets -- just not, perhaps, the only one that mattered. The wallet started syncing to the blockchain.
The blockchain is often described as a decentralized public ledger. In practical terms, that means it's a long list of every transaction that has ever occurred. It's "decentralized" because every transaction is confirmed via a math problem solved by computers set up as "miners." Updating the chain from years ago would take time -- about 80 minutes in our case. The full moon was rising in Hong Kong, and we ate Thai food, anxiously waiting for the blockchain to sync.
Each time we saw the $200,000 worth of coins arrive on Nov. 20th, 2013, and vanish on March 20th, 2014.
We watched as the wallet displayed 40 bitcoins arriving on Nov. 20th, 2013. It also displayed the current value: $200,000.
This looked like success, but I urged caution: The chain was still four years behind present day. And sure enough, when March 20th, 2014, rolled around, the balance in the wallet dropped to $0 as all the bitcoins were transferred out.
We went through four or five other wallets, waiting more than an hour for the blockchain to sync to each one, and each time we saw the $200,000 worth of coins arrive on Nov. 20th, 2013, and vanish on March 20th, 2014. At some point it stopped being tragic and started becoming darkly comical.
At 1 AM, we checked another wallet. This time, March 20th, 2014, passed, and the coins remained. We waited an agonizing additional half hour for the blockchain to finish syncing, and ... the balance stayed. We had found what we were looking for.
All that was left was to transfer the coins out of this mess and into a modern wallet (we decided on using Exodus, which is easy to use, simple and secure). But the transfer asked for another password. Remember, MultiBit lets you add additional passwords to wallets. This is what Mike had done on that sweaty night back in 2014. We tried the password we knew, and ... wrong. We tried again and again, carefully calling out each character as we entered it. Wrong, wrong, wrong. We had found ourselves on the bad side of the fifty-fifty.
Why does MultiBit encourage you to use multiple passwords? Why doesn't it at least ask you to confirm your password before saving it? So many questions, shouted into the obsolete software void.
Mike, despairing, wanted to give up, but I hadn't flown halfway around the world for nothing. We opened a spreadsheet and started logging different permutations of the password, trying to brute-force our way through his keystroke error. But after 50 attempts, it seemed like a Sisyphean task. MultiBit accepts all characters, cases, symbols and spaces as valid password characters -- the number of potential solutions were staggering. We turned the air conditioning off in Mike's apartment in an attempt to recreate the "sweaty" temperatures Mike recalled from the fateful night, but nothing worked.
We checked all of his email correspondence from around that date. We found that, teasingly, he had emailed himself three times the day after March 20th about his MultiBit fuckup, but each email was useless, containing irrelevant information Mike thought was important. Mike was a journalist: Perhaps he wrote down password possibilities in a notebook when it was fresh in his mind? But as soon as I asked that question, we found a 2014 Google Chat he had with me five days after the fiasco: In it, Mike told me he was feeling flustered and did some cleaning and threw out all of his notebooks.
Wrong. Wrong. Wrong.