The £175 Million Password (And What It Can Teach Us About Cybersecurity)

Published
Bitcoins

Executive Summary

  • A decade ago, San Francisco based Stefan Thomas stored 7000 bitcoins in a digital wallet on a USB drive, wrote down the password, then forgot all about it.
  • Years later, the price of each bitcoin has now surged to over £26,000, meaning Stefan’s locked USB drive has become a treasure trove worth over £175 million.
  • The only problem? Stefan has lost the password to the USB drive and has only two guesses left before the drive erases itself – and the digital currency it holds within – forever.

Introduction

Forgetting a password is frustrating at the best of times.

But when you’re watching your remaining password attempts count slowly tick down, it can become a nerve-shredding experience.

That’s bad enough when you might lose access to your email (at least until an admin resets it) – but what if that password was guarding almost £200 million?

And what if you’d lose it all if you ran out of tries?

That’s the precise situation that German-born Stefan Thomas has found himself in during the first week of 2021. And, perhaps unsurprisingly, it’s driving him to distraction.

Let’s learn more about this (potential) bitcoin millionaire, and what his story can teach UK businesses about cybersecurity and keeping our passwords safe.

What is bitcoin, exactly?

Before we dig into the juicy details of this most surprising of stories, let’s take a quick pit-stop for those who might be unfamiliar with bitcoin.

Launched in January 2009, bitcoin (or BTC) is a digital currency, or cryptocurrency, which operates in a totally decentralised way. It’s not tied to any bank or administrator of any kind – it’s completely peer-to-peer, meaning the network is created by individuals on their computers, rather than relying on a central banking computer system. This distributed approach makes it one of the most secure forms of transaction on the planet.

Bitcoins do not exist in a physical form, but instead as digital “keys” which can be stored in digital wallets on hard-drives and other forms of storage. They can also be encrypted as a set of “seed” words which can then be used to unlock the digital wallet.

The value of bitcoin comes from the fact that only 21 million of them will ever be made. Just like any other scarce material on earth (digital or not), this lack of availability makes them valuable. And that value has soared in the last few years. In 2013, a single bitcoin cost $120. Today, it’s more than $30,000.

It’s here that Stefan Thomas enters the picture.

The story behind the £175 million password

The tale begins simply enough: back in 2011, Stefan made a casual agreement to create an animated video about cryptocurrency in exchange for some of these so-called “bitcoins”.

Out of pure curiosity, he agreed to the deal and was paid just over 7000 bitcoins for his efforts. At the time, each bitcoin was essentially worth a dollar – so the pay was actually pretty good.

Stefan knew there was an off chance the BTC could grow in value, so he decided to secure them in a digital wallet and wait it out. He did so by adding the bitcoins private keys to an “IronKey” USB drive which he then secured with a unique password. For his own peace of mind, he wrote the password down and stored it away from the drive.

So, the years went by, and the value of bitcoin slowly ticked upward.

It wasn’t until recently that Stefan even noticed that bitcoins were reaching $30,000 each in value – and it was then that he remembered his hidden treasure.

Like anyone else would, he excitedly dug out the IronKey USB drive with the intention of selling the coins and bagging a cool £175 million. The only problem?

He’d lost the password. Not only that, but he didn’t have the first clue of which password he’d used. In an attempt to be as secure as possible, he’d actually locked himself out of his own millions.

The IronKey in question has a bonus security feature whereby, if a user tries an incorrect password more than ten times, it wipes the drive forever.

As of mid-January 2021, Stefan has made 8 attempts on the password.

That’s two left. Two chances to unlock almost $200 million dollars – or two chances to destroy it.

And all because of poor password management.

4 lessons small businesses can learn from the (almost) bitcoin millionaire

So, what we can learn from Stefan’s tricky predicament?

Naturally, most of us probably won’t be wrestling with decade-old hard drives to unlock millions, but we will often need to protect critical data in our businesses.

With that in mind, here are a few key takeaways for UK businesses on how best to manage your passwords for better cybersecurity.

  1. Remember that the human is usually the weakest link. The golden rule when it comes to passwords is that they’re only as infallible as the person who creates them. Even the best security systems in the world can be compromised if somebody decides “letmein” is a good enough password for their critical data.
  2. Hedge your bets by using a Password Manager. Did you know that, according to research, the average person has 100 passwords to remember? That sort of number is mind-boggling, so it’s important to keep things simple. One of the best ways to do that is to use a Password Manager, which allows you to set one ‘master’ password to rule them all.
  3. Make sure you have a safety net in place. As the story we’ve covered today proves, it doesn’t matter how hard you try, sometimes passwords just escape us. In that case, it’s important to have something in place as a safety net. Depending on the account, many providers will offer you the choice of receiving backup codes via email when you first sign up for an account. Be sure to use these options as soon as they’re offered: print out those codes, and keep them locked up safe.
  4. Always use Multi-Factor Authentication (MFA). While your password is a solid measure for keeping your account and data safe, (assuming you can remember it), we also recommend that you add additional security by using Multi-Factor Authentication. Although Stefan isn’t the best example of how to manage your passwords, MFA does offer an extra layer of security in case your password falls into the wrong hands if you choose to write it down for safe-keeping.

Don’t put your business at risk – talk to Get Support

If the chilling story of Stefan and his two remaining password attempts has you feeling a little uncomfortable, don’t worry.

At Get Support, we’re experts at implementing scalable cybersecurity solutions to keep you and your business data safe and secure.

Whether you need help with recommendations on secure IT systems, comprehensive IT support services, or cyberthreat detection and response, we’re here to help.

Get the ball rolling today by calling the team on 01865 59 4000 or filing in the contact form below.

Latest From The Blog

Cyber Essentials is changing (again) in 2025. But there’s good news.   

Cyber Essentials is changing in 2025. Get up to speed on the key updates, including passwordless authentication and vulnerability fixes.

Microsoft 365 Copilot Release Roundup: August, September, October 2024  

Discover the latest updates for Microsoft Copilot released during August, September, and October 2024.

What's new with the Windows 11 24H2 update?

Here’s a Get Support guide to the latest Windows 11 24H2 update, including what matters most for small businesses.