A tale of one who lost their Trezor password

The Trezor: January 4, 2016: 7.4 BTC = $3,000

In January 2016, I spent $3,000 to buy 7.4 bitcoins. At the time, it seemed an entirely worthwhile thing to do. I had recently started working as a research director at the Institute for the Future’s Blockchain Futures Lab, and I wanted firsthand experience with bitcoin, a cryptocurrency that uses a blockchain to record transactions on its network. I had no way of knowing that this transaction would lead to a white-knuckle scramble to avoid losing a small fortune.

My experiments with bitcoin were fascinating. It was surprisingly easy to buy stuff with the cryptocurrency. I used the airBitz app to buy Starbucks credit. I used Purse.io to buy a wireless security camera doorbell from Amazon. I used bitcoin at Meltdown Comics in Los Angeles to buy graphic novels.

By November, bitcoin’s value had nearly doubled since January and was continuing to increase almost daily. My cryptocurrency stash was starting to turn into some real money. I’d been keeping my bitcoin keys on a web-based wallet, but I wanted to move them to a more secure place. Many online bitcoin services retain their customers’ private bitcoin keys, which means the accounts are vulnerable to hackers and fraudsters (remember the time Mt. Gox lost 850,000 bitcoins from its customers’ accounts in 2014?) or governments (like the time BTC-e, a Russian bitcoin exchange, had its domain seized by US District Court for New Jersey in August, freezing the assets of its users).

I interviewed a handful of bitcoin experts, and they all told me that that safest way to protect your cache was to use something called a “hardware wallet.” This little device is basically a glorified USB memory stick that stores your private bitcoin keys and allows you to authorize transactions without exposing those keys to the internet, where they could be seized by bad actors. I settled on a hardware wallet called the Trezor (the Czech word for “safe”), described by the manufacturer as “bulletproof.” I bought one on November 22 for $100 on Amazon (again, via Purse.io).

When the Trezor arrived, I plugged it into my computer and went to the Trezor website to set it up. The gadget’s little monochrome screen (the size of my two thumbnails, side by side) came to life, displaying a padlock icon. The website instructed me to write down 24 words, randomly generated by the Trezor one word at a time. The words were like “aware,” “move,” “fashion,” and “bitter.” I wrote them on a piece of orange paper. Next, I was prompted to create a PIN. I wrote it down (choosing a couple of short number combinations I was familiar with and could easily recall) on the same piece of paper as the 24-word list.

The Trezor website explained that these 24 words were my recovery words and could be used to generate the master private key to my bitcoin. If I lost my Trezor or it stopped working, I could recover my bitcoin by entering those 24 words into a new Trezor or any one of the many other hardware and online wallets that use the same standard key-generation algorithm. It was important for me to keep the paper hidden and safe, because anyone could use it to steal my 7.4 bitcoins. I transferred my currency from my web-based wallet to my Trezor, tossing both the Trezor and the orange piece of paper into a desk drawer in my home office. My plan was to buy a length of flat aluminum stock and letterpunch the 24 words onto it, then store it somewhere safe. I was going to do it right after the holidays.

The Mistake: March 16, 2017: 7.4 BTC = $8,799

It was 6:30 in the morning. My 14-year-old daughter, Jane, was in London on a school trip, and my older daughter, Sarina, was at college in Colorado. My wife Carla and I were getting ready to leave for the airport to take a vacation in Tokyo. As I was rummaging through my desk drawer for a phone charger, I saw the orange piece of paper with the recovery words and PIN. What should I do with this? If our plane plowed into the ocean, I’d want my daughters to be able to get the bitcoins. The coins had already nearly tripled in value since I bought them, and I could imagine them being worth $50,000 one day. I took a pen and wrote on the paper:

Jane, if anything happens, show this paper to Cory. He’ll know what to do with it. Love, Dad

(“Cory” is Cory Doctorow, my friend and business partner at my website, Boing Boing. He’s not a bitcoin enthusiast, but I knew he’d be able to figure out how to retrieve the master private key from the word list.)

I took the paper into Jane’s bedroom, stuck it under her pillow, and we took a Lyft to LAX.

The Garbage: April 4, 2017: 7.4 BTC = $8,384

We returned from Tokyo on March 24, and I didn’t even think about the orange piece of paper until April 4, when I remembered that I’d put it under Jane’s pillow. That’s funny, I thought. She’s been home more than a week and never said anything to me about it.

I went into her room and looked under her pillow. It wasn’t there. I looked under her bed, dragging out the storage boxes to get a better view, using my phone as a flashlight.

“Carla?” I asked. “Did you see that orange piece of paper with my bitcoin password on it? I can’t find it in Jane’s room.”

“Maybe Jane put it in her desk,” she said. Jane was in school, but I texted and asked her. She said she never saw an orange piece of paper.

“Wait,” Carla said. “We had the house cleaned while we were gone. I’ll call them.”

Carla called the cleaning service we’d used and got the woman who cleaned the house on the line. She told Carla that she did indeed remember finding the orange piece of paper.

“Where is it?” Carla asked.

“I threw it away.”

I knew the garbage had already been collected, but I put on a pair of nitrile gloves and went through the outside trash and recycling bins anyway. Nothing but egg cartons, espresso grinds, and Amazon boxes. The orange piece of paper was decomposing somewhere under a pile of garbage in a Los Angeles landfill.

Carla asked if losing the paper was a big deal.

“Not really,” I said. “It’s just a hassle, that’s all. I’ll have to send all the bitcoins from the Trezor to an online wallet, reinitialize the Trezor, generate a new word list, and put the bitcoins back on the Trezor. It would only be bad if I couldn’t remember my PIN, but I know it. It’s 551445.”

The Forgetting: April 4, 2017: 7.4 BTC = $8,384

I plugged the Trezor into my laptop and entered 551445.

Wrong PIN entered.

I must have made an error entering the PIN, I thought. I tried 551445 again, taking care to enter the digits correctly this time.

Wrong PIN entered.

Uh oh. I tried a slight variation: 554445

Wrong PIN entered.

This is ridiculous, I thought. I knew the PIN. I’d entered it at least a dozen times in recent months without having to refer to the paper. OK, it’s probably 554145.

Wrong PIN entered.

I looked at the tiny monochrome display on the bitcoin wallet and noticed that a countdown timer had appeared. It was making me wait a few seconds before I could try another PIN. My heart fluttered. I went to the hardware wallet manufacturer’s website to learn about the PIN delay and read the bad news: The delay doubled every time a wrong PIN was entered. The site said, “The number of PIN entry failures is stored in the Trezor’s memory. This means that power cycling the Trezor won’t magically make the wait time go to zero again. The best you can do by turning the Trezor on and off again is make the timer start over again. The thief would have to sit his life off entering the PINs. Meanwhile, you have enough time to move your funds into a new device or wallet from the paper backup.” (Trezor is based in Prague, hence the stilted English.)

The problem was, I was the thief, trying to steal my own bitcoins back from my Trezor. I felt queasy. After my sixth incorrect PIN attempt, creeping dread had escalated to heart-pounding panic—I might have kissed my 7.4 bitcoins goodbye.

I made a few more guesses, and each time I failed, my sense of unreality grew in proportion to the PIN delay, which was now 2,048 seconds, or about 34 minutes. I opened my desktop calculator and quickly figured that I’d be dead before my 31st guess (34 years). One hundred guesses would take more than 80 sextillion years.

I broke the news to Carla. I told her I couldn’t remember the PIN and that I was being punished each time I entered an incorrect PIN. She asked me if I’d saved the PIN in my 1Password application (a secure password app). I told her I hadn’t. When she asked me why, I didn’t have an answer.

I knew it would be a mistake to waste a precious guess in my agitated condition. My mind had become polluted with scrambled permutations of PINs. I went into the kitchen to chop vegetables for a curry we were making for dinner. But I couldn’t think of much else besides the PIN. As I cut potatoes into cubes, I mentally shuffled around numbers like they were Scrabble tiles on a rack. After a while, a number popped into my head: 55144545. That was it! I walked from the kitchen to the office. The Trezor still had a few hundred seconds left on the countdown timer. I did email until it was ready for my attempt. I tapped in 55144545.

Wrong PIN entered. Please wait 4,096 seconds to continue…

I barely slept that night. The little shuteye I managed to get was filled with nightmares involving combinations of the numbers 1, 4, and 5. It wasn’t so much the $8,000 that bothered me—it was the shame I felt for being stupid enough to lose the paper and forget the PIN. I also hated the idea that the bitcoins could increase in value and I wouldn’t have access to them. If I wasn’t able to recall the PIN, the Trezor would taunt me for the rest of my life.

The Search: April 5, 2017: 7.4 BTC = $8,325

That morning, bleary eyed, I started looking into ways to get my bitcoins back that didn’t involve recalling my PIN or recovery words. If I’d lost my debit card PIN, I could contact my bank and I’d eventually regain access to my funds. Bitcoin is different. No one owns the bitcoin transaction network. Instead, thousands of computers around the world run software that validates the system’s transactions. Anyone is allowed to install the bitcoin software on their computer and participate. This decentralized nature of the bitcoin network is not without consequences—the main one being that if you screw up, it’s your own damn problem.