I lost $17,000 in Crypto. Here’s how to avoid my mistake

In 2014, I bought 25,000 dogecoin as a joke. In 2021, the card was worth over $17,000. The problem was that I didn’t remember the password. Determined to get my coins back, I embarked on a journey that exposed me to online hackers, the math behind passwords, and a lot of frustration.

While most people don’t have thousands in forgotten cryptocurrency, everyone relies on passwords to manage their digital lives. And as more and more people buy crypto, how can they protect their assets? We spoke to a number of experts to find out how to create the best passwords for your digital accounts and, if you have crypto, what your basic storage trade-offs are. Let’s dive in.

How to hack your own crypto wallet

There are some common ways to lose crypto. You might have a wallet on a hard drive that you throw away. Your exchange can be hacked. You can lose your password or you can be personally hacked and have your coins stolen. For those who lose their password, as I did, hackers actually present a silver lining. If you still control your wallet, try hacking your own wallet – or find someone who will.

So I contacted Dave Bitcoin, an anonymous hacker known for cracking crypto wallets. He agreed to help break into the wallet, for his standard 20 percent fee—paid only if he succeeds. Dave and other hackers mostly use brute force techniques. Basically, they just guess passwords – lots of them.

You can also try hacking your own wallet with apps like Pywallet or Jack the Ripper. But I didn’t want to do it myself, so I sent Dave a list of password options and he got down to business.

After a bit of a wait, I got an email from Dave. “I tried over 100 billion passwords on your wallet,” Dave told me over email. I assumed that such an astonishing amount of attempts meant that my coins were sure to be recovered, but alas, we had only scratched the surface. The password was not hacked and my coins remained lost. But how?

The math behind strong passwords

Each new digit in a password makes it exponentially harder to crack. Consider a one-digit password that can be a letter or a number. If the password is case sensitive, it is 52 letters plus 10 numbers. Not very sure. You can easily guess the password by trying 62 times. (A, a, B, b, C, c … and so on).

Now make it a two-digit password. It won’t be twice as hard to guess – it will be 62 times harder to guess. There are now 3884 possible passwords to guess (AA, Aa, AB, etc.) A six-digit password with the same rules has about 56 billion possible permutations, assuming we don’t use special characters. A 20-character password with these rules has permutations from 62 to the 20th power: that is, 704,423,425,546,998,022,968,330,264,616,370,176 possible passwords. That makes 100 billion look quite small in comparison.

This math was bad news for me, as I’m pretty sure I had some sort of long password, like a few lines of a song lyric. Talk about meeting the music.

Best practices for passwords

Whether it’s for email or a crypto wallet, how do you balance creating a strong password that’s also memorable?

“Passwords are hard to choose,” says Dave, “If you go out of your way to create an unusual password for your wallet that you don’t normally use, it makes it pretty hard for you to remember and for me to help. It it’s easier to guess your password if you use consistent patterns. Of course, this is bad for security, and someone trying to hack your accounts will have an easier time.” Balancing security with memorability is ultimately a tough task that will depend on the individual’s needs and preferences.