They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird

Screens in Unciphered’s lab show a microscopic image of the layout of

the IronKey’s controller chip (left) and a CT scan of the drive.

On a Wednesday in late September, a hacker who asked to be called Tom Smith sent me a nonsensical text message: “query voltage recurrence.”

Those three words were proof of a remarkable feat and potentially an extremely valuable one. 

A few days earlier, I had randomly generated those terms, set them as the passphrase on a certain model of encrypted USB thumb drive known as an IronKey S200, and shipped the drive across the country to Smith and his teammates in the Seattle lab of a startup called Unciphered.

Smith had told me that guessing my passphrase might take several days. Guessing it at all, in fact, should have been impossible: IronKeys are designed to permanently erase their contents if someone tries just 10 incorrect password guesses. 

But Unciphered's hackers had developed a secret IronKey password-cracking technique

one that they've still declined to fully describe to me or anyone else outside their company that gave them essentially infinite tries. My USB stick had reached Unciphered’s lab on Tuesday, and I was somewhat surprised to see my three-word passphrase texted back to me the very next morning. With the help of a high-performance computer, Smith told me, the process had taken only 200 trillion tries.

Smith’s demonstration was not merely a hacker party trick. He and Unciphered’s team have spent close to eight months developing a capability to crack this specific, decade-old model of IronKey for a very particular reason: They believe that in a vault in a Swiss bank 5,000 miles to the east of their Seattle lab, an IronKey that's just as vulnerable to this cracking technique holds the keys to 7,002 bitcoins, worth close to $235 million at current exchange rates.