The Mistake: March 16, 2017: 7.4 BTC = $8,799
It was 6:30 in the morning. My 14-year-old daughter, Jane, was in London on a school trip, and my older daughter, Sarina, was at college in Colorado. My wife Carla and I were getting ready to leave for the airport to take a vacation in Tokyo. As I was rummaging through my desk drawer for a phone charger, I saw the orange piece of paper with the recovery words and PIN. What should I do with this? If our plane plowed into the ocean, I’d want my daughters to be able to get the bitcoins. The coins had already nearly tripled in value since I bought them, and I could imagine them being worth $50,000 one day. I took a pen and wrote on the paper:
Jane, if anything happens, show this paper to Cory. He’ll know what to do with it. Love, Dad
Carla called the cleaning service we’d used and got the woman who cleaned the house on the line. She told Carla that she did indeed remember finding the orange piece of paper.
“Where is it?” Carla asked.
“I threw it away.”
Saleem wanted the equivalent of $3,700, almost four times as much as the original fee, but I figured it was worth it (and was a vastly better deal than the one zero404cool had offered me). If I could just see my PIN again—the one that Trezor, Wallet Recovery Services, Reddit users, and everyone else told me was irrecoverable
I pushed the little button I’d wired to the printed circuit board to soft-reset the Trezor. Its display showed an exclamation point in a triangular icon and said:
WARNING Unofficial software detected
Thanks for the warning, I thought. This was exactly what I was trying to do: run unofficial software on this damned thing. I pressed one of the Trezor’s buttons to confirm that I wanted to proceed, and the screen said EXPLOIT, which meant Saleem’s software was on the Trezor. There was no turning back. Either this was going to work, or the Trezor would be wiped clean and my bitcoin would be gone forever, even if I happened to recall my PIN sometime in the future. Now I needed to enter a few more commands to read the contents of the Trezor’s static RAM (the part where my 24 word seed and PIN would reside, as long as the Trezor didn’t lose power).
“OK,” I told Jane as I entered a command, “this is going to tell us the seed.” I leaned over the keyboard and hit enter.
I sat back, and said quietly, “Oh my God. It worked.”
The 24 seed words I’d written on an orange piece of paper in December and lost in March had risen from the cryptographic confines of the bulletproof Trezor and were now gently glowing on the screen of my computer. I could stop here if I wanted. Those 24 words were the only thing I needed to recover my 7.4 bitcoins. I could just reinitialize the Trezor and enter the words back into it and I would be done. But there was one more thing I needed to do, and it was even more important than the money. I wanted to force the fucking Trezor to cough up my PIN.
Following Saleem’s instructions, I copied a string of text from the terminal window and added it to a Linux command Saleem had supplied. The PIN appeared instantly.