IronKey maker couldn't liberate this locked $260m Bitcoin wallet, even if it wanted to

(Image credit: Shutterstock / REDPIXEL.PL)

Last week, programmer Stefan Thomas revealed he has just two attempts left to unlock a cryptocurrency wallet containing hundreds of millions of dollars’ worth of Bitcoin

In an interview with the New York Times, he explained the private key for a wallet containing 7,000 units of Bitcoin is stranded in an encrypted IronKey USB drive, for which he has forgotten the password.

After a bull run (or period of growth) stretching back to November, Bitcoin is currently hovering at a valuation of circa $37,500, pricing the inaccessible holdings at roughly $260 million.

The manufacturer of the IronKey drive, Kingston Technology, has since confirmed it has no power to assist Thomas in retrieving his private key, even if it wanted to.

“Kingston’s entire line of encrypted USB flash drive - including the military-grade IronKey line with additional tampering protections - allow a maximum of ten password attempts, after which the encryption key is erased and the data, therefore, is not retrievable,” a company spokesperson told TechRadar Pro.

“The drive then forces a reformat and requires a new password to start over. This policy helps thwart potential brute-force attacks. Kingston has no way to recover the data, as designed.”

Bitcoin wallet tragedy

According to Kingston, this is not the first time a customer has been locked out, or almost locked out, of their encrypted drive. But there is no secret backdoor built into the devices, to prevent the opportunity for abuse by hackers, and there are no other fall-backs either.

“There is no backup password or alternative method, other than the original password that was set up by the user to retrieve the data. The default setting is ten attempts when drives leave our factory,” explained the firm.

In some cases, clients demand an even more stringent approach to protecting the data stored in their encrypted drives.

“We have high-level corporate, government and military customers who ask for an even lower number [of attempts] as their data protection needs are highly sensitive,” the spokesperson added.

In short, all Kingston can do to help customers avoid data loss is to advise them to “check for keyboard malfunctions” before entering a password and recommend “that all data on removable USB storage is also backed up elsewhere to protect against drive loss, theft, or damage.”

While his situation is certainly an unenviable one, Thomas is not the first (and likely won’t be the last) to have lost a large sum in Bitcoin.

In 2013, it emerged an IT technician from the UK had accidentally thrown away a hard drive containing 7,500 Bitcoin, which is thought to be buried at a nearby landfill site.

Hundreds of millions of dollars in Bitcoin was also lost by crypto exchange Quadriga after the untimely death of its CEO, Gerald Cotten, who was the only person with access to the wallets containing the funds.

The reason so much Bitcoin is lost is that the network is not overseen by any single entity, so there is no safety mechanism to prevent loss. Decentralization is part of what attracts many people to the world of cryptocurrency, but it also involves playing with fire to some extent.

If crypto owners choose to keep their holdings in a non-custodial wallet, outside of an exchange, forgetting or losing the private key becomes a fatal mistake.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.