Crypto Startup Bankrupt After Losing Password To $38.9 Million Physical Crypto Wallet (404media.co) 77
An anonymous reader quotes a report from 404 Media: A buzzy startup offering financial infrastructure to crypto companies has found itself bankrupt primarily because it can't gain access to a physical crypto wallet with $38.9 million in it. The company also did not write down recovery phrases, locking itself out of the wallet forever in something it has called "The Wallet Event" to a bankruptcy judge. Prime Trust pitches itself as a crypto fintech company designed to help other startups offer crypto retirement plans, know-your-customer interfaces, ensure liquidity, and a host of other services. It says it can help companies build crypto exchanges, payment platforms, and create stablecoins for its clients. The company has not had a good few months. In June, the state of Nevada filed to seize control of the company because it was near insolvency. It was then ordered to cease all operations by a federal judge because it allegedly used customers' money to cover withdrawal requests from other companies.
The company filed for bankruptcy, and, according to a filing by its interim CEO, which you really should read in full, the company offers an "all-in-one solution for customers that remains unmatched in the marketplace." A large problem, among more run-of-the-mill crypto economy problems such as "lack of operational and spending oversight" and "regulatory issues," is the fact that it lost access to a physical wallet it was keeping a tens of millions of dollars in, and cannot get back into it. [...] For several years, the company then took customer deposits into this address, to the tune of tens of millions of dollars. In December, 2021, "when a customer requested a significant withdrawal of ETH that the company could not fulfill [from other wallets,]" it went to withdraw it from this hardware wallet. "It was around this time that they discovered that the Company did not have the Wallet Access Devices and thus, could not access the cryptocurrency stored in the 98f Wallet."
The company then, for several months, had to "use $76,367,247.90 in the aggregate to purchase ETH to fund customer withdrawals." The money stuck in the wallet is currently worth $38.9 million as of August 22, it claimed. It is worth mentioning that the company did not tell regulators or customers about this issue for months after it discovered the problem. The company has still not solved this issue: "The Company remains unable to access the 98f Wallet," it wrote. "The investigation continues." Prime Trust swears in its filing that this was an "aberrant" event and "extremely unlikely to occur again."
The company filed for bankruptcy, and, according to a filing by its interim CEO, which you really should read in full, the company offers an "all-in-one solution for customers that remains unmatched in the marketplace." A large problem, among more run-of-the-mill crypto economy problems such as "lack of operational and spending oversight" and "regulatory issues," is the fact that it lost access to a physical wallet it was keeping a tens of millions of dollars in, and cannot get back into it. [...] For several years, the company then took customer deposits into this address, to the tune of tens of millions of dollars. In December, 2021, "when a customer requested a significant withdrawal of ETH that the company could not fulfill [from other wallets,]" it went to withdraw it from this hardware wallet. "It was around this time that they discovered that the Company did not have the Wallet Access Devices and thus, could not access the cryptocurrency stored in the 98f Wallet."
The company then, for several months, had to "use $76,367,247.90 in the aggregate to purchase ETH to fund customer withdrawals." The money stuck in the wallet is currently worth $38.9 million as of August 22, it claimed. It is worth mentioning that the company did not tell regulators or customers about this issue for months after it discovered the problem. The company has still not solved this issue: "The Company remains unable to access the 98f Wallet," it wrote. "The investigation continues." Prime Trust swears in its filing that this was an "aberrant" event and "extremely unlikely to occur again."
I'd call 'scam' but... (Score:5, Interesting)
Normally with crypto it starts, runs, and terminates as a scam.
In this case though, if those coins ever move some very specific people will be going to jail very quickly.
This one actually sounds like comical incompetence.
Re:I'd call 'scam' but... (Score:4, Insightful)
Re: (Score:2)
If those coins ever move, the people who claimed they lost the password go to jail.
How do they potentially get away with that once the courts have been involved?
Re: (Score:2)
1. Wait long enough for the court to not be paying attention anymore.
2. Non-extradition country
3. Don't immediately start buying mansions and supercars and such, obfusticate the money while making it look like you still don't have it, and aren't the one that still had the password(or the crypto details that are supposedly lost in the hardware wallet). Basically, wait until the court decides that it's a 3rd party.
etc...
Re: (Score:2)
It is a hardware wallet, so if the court had any inkling that type of scam was occurring they could simply require the device to be placed in escrow.
Re: (Score:2)
It is a hardware wallet, so if the court had any inkling that type of scam was occurring they could simply require the device to be placed in escrow.
I'm thinking that you'd either give the court a fake (bricked, so who can tell?) wallet, or have the information that the wallet had contained until it was bricked stored in a different location as well.
Re: (Score:2)
If someone had any clue at all, they would have saved a BIP-39 recovery code somewhere. Then, they could hand the hardware wallet over for escrow or some other thing.
Every hardware wallet I've owned [1], either forces you to create a recovery code with large warnings to save the thing, or has some obvious warnings about doing that ASAP. In fact, it is a best practice to first set up the hardware wallet, then erase/factory reset it, and set it up again (this ensures the setup is clean.) From there, copy d
Re: (Score:2)
Re: (Score:2)
Of all the countries without a US extradition treaty, by far Morocco sucks less. Although the Maldive islands compete well.
https://www.townandcountrymag.... [townandcountrymag.com]
Re: (Score:2)
Re: (Score:2)
Yeah, but this camel is tough on the spine.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1, Interesting)
Normally with crypto it starts, runs, and terminates as a scam.
In this case though, if those coins ever move some very specific people will be going to jail very quickly.
This one actually sounds like comical incompetence.
That actually sounds like culpable incompetence. If you run a crypto exchange, then loosing the master password to everything should land you in jail, period, regardless of whether that money later mysteriously vanishes or not.
Re: (Score:3)
> If you run a crypto exchange, then loosing the master password to everything should land you in jail, period
If you run a crypto exchange, then that should land you in jail, period
FTFY :-)
Re: (Score:3)
Re: (Score:3)
the CEO is not some 20-something Starbucks barista moonlighting at a tech company. He has a law degree from a big well known law school and 20 years experience as a corporate lawyer "focusing on the areas of bank finance, securitization and derivatives, distressed debt, out-of-court workouts, emerging companies and technology, securities, mergers and acquisitions, and alternative finance"
Exactly the sort of person who, faced with any kind of technical problem, leaves it to Rajesh. But in this case, there was no Rajesh around to handle it.
Re: (Score:2)
You're assuming these are the kinds of coins where anyone would be able to know if they moved. The company could've just rug-pulled $39M in Monero and then claimed it's stuck on this hardware wallet.
Re: (Score:2)
Sure they did. (Score:3)
Re: (Score:1)
We can't use Fleming's famous dictum for cryptos, because there's never a second and third time.
Re: (Score:3)
It's a startup. Stupid mistakes are the norm there. Startups are not run by professionals with professional attitudes. They're often run by bros who hire their bro friends. Startups move fast and break things - smart companies on the other hand move slowly and carefully.
Slowly and carefully means putting the asset in a safe, and they key to the asset in a different safe, and if smart you make shards of the key and spread them across more than one safe in different locations.
Meanwhile, I imagine the CEO h
Re: (Score:2)
Re: (Score:2)
I've been at about a dozen startups. There was plenty of dumb shit going on but never anything this epic.
It was more like push untested code to production or the backups were on someone's laptop or the dns registration was always keyed to the ceo founder's personal credit cards so renewal and transfer was a pita.
But "lose" $38 million dollars? No. That is not standard startup dumb fuckery.
Nuclear Facepalm (Score:2)
It's "password" you idiots! Don't you remember?
Re: (Score:3)
Dark Helmet: So the combination is one, two, three, four, five. That's the stupidest combination I've ever heard in my life! That's the kinda thing an idiot would have on his luggage!
[President Skroob walks in.]
Skroob: What's the combination?
Colonel Sandurz: One, two, three, four, five.
Skroob: One, two, three, four, five? That's amazing! I've got the same combination on my luggage!
[Colonel Sandurz and Dark Helmet give each other a look.]
Re: (Score:2)
What do you mean "anymore"?
Re: (Score:2)
No they didn't. There was no point in history where password management was in any way good. Specific select individuals may have good password management practices, but since the dawn of computers password management practices varied between using the obviously-guessable, the so-complex-they-get-lost, or the postit-note on the screen.
People have always managed passwords stupidly. Your assertion that anything has changed for the worse is just silly on the face of it.
We should read the bankruptcy filing??? (Score:2)
The company filed for bankruptcy, and, according to a filing by its interim CEO, which you really should read in full
This is Slashdot, right? I'll bet half the readers won't even get this far into the summary, let alone read the filing itself.
And why exactly *should* we read it? A clue might help!
Re: (Score:2)
being a bankruptcy attorney, I, too, was wondering why.
They are page upon page of listings of assets and sets, and some other broad financial information.
There isn't *supposed* to be a narrative of how you got there.
Besides, if someone wants me to read one, I expect my regular hourly . . .
hawk, esq.
Re: (Score:2)
Yep, if I had to read that stuff, I'd want to be paid a lawyer's hourly rate as well!
Reminds me of the guy that wanted to buy a dump (Score:3)
They guy, James Howells, accidentally threw away a hard drive containing hundreds of millions in crypto, and now wants to buy the dump so he can comb through every piece of trash, looking for the lost money.
https://www.businessinsider.co... [businessinsider.com]
Oops!
Morbidly impressive... (Score:3)
In this case "hardware wallet" basically just means "We decided to ignore decades of peple storing stuff in HSMs, because reasons; and half-ass it instead". The idea that 'hardware wallet' is a novel thing is somewhat more defensible for very low value stuff, since the HSM market hasn't traditionally been in the business of impulse-buy price points and nontechnical rando ease of use; but if they keys are worth $40 million and you are still faffing around with someone's kickstarter USB dongle there's something wrong with you.
Re: (Score:2)
I like that it's a "fintech" company, where the lack of common sense knowledge about the "tech" means they no longer have the "fin".
This is going to turn comments into rockyou.txt (Score:1)
The church of crypto, let us pray (Score:2)
And give us this day our daily scam...
It called a rug pull (Score:4, Interesting)
"Lost" access to their wallet. Yeah, right, and might they also be selling bridges too?
You can bet that after a few years, when nobody is watching, the wallet would be "mysteriously" accessed and the money taken away.
This is just a thinly veiled rug pull, and that is weak point of any crypto scheme because no crypto coin can actually process transactions fast enough to be practical, crypto scammers always have to rely on "exchanges" who can just take all the money and run any time. Oh, or just "lose access" to the wallet. LOL.
Re: (Score:2)
Indeed. I see almost zero probability this is not simply a lie to cover theft. My guess would be that wallet is already empty.
Re: (Score:2)
No, if that wallet address ever shows outgoing activity it will be reported to the court as close to instantly as is possible.
Combined with the confiscation of the wallet by the court, there is no chance a theft could succeed.
So, you are basically saying that the promise of crypto to give you complete freedom in moving money around without any Big Brother stopping you, is a complete lie?
If the courts can make spending money from this wallet impossible without being caught, assuming someone actually had the password, then the courts can also make spending money from YOUR wallet impossible without being caught. Then what's the point of using crypto again?
Re: (Score:2)
No, if that wallet address ever shows outgoing activity it will be reported to the court as close to instantly as is possible.
Combined with the confiscation of the wallet by the court, there is no chance a theft could succeed.
So, you are basically saying that the promise of crypto to give you complete freedom in moving money around without any Big Brother stopping you, is a complete lie?
Good catch!
Incidentally, if the money is still in that wallet, the crooks screwed up. That cryptocurrency transactions can be pretty well tracked and you just need to identify the wallet has been known for a long, long time. Well, maybe they were planning to claim the wallet got "hacked" or something equally stupid and obvious.
Think of it like a pile of cash (Score:3)
If your company had millions of dollars *in cash*, what measures would you take to protect it? You'd probably start with a very serious vault--with multiple backup systems for its mechanisms. But you wouldn't stop there, you'd also think about risks such as fire, flood, violence, and sabotage. And you'd think about risks like, what if the guy with the combination dies, or is killed, or goes rogue?
If you didn't think about all those contingencies, you're either incompetent or stupid, or both.
It's probably for the best that this company is bankrupt.
Re: (Score:2)
If your company had millions of dollars *in cash*, what measures would you take to protect it? You'd probably start with a very serious vault--with multiple backup systems for its mechanisms. But you wouldn't stop there, you'd also think about risks such as fire, flood, violence, and sabotage. And you'd think about risks like, what if the guy with the combination dies, or is killed, or goes rogue?
If you didn't think about all those contingencies, you're either incompetent or stupid, or both.
It's probably for the best that this company is bankrupt.
With cash, the things you do to protect it from theft (vaults, guards), also protect it from harm (fire, water).
With crypto, the things you do to protect it from theft (strong passwords, limited access), actually make it MORE vulnerable to harm (password getting lost).
Even if you're competent, that's a hard balance to strike. Give multiple people the password and one of them might be a crook. Give no one the password and secure it with some fancy key that requires multiple signatures and a configuration err
Re: (Score:2)
I don't really see the strong passwords and limited access as being different with physical cash. Instead of a strong password, you have a combination lock that is difficult to pick. It's just as much of a problem if your combination gets lost, as if your password gets lost. There are ways to mitigate the risk of losing a strong password, or losing a combination. For example, you might entrust each to more than one person. And if you don't want one rogue person to be able to access the money, you could entr
Re: (Score:2)
I don't really see the strong passwords and limited access as being different with physical cash. Instead of a strong password, you have a combination lock that is difficult to pick. It's just as much of a problem if your combination gets lost, as if your password gets lost.There are ways to mitigate the risk of losing a strong password, or losing a combination. For example, you might entrust each to more than one person. And if you don't want one rogue person to be able to access the money, you could entrust only part of the password, or combination, to multiple people, making it necessary for people to work in concert to steal the money.
If the safe combination is lost you can hire a safe cracker. It costs a bit of money but is hardly lost.
If you lose a password that crypto wallet is effectively gone.
And remember, anyone who wants to access the vault, including the safe cracker, needs physical access. And that access can easily be controlled by people who themselves to not have the password.
Such a system cannot be enforced with crypto. You can try, but people can copy files and exploit firewalls much easier than they can break into a guarde
Re: (Score:2)
Re: (Score:2)
Blockchain isn't as secure as you apparently imagine it to be. https://sloanreview.mit.edu/ar... [mit.edu]. In that respect, it's very much like a safe cracker--expensive, but not impossible.
Re: Think of it like a pile of cash (Score:2)
Baloney.
Secure key management practices have been around forever, in computer years. Specifically in fintech. Go read PCI-DSS to get started on what industry practices are like. There's a whole section or two on key management practices. That's just financial industry self-regulation, so it's actually really common sense stuff, but not common enough that outsiders or startups think about.
Financial networks aren't secured like the internet, they're OLD, they're private networks and they were doing crypto for
Re: (Score:2)
Ever notice that for cash, people use a lot of measures, be it safes thick enough to deal with explosives, guards, and many other items. However, when it comes to crypto, even the president of El Salvador, from what I read, used his smartphone to buy Bitcoin.
Problem is that we have zero (that I know of) devices that are rated to store cryptocurrency. At least it would be on the level of a HSM with multiple levels of tamper resistance, and multiple backup paths, on par with something like the DNSSEC root k
Re: (Score:2)
Exactly. Crypto has always been fast-and-loose. Buyer beware.
Probably a lie (Score:2)
This cryptocurrencies are scam first, scam in the middle and scam at the end. This is probably just some lie to hide the fact they stole it all. Or lost it gambling. Or something. But odds are that wallet is empty.
Donâ(TM)t worry crypto bro (Score:1)
Re: (Score:2)
Eventually?
Where's the password manager? (Score:2)
A "physical wallet"? (Score:2)
Re: A "physical wallet"? (Score:1)
Re: (Score:2)
Lots and lots of coins.
Re: (Score:2)
Lots and lots of coins.
Like bits of coins?
Ho hum, (Score:3)
Another day another cryptastrophe.
Re: (Score:2)
Another day another cryptastrophe.
+1 Funny
Only three words (Score:3)
Jesus fucking christ.
Re: (Score:1)
Post-It Notes. Those are my 3 words.
Re: (Score:2)
I would have gone with "reset the clock".
It has been 0-days since the last cryptofuckup.
6 Steel Business Cards (Score:2)
404 media... (Score:2)
The Company says.. (Score:2)
"So sad, too bad. Bye now!" And nobody is held accountable because it's a Company? No, it's because they robbed a bunch of plebes, not other rich folk.