The Wolf Of All Streets - HOW THIS HACKER FAMILY IS HELPING GET ACCESS TO LOST BITCOINS
Episode Date: October 7, 2021Being your own bank comes with a great deal of responsibility. Chris and Charlie Brooks are a father and son duo that teamed up to save investors from themselves. Everyone is prone to making mistakes ...with crypto, so these two guests became experts at recovering lost funds that many believed they would never see again. Chris and Charlie Brooks shared incredible advice on proper storage techniques. Listen to the episode and learn, instead of having to hire them later to recover your coins. -- Arculus: Arculus is the new crypto cold storage wallet that combines the world’s strongest security protocols with an easy-to-manage app. Store, swap, and send your crypto all with a simple tap of your Arculus Key™ card. Order the safer, simpler, smarter crypto cold storage solution today at: https://thewolfofallstreets.link/arculus -- If you enjoyed this conversation, share it with your colleagues & friends, rate, review, and subscribe. This podcast is presented by Blockworks. For exclusive content and events that provide insights into the crypto and blockchain space, visit them at: https://www.blockworks.co ーーー Join the Wolf Den newsletter: ►►https://www.getrevue.co/profile/TheWolfDen/members
Transcript
Discussion (0)
This podcast is sponsored by Arculus.
Stay tuned for more information on them later in the episode.
What's up, everybody?
I'm Scott Melker, and this is the Wolf of All Streets podcast, where twice a week I
talk to your favorite personalities from the worlds of Bitcoin, finance, music, art, sports,
politics, basically anyone with a good story to tell.
Now, buying crypto and becoming your own bank comes with great responsibility. You have to protect and manage your assets with little to no safety net.
Everyone's worst fear is obviously losing access to their funds, whether through a mistake or
through a security breach. Today's guests, yes, two of them, are a father-son duo who are experts
at recovering lost coins. Chris and Charlie run Crypto Asset Recovery, a company that has rescued
countless investors who thought that they would never see their money again. It's my hope today to have them talk about what they do
and how they do it and to have them offer some insight on the flaws in the space that make their
business so successful so that we can all avoid having to hire them in the future. Also, since
I'm sure they have some really, really interesting stories to share, I'm hoping that they will do
that as well. Chris and Charlie Brooks, it's a pleasure to have you guys on the show. Sure. Thank you so much for having us. It's
a pleasure to be here. It's awesome to be here. So listen, it's really rare that I do a podcast
with two people, much less a father-son duo. I'm curious what it's like to be a family and
run a business together as a father and a son. That's a fair question. That is a fair question. I'll jump in, Charlie.
So I think most of the time, like 95% of the time, it's awesome.
We know each other pretty well.
We've worked on projects together before we went into business together.
And so I think we have a style that works with each other.
And we kind of know like, okay, if I say that, that's going to piss Charlie off. So I can't have a style that works with each other and we kind of know like, okay,
if I say that, that's going to piss Charlie off.
So I can't say that right now.
So I feel like that said, any business partnership is tough.
And I do think there are some extra complications when it's within the family because, you know,
then there are other family members that can get involved in the whole thing.
So there are like more ways for it to go wrong.
But I think overall, it's been awesome. And now Charlie, you should say something supportive
and about how awesome it is. Yeah, sure. No, you know, I can't say anything too bad about it. I
think it's been great. This is my first, you know, business, business partnership. And I think I'm
really lucky to get to do with my dad. It is interesting as he said that, you know, being
in a family,
we have so many other members of the family that are also kind of tapping into it, where it feels
like we just run like a crime family or something. We're a conglomerate within our own family,
working on this company. A syndicate, sure. It's interesting, but we work well together. And
like he said, we've done some projects together in the past. And so I think we're pretty good
at working together and working through conflict when it does happen
because it definitely does.
But I have nothing bad to share about it.
To share.
That's the important thing.
The Brooks family.
The Brooks family is the sixth crime family
from the New York, if you guys didn't know that.
Actually, the Brooks is.
People might not know that.
Exactly.
Let's talk about why you started this business, how you started it, and where you actually got the expertise to be able to provide this service, because it's clearly not easy.
Some of the most advanced programmers and investors in the world have lost their funds and never been able to recover them.
So I didn't hear about Bitcoin until 2014, when a business coach of mine said, you should really check out Bitcoin. It's about
$600 Bitcoin. And he gave me this pitch on why it was like going to like, you know, revolutionize
the world. And I was like, you know, I don't really get it. I don't understand why someone
would rather use Bitcoin than a credit card. Like, why would you want this case where if you send them the money and you're not happy
and you want to do a return, they can just say no and you never get your money back.
Like, and so I then promptly just like discarded it and like didn't think about it for three
years.
And then in 2017, as the price run started there, I kind of got very interested.
So I was doing a lot of reading and sort of playing with
crypto. And that's the point at which I decided I wanted to start some kind of business in the
space. And so I looked a lot at writing trading bots and maybe I dabbled in mining. And 2017 was
just, I think, too late practically to get into mining in a way that you had any real probability of acquiring a meaningful portfolio.
So then I was on BitcoinTalk.org, which was actually started by Satoshi, which is kind of interesting.
And a lot of people were talking about losing access to their coins.
And I was like, well, I'm a programmer. Like I have a, I've worked at a bunch of companies. I've
run a bunch of my own companies. This is a problem I could work on. Like I know how to solve this
problem. And so I launched in 2017, sort of before we hit that sort of like near $20,000 price.
And one of the things that I discovered during that run-up was really that there's a lot of seasonality to this business,
where as the price is increasing, people just, they come out of the woodwork and they're like,
oh my gosh, I actually bought
Bitcoin four years ago. And like, whatever happened with that? And then they discover,
I still see it. I have it. I just don't remember what the password is.
So that I think addresses part of your question. I've forgotten the rest of your question. So
feel free to point me in a different direction or Charlie, you can correct my...
I can just
jump in i mean yeah for me my answer is it's a little bit more personal i i remember in 2017
i've always had an interest in my dad's businesses he's worked from home all of my life that i can
remember and i remember following his this business in 2017 when he would get his little cracks and
you know it was just bitcoin was a lot cheaper you know it was a few hundred dollars here and there, and it was nothing major, but it was,
it was always really cool. You know, it felt like treasure hunting. And earlier this year,
we were just hashing over some business ideas. We were talking about, you know, what I was planning
on doing and, and, and businesses he wanted to start. And, you know, we just kind of stumbled
upon the idea of rebooting crypto as a recovery. I have a programming background.
I went to school for computer science.
And, you know, it just felt like we complement each other super well.
And there was this problem with scaling that my dad had talked to me about a lot when the business was new, which was just that there's a lot of secure information we're dealing with here.
And hiring a VA or some other employees to help take the workload off,
you know, it's tough to do because they can run off with this information and it's a lot less
secure. And so, you know, me coming on as a trusted second party and a trusting co-founder
really just seemed to solve the solution. And, you know, since then the rest is history,
it's been going awesome. So what mistakes do people make that lead them to need your service
and how can they prevent that? I sort of joked about it in the introduction, said maybe give us all your secrets so that we don't need you. And so I mean that jokingly, but I think that we all probably have a passion for helping protect people and their assets.
Absolutely. the goal is that we phase out our business, right? You know, we teach people how to do it
and we no longer have a company at the end of the day.
But funny enough-
I'm sure I agree with that.
But sure, it sounds great.
It's a good sound bite, right?
Funny enough, one of the biggest issues
we run into with clients
is that when they lose their wallets,
they lose access to their wallets,
they just wipe the wallet file
and reformat their
hard drive thinking that's going to backdate their hard drive and recover their wallet somehow.
And of course, that is never the case. You shouldn't reformat or delete your hard drive.
You shouldn't wipe a wallet file, anything like that. But oftentimes, clients just get scared in
this situation when they think they've lost their funds and they panic and just wipe everything.
That situation is hard to contend with, of course, because, you know, once you've wiped everything, you've wiped everything.
But that's the biggest piece of advice I can give is just don't delete everything because that, you know, sets us back to square zero.
Yeah. And I think people come to us with all kinds of issues.
So there are there are the very straightforward issues, right? Where someone has or has access
to some version of a wallet backup file, all right?
Which is essentially an encrypted version
of the private key that allows them to control their funds.
Okay, and they have some password guesses, right?
And essentially what they need done is
they need us to take their password guesses.
Maybe they have 10 password guesses.
We then, we can talk a little more about this, how we do this, but then turn that into say
40 billion password variations that we can then test against that wallet backup until
we find the right password.
Or until we say we've tested everything that we can do within a few days. Now we're talking about to get a half
a percent chance of cracking your wallet. Now we need like a year. So those are the kinds of
timeframes. Those are very straightforward cases. But that's,, I, I wouldn't even say that's, it's, that's maybe 10% of the people
that come to us. Um, there are people that come to us because they've been scammed or they believe
they've had funds stolen. All right. We can't really help them. The only help we can offer is
to say, don't get scammed again. Right? So if you've been scammed, don't pay someone like
literally three times a week, people write in and they say, I got scammed or I think I've been scammed.
But this company is saying they can send my money back to them as long as I pay them 20% up front.
It's a very common scam.
So sad.
I think it works pretty often.
I think people are just like, okay, I guess that sort of makes sense.
So the only thing we can say is like we have, you know, we've published an article on sort of best practices.
Like if you've been scammed, here are the best practices.
Get law enforcement involved.
Don't get scammed a second of as Charlie was alluding to.
And so we can work with them.
It's definitely not as straightforward of a case because now there are two things we have to find.
We have to find some kind of wallet backup for them.
And then we have to, typically, and then we have to find a password for them. And then we have to typically, and then we have to find a password for them.
And so, you know, the probability of a successful crack in that case is much lower than it is in a
case where you just say, I have my wallet backup. I have some password guesses. Let's get to work on
cracking it. What else, C? What other kinds of situations do we get in?
Well, we're finding a lot more recently that a lot of the problems people have is with, I don't know if technology phasing is the way I want to go here, but it's with outdated technology.
You know, a lot of our clients come from the providers, these chains have been discontinued.
And so people come to us with what could be millions of dollars now that they invested
10 years ago, and it's just locked up in a wallet that's no longer available to the public.
Or one of our most popular recovery services is with blockchain.com, or what used to be
blockchain.info.
And at the early days, they offered 15 word mnemonics
as well as 24 word mnemonics, which are no longer standard,
but they did include a wallet file
and or a wallet ID and a password.
And a lot of people just don't know how to deal with that
because it's all non-standard.
There's not a lot of information on the internet.
And so a lot of it comes back
to just being tech support, essentially.
Just being kind of an aggregate of information
and sharing that out with the clientele that need it.
So you basically hold their hand
and walk them through the process
that they may not be able to walk themselves through
in the first place.
So what's the largest amount
that you've recovered for a client?
So we're at around a quarter million dollars
is our biggest crack at this point.
We have a bunch of wallets right now that mathematically speaking, we're going to have a much larger crack in the next few months.
But no, that's just a probabilistic statement.
We'll see whether or not that comes through. if our existing crack percentages hold true on this new batch of wallets,
we'll have some much larger cracks to share in the near future.
But that was very exciting for us to crack a quarter million dollar wallet.
A quarter million dollars is a ton of money.
And that's life-changing wealth probably for the person that you cracked it for.
Anyone would have to imagine, or for anyone for that matter.
Absolutely. And that's one of the things that we enjoy most. I mean would have to imagine, or for anyone for that matter. Absolutely.
And that's one of the things that we enjoy most.
I mean, at least I can speak for myself on this,
is as you said, that is life-changing amounts of money.
We just recovered a wallet for an older lady who was in retirement
and she had a little over three Bitcoin,
which she had purchased actually at CVS in 2013.
ATM or something, Bitcoin ATM.
Exactly.
And it's so old that the blockchain staff
we were working with on this wallet
wasn't even aware that that had ever been possible
to buy out of the CVS.
It was like CVS and BitInstant was involved somehow
and blockchain was involved.
Charlie, yeah. Such a weird net, yeah. It was a involved somehow and blockchain was involved. Yeah, such a weird net.
It was a weird situation.
And the blockchain folks were like, you know, in the early years, our founder just put together some relationships and no one in the company knows anything about them anymore.
That's crazy.
Sorry.
So back to you, Charlie.
Sorry.
No, yeah, sure.
But we got inside her wallet and she ended up having about $150,000.
And, you know, one of the best parts of that interaction was, you know, getting paid, of course.
But but seeing her face and hearing her reaction when when she did see that that number inside her wallet, because it was life changing.
That's money for her in retirement.
How do you guys keep up with the technology? Obviously, a lot of what you're describing seems to be from very old wallets, right? I mean, a lot of the wallets now, you may have obviously a numerical password,
but you're not like my son dot something exclamation, right?
I mean, people come up with crazy passwords now,
but like I'm assuming you have people that have ledgers or treasures
or hardware wallets that just literally don't remember
like the six numbers that they put in, things like that.
So are you primarily cracking numbers? Are you primarily cracking stupid
passwords that people don't remember, randomly generated? What are you seeing the most of?
You know, we love it when we get numerical passwords in. When we get somebody who knows
they had an eight digit numerical password because, you know, give us 15 minutes and
we'll get you your password. Unfortunately, that's not the case. Even back
earlier in the days of blockchain technology, people had relatively strong password etiquette.
Of course, that's something that's being developed today and everyone's starting to focus more on
privacy and security. But still, if you have an eight or nine or 10 character password and you're
not sure what it is, it doesn't have to be the most complicated thing in the world.
It's impossible to brute force, realistically speaking. And, you know,
it is still a struggle. So we end up most of the time, unfortunately,
dealing with, you know, those wacky, weird passwords.
They, they went off thought of in 2013 or something.
We get two funny stories to tell about this.
A on these wacky, weird passwords.
I think a lot of our clientele, I think a number of our clientele get a little embarrassed when they tell us what their passwords are. I think we've all created these passwords.
Never thinking you'd have to share them, right?
Never have to share them with anyone, you know, which is fun.
And we always keep a straight face.
And I won't share them with you now, of course, And we always keep a straight face and I won't
share them with you now, of course, for password security, but also not to embarrass anyone.
And the second story I was thinking of was we recently were working with a client that had
come to us in February with a 12 Bitcoin wallet. And we had run a wide variety of different attacks
on that wallet. One of the things that is most highly correlated for us
with actually cracking a password is that we have multiple calls with the client, gives them an
opportunity to learn that they can trust us. It's also important that we trust them. But we've
gotten on, I think, the third call with this client. And he happened to mention, like Charlie said, that he used his phone number as his password some of
the time. And then he had a little like three character string that he appended at the end of
the phone number. And just in passing, we were like, oh, okay, well, you know, that's a phone
number, 10 digit number. Okay, we can brute force 10 digit number. It's no problem. Literally within
45 minutes, we had the password to this 12 Bitcoin wallet, which of course we are. I was
trying to do that thing where you jump up in the air and you kick your heels together. I don't
think it looked quite as cool as it does in the news. But we then took two days to get this
gentleman on the phone for a call to actually open his wallet. And we opened it and he had,
what was it? $2.97 in his wallet. It was empty.
It was empty. It was empty.
And why did he think that he had 12 Bitcoins?
He meant 12 cents.
Sorry, sats.
I say Bitcoin sats, 12 sats.
Exactly, yes.
I think what happens is that people,
what often, first of all, when you crack a wallet,
you can look at the history of transactions, right?
So we've never had a case where someone's like, you took our money because you can always look at the transaction history of that wallet.
Beauty of a public ledger, right?
Yes, exactly. It's wonderful.
I think this particular person just had created five or six different wallets.
And he just didn't realize how many he had created. And so, you know, you can, even if someone has the address,
you know, where they've stored Bitcoin or some other crypto asset, you can't be sure until you
crack the wallet that the address they have is associated with the wallet you have. So there's
never a case where we know how much money's in there. And, you know, half the time, as I mentioned, like it's under
$3 of wallets that we crack. It's insane. Guys, I'm so excited to tell you about this
new crypto cold storage solution called Arculus. Their cold storage technology keeps your crypto
keys off the internet and on an Arculus key card. With no cables and no USB connections,
it insulates you from the thousands of hacking attempts that happen online every single day. You can store, swap, and send your crypto all with a
simple tap of your Arculus keycard. And if someone were to get a hold of your card, it doesn't even
matter because they have three-factor authentication, ensuring that the only person with access to your
crypto is you. Guys, you can check out Arculus at thewolfofallstreets.link slash Arculus.
Secure your assets, secure your future with Arculus.
So very clearly here,
this is a function of human error across the board, right?
Oh, absolutely.
So not only do you have the,
I'm locked out of my wallet,
you have the misconception
about how much was in the wallet,
no memory of where they got the coins or how it happened.
So you're really dealing with some major challenges. Funny, Chris, it reminds me,
you're roughly my age, but when I was younger, they had this huge televised event where they
cracked Al Capone's safe. Do you remember this by any chance? I don't. I think it was Geraldo
Rivera or something. They went in there, tractors and all this stuff, and they broke it open. There was literally nothing in it. And it was like two hours. But it's kind of a similar
thing. They practiced vault and it probably wasn't even his. And we know the feeling.
Right. Exactly.
Behind that vault, he had his real vault stored in the wall and they just didn't notice it.
It was absolutely amazing. But basically what you guys are dealing with every day.
Do you think that people should use password protection sites like LastPass, for example,
and things like that?
Do you encourage that?
Can those be hacked or are there issues with using those?
Yeah, I mean, you know, there's always the risk, right, of anything being hacked.
Gmail is super strong encryption, but it's typically a safe way to store secure documents.
LastPass is what we recommend to most of our clients.
That's what we both personally use.
And that's like, you know, A1, the first step we say.
We say go to a custodial wallet and use LastPass.
And, you know, hopefully we never see you again.
So, yeah, we call that bare minimum.
But absolutely.
I mean, it's about password hygiene, right?
It's about not using the same password for every site, using Leetspeak or a random case.
You know, it's just as complicated as you can make the password while still remembering it and hopefully recording it somewhere, right?
That's the first thing we recommend to all our clients.
One thing that I think is kind of a misconception that most people have about passwords is they think I'm better off with a
relatively short but complicated password as compared to a longer but easy to remember password.
So the way most hackers, white hat, black hat, whatever you want to say, hackers, would approach
this is through brute force okay and if
you have for example a i ran some numbers this morning just i thought this might be interesting
um if you have a seven character password right as complicated as you want it to be
um we can crack that in just a few days like just through through brute force, not a problem. If you have a nine character
password, we can crack that in a little over a hundred years. So every character is an exponential
increase in difficulty for a brute force attack. Exactly. Absolutely. Like it's not that we won't
take on clients if they have a 14 or a 20, you know, if they remember for some reason that they
like 14 or 20 character passwords. And we do get people that say that i know this i know this password is 32 characters long
um but the you know even if it's a fairly straightforward set of words that you just
remember and and have written down you have to write these things down um like it's just
impossible essentially to brute force 14 15 20 character passwords whereas it is
not you can you can use spaces and tabs and question marks in a seven character password
and it doesn't matter we're gonna crack it and brute force pretty darn quickly so password length
is an excellent correlate with with making a to crack, but potentially easy to remember password.
That's very interesting, because I think most people would think if I have a whole bunch of
exclamation points and random characters and capital letters, that's going to make it more
complex. But clearly, it's the length that actually is more. Can you talk about what a
brute force attack is? Because obviously, it's what a hacker would be using to crack your password.
But also what you're using is a, I guess, white hat to recover that same password.
A brute force attack, and it's super basic, right?
It is just the process of extracting a hash or some kind of, you know, in this case, a wallet file of some sort or a hash of a login server somewhere.
And then it's just compiling as many passwords as possible
or a true brute force is just defining a key space
and then iterating over the key space.
So going through every possible seven character password,
let's say, and that just goes A, A, A, A, A,
and it goes all the way up every single possibility.
And as my dad said, up through seven characters,
if your passwords seven characters or under, it is brute forcible very easily by most people.
But it's just about, you know, it's just about extracting a hash from some kind of login server and then just running through every possible key space.
And this hash that Charlie's talking about, it's essentially just a representation of the encrypted private
key. So that's, at the end of the day, we need that encrypted private key that you, as the owner
of the wallet, need that encrypted private key. Well, actually, you need access to the unencrypted
version of that, because when you have an unencrypted private key, you can control
those funds, whatever assets you have on a blockchain, you control with an unencrypted
private key. So what Charlie's talking about that hash is we can't get the unencrypted private key
because we don't know the password, but in many cases you can get the unencrypted version of it.
We call it a wallet backup. We then put that through some software to represent it as a hash
because then that makes testing password variations extremely efficient,
if that makes sense. Sure. I know, for example, with a ledger, basically, if you have the physical
device, right, and you forget your numerical code, you basically get three shots. Right.
Exactly. The interesting thing about the ledger, right, is that if you enter, there's a four to eight digit pin that you use on the ledger.
If you do it three times
and you fail each time to enter your pin,
the ledger is going to wipe itself.
The important thing to remember
when you have a hardware wallet
is when you first set up that wallet,
you generated a recovery phrase.
It goes by different words.
It might be a 12-word recovery phrase.
It might be a mnemonic. People use different terms for it. But Ledger itself uses a 24-word
recovery phrase. As long as you've recorded that recovery phrase, okay, and you've stored that away
somewhere safe, even if your Ledger gets wiped, you can recover your private key, all the funds
you had on the blockchain with that 24- word phrase. So people do, we have had
clients call us up and they're like, I reset my ledger. What do I do? Right. They don't realize
it's on a blockchain and not actually on the wallet, obviously your hardware wallet is protecting
your private keys and not actually your Bitcoin. But the question then is how many people come to
you and don't have their password and don't have their private keys. Because I mean, because clearly, if you have your private keys, there's a way to
access your coins, right? Exactly. Yeah. And we get both sides of that coin. We get people
that contact us and they'll send us, you know, an encrypted text file or an unencrypted text file
full of private keys. And it's just a matter of saying, hey, you know, here you go,
you already have it. Here are the steps to recover it. And then, unfortunately, more often than having your private keys, they come to us and they say, you know, in 2014, I think I had Bitcoin, but I don't have the password.
I don't know where it was.
I don't have a seed phrase and I don't have private keys.
And, you know, if you find yourself in that situation.
But my name is John Adams.
Can you just look it up?
John's been. Look him up on the Internet. Find it. Right. Exactly. keys. And, you know, if you find yourself in that situation, right? But it really comes down
to just having one of those things, a seed phrase that we can work on, a wallet file,
at least some password guesses. And unfortunately, most of the time we
see that people don't have it. They didn't record it right. We find a lot of people have
misrecorded seed phrases. So it'll be a complete seed phrase, but it'll link to an empty wallet
that has never transacted. And so that can be a case of maybe they never had Bitcoin. Maybe they
did it and they just decided not to pull the trigger and hoped, you know, five years down the line they would have it.
But we also find that people just misrecord them.
And so they have multiple wallets, but they stored the seed phrase to the wrong wallet or something of that.
I once had a seed phrase.
I have terrible handwriting.
I'm like a doctor from the 40s, you know, with my signatures.
Everything is completely chicken scratch.
And one of the words was valve.
And I thought I'd written value. The difference between the way I wrote a U or a V was the
difference. Eventually I got there. But it's pretty scary when you type in your private keys
and it says, nope. And we can certainly, we certainly do work with clients that have either
obvious mistakes in their recovery phrase,
where similar to exactly what you said,
like they can't quite make out what they wrote
or they actually just wrote something wrong.
I think wallets are much better today
than they were five or six years ago
of forcing you to either reenter those codes
or they'll say like, okay, tell me what the 14th word was.
And then you have to actually,
you have to have written it down somewhere.
And that's super helpful.
And I think that's just like a maturation of the industry
in general is that some of these best practices
that people eventually discovered to force people
to write down their recovery phrases.
Right.
So this all begs the question, right?
To some degree, your business depends on complexity. And I've always made the argument, not specific to your business or to
wallets or anything, that the key to mainstream adoption is that everything we do in the crypto
space is as easy as all of the other processes that we're used to in our real life. Buying crypto
should be as easy as buying a stock, right? Opening an account should be as easy as opening any
account and storing it should be as easy as just leaving it there and not thinking about it and it
being fine. Of course, the core ethos of Bitcoin is not your keys, not your coins. Sure. But your
average person maybe doesn't want to be their own bank.
So do you think that we're close to a place where people can just handle it in the same way they do
their other assets? Or do you still think we're very far away and that we have that barrier?
So that's something we talk a lot with our clients about, actually, we both are very deep in the Bitcoin space, of course.
So we control our private keys and we do emphasize that security.
But the first thing that we do advise to our clients when we do recover their funds is that they actually go to a custodial wallet.
We recommend Coinbase. And it's because, you know, I'll speak for myself, at least, is that I completely agree with you that the mainstream adoption of Bitcoin is halted. And it is injured by the fact that, you know, you have
these major security problems where you need to control your funds completely. And if you have
any negligence on your end or just a mistake happens. We had a story of a guy who was out
sailing. He had a paper wallet in his pocket. He lost it off the side of the boat and all his funds are gone. Right. And so that's, you know, no fault of his own. I think we've all heard
the boating accident meme in the space already. Right. Yeah. And, you know, no fault of his own,
anything like that. But it's just a lot of pressure to control all of your funds. And so I
think that we both agree that that it halts the mainstream adoption. And we do recommend custodial wallets typically
to clients. Yeah, I really don't like this idea. I don't think we should take pride in this
statement of not your keys, not your coins. I don't think that's how people outside of
blockchain handle any asset. And I don't think it's going to work for the majority of the public, this idea that
you need to be in control of the private keys. And I just, I think it's, this probably is not
a popular statement to some of your listeners, but I just think it's a mistake. I think it slows
down adoption. And, you know, there are people that hold massive fortunes with the Fidelities
of the world, the vanguards of the world. And those fortunes,
you know, those could be stolen. But, you know, you and I are not the people that should be
taking custody of million dollar fortunes. Like it doesn't make sense. We don't do it in any other
aspects of our lives. And so I don't I don't think it makes sense at all as an industry to
take pride in that statement. It may be mathematically true,
right? Not your keys, not your coins. But I think absolutely, unless you, until you've transacted
numerous times in crypto, you should not be controlling your own keys, in my personal opinion.
It works for a certain very left brain engineering type of person and fine,
take that risk. But even still, like, why not see that as aspirational? Once I've used Bitcoin 10
times, once I own three different altcoins, then I'm going to start moving them in small amounts
into a hardware wallet or a wallet that I control on my phone or my laptop.
And so, I mean, some of these assets, you don't have a choice, right? I mean,
if you're trading on Uniswap and you want to gain access to some of
these DeFi assets and stuff, you have to have a Metamask wallet. You have to understand what
you're doing and do it. But I tend to agree with you at the core. And a lot of people I talk to
agree with you, actually, right? I think not your keys, not your coins works exceptionally well for
a person who is buying Bitcoin because they believe the government is going to melt down or that they live in a country where they believe that the government could, you know, possess repossess their funds or take take their money away.
That's not your average person is much more
likely to be the reason that they lose their coins than the government or a hacker or anything else.
Right. What are the odds that you bump your head and forget where you put your private keys versus
the government comes to your door with a gun and takes your coins? I'm not saying it's not possible.
I'm not saying there's anything wrong with that ethos, but human error has to be the sole reason you guys have a business.
Yeah, absolutely.
And, you know, we have contacts at blockchain and a bunch of other wallets.
So we do talk to people about, you know, what security measures they are planning on instilling, what the future, what their wallet thinks the future of security looks like.
And there are interesting things coming down the pipeline. But for now, while it's just password security, it's really hard just to
entrust all of that to yourself because these actions happen. And it may not always be like
this, but for the time being, custodial ownership of your coins, for us at least, is the way to go.
Not to mention the issue of walking out the door and getting run over by a bus.
And then where's your stuff?
That's the biggest problem for me is like, how do I explain this to my wife?
And what happens if we both go down at the same time and get hit by a bus?
Then who?
Then how?
Exactly.
Yeah, I think that that's massively, massively complicated and difficult.
Also, I think it's important.
You know, a lot of that ethos, in my opinion, came from the early years when there was no other option.
Mt. Gox was a thing.
Everybody had seen the hacks.
I mean, even versus when I got in in late 2016, security is a completely different ballgame.
I mean, now on some of the exchanges that I use, I don't generally get into specifics, but like I have to use, I have to enter an encrypted proton mail, you know, email.
I have to 2FA that to go get the email. Then when I accept the transaction on the email, I have to
put it in my UB key, touch my UB key. I mean, and I have 2FA on the exchange account. That's
as secure for most people or more than a hardware wallet. I'm not saying you should keep your coins
on exchanges, but certain exchanges do an excellent job that three years ago did not.
Oh my gosh, yeah.
I think that's a great point.
I would also say from dealing with a number of clients that have this problem,
get print backups to your 2FA.
All right, if you're using Google Authenticator,
you can go in and get backup codes to that.
Because if you lose your phone,
which happens, right? We all have lost, but it's easy to lose your phone for various reasons.
If you lose your phone, if your phone gets wiped and you no longer have access to Google
Authenticator, well, that's a problem at a lot of exchanges, right? There are some wallet providers
that can simply turn off 2FA for you if you go through the right sort of identification.
I talked to a gentleman within the month of September who had $100,000 he lost because
the wallet provider, it's a hosted wallet provider, they don't have the ability to turn
off 2FA requirements and he lost his phone.
He's just like, the's that money's just gone unless
the wallet provider decides to offer that functionality in the future. So, and he doesn't
have the keys. Of course, that's, you know. For people who don't know those physical backups
you're talking about, is that something you do case by case on each exchange when you sign up
for the 2FA or is that something that you can do within Google Authenticator? You can do it within
Google Authenticator for each of the accounts that you have configured with Google Authenticator? You can do it within Google Authenticator for each of the accounts
that you have configured with Google Authenticator.
So, and you, right,
you have to do it on a per account basis.
But you don't have to be signed
into your physical account to do it.
You can do it right in Google 2FA, right?
To get those backup codes.
And that's so essential.
That's another thing that people forget to store
in a safe or something is those backup codes.
I learned that lesson a very hard way
when my Twitter account got hacked.
Yeah, painful.
So yeah, never fun.
I just think there are, this is the trade-off.
If you're going to manage the security for your funds,
and I think 2FA is a very, I think,
well, even if you're trusting a custodial wallet,
2FA is still a good idea, right?
But that doesn't mean you still don't
need to be responsible at some level to make sure you have backups, right? And 2FA is a case where
you still need backups because people will be like, ah, I got a great, I got a new iPhone 12 or 13.
I'm going to hand this one off to my child. Let me just wipe it first. Boom. Google Authenticator
is gone and Google will not help you get that back.
It's almost another example of being your own bank
is controlling your 2FA.
Right.
Even if you're with a custodial wallet,
that can be a problem depending on the wallet.
Many of the, you know, like with Coinbase,
you can get around this,
with blockchain.com, you can get around this,
but there are wallets where you can't get around it.
So it's worth being aware of before we get done you mentioned that you actually are passionate
about this you hold your own keys you guys secure your own coins why does bitcoin ethereum any of
these coins why do they matter to you too personally i you know i can speak for myself
at least here right um bitcoin and just blockchain technology in general.
I am relatively new to it.
In 2017, 2018, I knew what it was.
I had the basics down, I think, as well as most early stage investors.
And now in 2020, 2021, when I was getting more into it,
I started looking to NFTs, of course, as I think so much of the market is.
And I think the cool part is just looking forward and imagining what blockchain and NFT technology can be used for.
So for me, this business just represents being on the right side of a change here, of a technological shift.
I believe that Bitcoin and cryptocurrency is going to create the biggest transfer of wealth that we've seen, you know, in hundreds of years.
And, you know, I want to be on the right side of that, of course. You know, I just I think that the best way to stay up to date and experienced
with a new technology is to actually be engaging, be engaging in the community and, you know,
own a business in it. Right. And so that that's the baseline for me is that I just want to be I
want to be in the middle of everything when it happens. And, you know, I do think that will be
the service we offer is really invaluable to a lot of people. And yeah, you know, when it comes
down to that, it's about the, it's about the value we offer and just personally being on the right
side of this technological shift. That's awesome. I want to say something similar, which is I was
very slow to come to the conclusion that Bitcoin mattered. So in 2014, when I first heard about
it, I was really skeptical. In 2017, when I started playing with it, I was still skeptical.
I've really come to the conclusion at this point that not only is the world financial system going to move to blockchains, but many, many other assets are as
well. In fact, literally almost any asset can be represented on a blockchain. And so
there's no way to understand these technologies without playing with them.
And I feel like we are privileged to be able to play with so many of them and learn
at kind of a very granular level, how all these different technologies work. And so it's just,
this is a very exciting time for us. And, and those are my thoughts. I agree with all of that.
I mean, I didn't even say for me, it's sort of the same. I heard about it early, dismissed it,
got into it as a trader because I cared about dollars in 2016, 17, suffered the crypto winter like everyone else and then had to find a justification for still being here.
But then I saw what happened in the last year and a half with the global economy and just realized you have to have some Bitcoin.
Right. Absolutely.
Very simply.
Well, where can people keep up with you guys after this conversation follow you?
And I'm going to guess, I have no idea, but I'm going to guess there's a lot of people
who don't know services like yours exist, and you're going to be getting some calls
after this podcast comes out.
We will.
We'll keep the lines open.
Yeah, you can find us at cryptoassetrecovery.com or on Twitter at recover underscore crypto.
We're active on Twitter and we'll respond to your email if you shoot us one.
Awesome. How about your personal? Do you guys,
where can they follow you personally?
Let me, so I am on Instagram, LinkedIn, Twitter,
Charles underscore Brooks for Instagram and the same for LinkedIn actually.
And you can find the crypto asset recovery LinkedIn page and you can find my
dad who isn't as active on LinkedIn as me, but reach out to one of us and we'll hunt you down. I love having the age gap. I love having the age gap because he'll be like, find me on TikTok
and Snapchat and whatever. And then guys like us are like, my rotary phone number is.
Yes. I can call my home line.
Yeah, perfect.
Well, thank you guys so much for doing this.
I think it's an incredibly valuable service
and one that I hope people will use.
And I love that you're helping people recover these funds
because the more stories that we have of people
not losing their Bitcoin,
the better for everyone, right?
Absolutely, yeah.
We want to be on the good side of that.
Thank you guys for taking the time. It's our pleasure. Yeah, thank you so much. Thank you? Absolutely, yeah. We want to be on the good side of that. Thank you guys for taking the time.
It's our pleasure.
Yeah, thank you so much.
Thank you.
Absolutely, my pleasure.