On May 13, an X account under the handle Cprkrn posted a screenshot of a Claude session running shell commands against an old Bitcoin Core dump. By the end of the transcript Claude had printed, in all caps, the line every long-locked HODLer dreams of: "WE GOT IT!!! THE 5 BTC IS YOURS!" The post cleared millions of views inside a day. The reflexive read was that an LLM had broken Bitcoin's cryptography. It hadn't. The actual story is more interesting, and a lot more relevant to anyone shipping AI tooling.

The user had bought 5 BTC near $250 a coin back in college, changed the wallet password while impaired, and then spent more than a decade brute-forcing what he thought was the lockout. He had run the standard recovery stack — BTCRecover walking dictionary mutations, Hashcat throwing billions of candidates per second at the encrypted blob. Neither found anything. The published password, once recovered, was "lol420fuckthePOLICE!*:)" — a string no rule-set would have generated and no wordlist would carry.

What changed was the framing. Instead of asking a model to guess the password, Cprkrn handed Claude the whole directory of files off his old machine and let it look around. Claude noticed something the human and the tools had both missed: a stray wallet.dat that Bitcoin Core had quietly written as a .bak during an earlier password rotation. The user already had the mnemonic phrase written down. Claude pulled BTCRecover's own decryption routine, concatenated sharedKey + password, and ran it against the older file. The phrase decrypted the backup. Private keys fell out. The model converted to WIF, verified the addresses against the chain, and the morning got considerably more expensive in regret-for-the-friend territory.

Behind the meter, this is not a cryptanalysis story. It is a directory-walk-plus-domain-knowledge story. Hashcat is faster than any model at guessing strings. What Hashcat cannot do is read a folder, recognize that Bitcoin Core writes timestamped backups, cross-reference the mnemonic on the index card with the older file rather than the newer one, and then call into a third-party tool's decryption path with the correct argument order. That sequence is shell glue, file forensics, and codebase reading — exactly the surface area where current frontier models are now competent.

The Reddit chorus calling it "just a file search" is half right and entirely missing the point. The bottleneck in personal data recovery was never raw compute. It was knowing which question to ask of which file. Agentic models collapse that gap.

What this changes for builders. If you ship recovery tooling, wallet UX, or any workflow that touches legacy on-disk state, assume your users will hand the whole directory to a model before they read your docs. Design for that. Log the backup files you write. Name them legibly. Expose a --dry-run-decrypt path that a model can call without footguns. The next 5 BTC story will not be a cracked password. It will be a misread schema on a backup file your product wrote in 2017.