Imagine having a Bitcoin wallet worth $3 million locked away because you forgot the password. That’s exactly what happened to one unfortunate soul who lost access to his digital fortune for 11 years.
Forgetting your password can be annoying, but usually, it’s nothing a quick reset can’t fix. However, when there’s $3 million on the line, that’s a whole different level of forgetfulness.
Fortunately, a group of security experts recently managed to crack the password, liberating a whopping amount of money that had been trapped in a crypto wallet for over a decade.
Enter Joe Grand, also known as ‘Kingpin’ online, an electrical engineer with a knack for breaking into what seems unbreakable. He was tasked with hacking into an encrypted file containing 43.6 BTC.
Originally, the cryptocurrency was safeguarded by a password generated by Roboform, a random password generator. However, the owner had lost the password and feared that hackers might access his computer and steal it.
“At [that] time, I was really paranoid with my security,” the owner explained.
Having earned a reputation in 2022 for aiding another crypto enthusiast retrieve over $2 million in lost digital currency, Grand was approached by the wallet’s owner for help.
Grand revealed that he receives numerous requests from people hoping to recover their digital treasures.
Despite turning many down, Grand decided to take on this challenge.
In a YouTube video, the owner shared, “I generated the password, I copied it, put it in the passphrase of the wallet, and also in a text file that I then encrypted.”
Originally valued between $3,000 and $4,000, the Bitcoin’s value had skyrocketed by over 20,000 percent, prompting the owner to seek Grand’s expertise.
Grand utilized a tool developed by the US National Security Agency (NSA) to dissect the password generator’s code. He discovered a flaw in RoboForm’s design that allowed predictable password outputs based on specific settings.
“In a perfect world, when you generate a password with a password generator, you expect to get a unique, random output each time that no one else has. [But] in this version of RoboForm, it was not the case,” Grand explained.
By manipulating the system clock back to 2013, when the password was created, Grand and his colleague Bruno generated millions of potential passwords, eventually hitting the jackpot.
Grand told Wired it was ‘ultimately lucky’, saying, “We ultimately got lucky that our parameters and time range was right. If either of those were wrong, we would have … continued to take guesses/shots in the dark.”
The digital heist of the century? Maybe. A lesson in password management? Definitely.