Key Points
- Two researchers recovered a lost password to a crypto wallet from 2013, containing 43.6 BTC worth nearly $3 million.
- The password was retrieved by exploiting a vulnerability in the password generator RoboForm, used in 2013.
Joe Grand, a hardware hacker known for recovering lost Bitcoin, and his colleague, Bruno, recently assisted a man in recovering his lost cryptocurrency wallet password. The wallet contained 43.6 BTC, valued at approximately $2.96 million.
Recovering the Lost Password
The duo exploited a vulnerability in the RoboForm password generator, which the man, referred to as Michael, used to create his wallet’s password. Michael had stored the password in an encrypted file, choosing not to save it with RoboForm due to security reasons. However, when the encrypted file became corrupted, Michael lost access to the 20-character password required to access his BTC.
In 2022, Michael reached out to Grand for help. Grand and Bruno then discovered a flaw in RoboForm’s “random number” generator. This generator linked a password to the specific date and time on the user’s computer when the password was created. Although this issue was fixed in 2015, it could have affected passwords created prior to that.
Successful Password Recovery
Even though Michael couldn’t recall exactly when he created his password, the researchers found that he transferred Bitcoin into his wallet on April 13, 2013. By using specific time parameters, they tested multiple passwords until they discovered the correct one, created on May 15, 2013.
After the successful recovery, Grand and Bruno received a portion of Michael’s Bitcoin. Michael sold a small portion and currently owns 30 BTC, worth around $2 million. He expressed his intention to hold onto his Bitcoin until a single token is valued at $100,000. Michael also stated that losing access to his wallet turned out to be beneficial, as it allowed his tokens to appreciate over time.
As of May 28, Bitcoin was trading at $67,840, marking a 3.26% drop in the past day.