How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet
Cracked: $3M Crypto Wallet Unlocked After 11 Years!
Two years ago, Michael, a European cryptocurrency owner, sought help from Joe Grand, a renowned hardware hacker, to recover access to his $2 million worth of bitcoin locked in a password-protected digital wallet. Initially, Grand declined but later agreed to assist. Through reverse engineering and exploiting a flaw in the RoboForm password manager used by Michael, Grand and his colleague Bruno successfully cracked the 20-character password generated in 2013.
Despite initial setbacks in pinpointing the exact parameters and date of the password's creation, persistent efforts led to the discovery of the correct password without special characters, generated on May 15, 2013. This breakthrough allowed Michael to regain access to his bitcoin, which had appreciated significantly in value, now estimated at $3 million. The incident underscored vulnerabilities in password managers and the potential risks of using outdated software-generated passwords.
What prompted Michael to initially contact Joe Grand for help with his cryptocurrency wallet?
Michael initially contacted Joe Grand for help with his cryptocurrency wallet because he had lost access to about $2 million worth of bitcoin that he stored in an encrypted format on his computer16. Michael had used the RoboForm password manager to generate a 20-character password for his digital wallet and stored this password in a file encrypted with TrueCrypt1. Unfortunately, the file became corrupted, and he consequently lost access to the password, rendering him unable to access his bitcoin1. His initial approach to Grand was driven by the need to regain access to his substantial cryptocurrency holdings.
Why was Joe Grand initially unable to help Michael with his software-based wallet, and what changed that led him to reconsider?
Initial Reluctance and Change of Decision
Joe Grand initially turned down Michael's request for help in recovering access to his software-based cryptocurrency wallet because the problem did not align with Grand's area of expertise in hardware hacking. Michael's wallet was software-based, and Grand's skill set primarily involves manipulating hardware to bypass security measures, such as in his successful crack of a Trezor wallet using hardware techniques3.
However, Grand reconsidered assisting Michael when approached a second time, possibly influenced by past successes and the potential challenge it presented. He decided to collaborate with a friend, Bruno, to investigate the possibility of a flaw in the Roboform password manager that Michael had used to generate the lost password. Their research into the software and its vulnerabilities ultimately led them to discover a significant flaw in the password generation process, which was crucial in eventually cracking Michael's wallet password. This shift from an initial inability to a successful intervention highlights Grand's willingness to explore new challenges and adapt his approach to different types of security systems.