A team of hackers who managed to gain access to a Bitcoin wallet that had been locked for 11 years have shared their secrets as to how they finally cracked it.
It can be frustrating to know that you have money, but you can’t spend it.
Like when your paycheck is about to come through, but you have to wait patiently until it actually shows up in your bank account before treating yourself to that pumpkin spiced latte you’ve been craving.
The man had been locked out of his wallet for 11 years (Getty Stock Photo)
That’s the sort of scenario most of us can probably relate to – so now, just imagine if your paycheck was for $3 million, and rather than waiting for a bank transfer, you had to try and figure out a secret password before gaining access to it.
Slightly higher stakes, right?
This is what one crypto owner had to deal with when he made the disastrous mistake of forgetting the password to his Bitcoin wallet, which had been created by a random password generator called Roboform.
In a YouTube video published by electrical engineer Joe Grand, the wallet’s owner explained: “I generated the password, I copied it, put it in the passphrase of the wallet, and also in a text file that I then encrypted.”
Joe Grand was able to finally crack the code. (YouTube/Joe Grand)
The Bitcoin was worth a couple of thousand dollars at the time the owner forgot the password, but as value increased by more than 20,000 percent over time, he found himself unable to access a whopping $3 million.
The owner admitted to Wired he was ‘really paranoid’ with his security, but thankfully, he was able to gain help thanks to Grand, who goes by the handle ‘Kingpin’ online.
Grand became known in the crypto community in 2022 when he helped another crypto owner recover access to over $2 million in cryptocurrency he thought he’d lost forever.
Thankfully, Grand was willing to help out this next crypto owner – and he’s even shared how he did it.
In his YouTube video, Grand explained he used a tool developed by the US National Security Agency (NSA) to disassemble the password generator’s code.
“In a perfect world, when you generate a password with a password generator, you expect to get a unique, random output each time that no one else has,” he explained.
“[But] in this version of RoboForm, it was not the case. While RoboForm’s passwords appear to be randomly generated, they’re not. With the older versions of this software, if we can control the time, we can control the password.”
Using his knowledge of the system, Grand was able to trick it by changing the time back to when the password was created.
And with the help of his colleague Bruno, they were able to crack the code.
However, while the team did have some knowledge of the system they were using, Grand admitted he ‘got lucky’.
In an email to Wired, he said: “We ultimately got lucky that our parameters and time range was right. If either of those were wrong, we would have … continued to take guesses/shots in the dark.”
