Cybersecurity

How Bitcoin Hackers Recovered $3 Million From Wallet Locked In 2013


Imagine if, back in 2013, you had locked 43.6 BTC securely away in your bitcoin wallet only to discover that your password no longer worked a decade later. Who would you turn to with just under $3 million at stake? A hacker called Joe Grand is the answer.

As first reported by Kim Zetter for Wired, Joe Grand and his team were able to recover the bitcoin thanks to a flaw in a version of the RoboForm password manager used to generate the secure password a decade ago.

The story actually starts in 2022 when the wallet owner, who has asked to remain anonymous, reached out to Joe Grand, who made a name for himself by recovering bitcoin from wallets where the password had been lost. According to Zetter, Grand initially turned the European owner, known only as Michael, down.

ForbesYou Have 30 Days To Recover Deleted Gmail Messages-Here’s How

Truth be told, Grand, or Kingpin, to give him his hacker name, turns down most people who approach him for this kind of service. His main job is in a consulting role for the developers of systems to help them stop people like him from being able to break in. While Kingpin’s best-known bitcoin recovery was from a hardware wallet in 2022, Michael had used a software wallet, meaning that hardware hacking skills were of little use.

Kingpin And Bruno Rescue Locked-Out Bitcoin Owner

When approached by Michael again a year later, Grand decided to give it a shot with the help of a German colleague, Bruno.

It would appear that the problem lay with Michael’s creation of a complex password using the RoboForm password manager, which was then encrypted using TrueCrypt. You’ve probably guessed what happened next: that encrypted password file got corrupted, and there was no backup. Michael didn’t store the password in RoboForm because he was afraid someone could hack his computer and gain access to it and his Bitcoin fortune. Oh, the irony.

After many months of hard work, the hackers reverse-engineered that very old version of the RoboForm software and discovered a security flaw in the pseudo-random number generator it employed at the time. It turned out that the password wasn’t as random as was thought, being tied to the date and time it was generated. “If you knew the date and time and other parameters, you could compute any password that would have been generated on a certain date and time in the past,” Zetter said.

Unfortunately, you’ve probably guessed it: Michael couldn’t remember either.

ForbesApple Hacked Again-These 2 Hackers Can’t Stop Finding Security Flaws

Cracking The Crypto Wallet Password

The hacker’s brain works differently from most, and the lack of such an important detail wasn’t enough to put them off. Instead, they interrogated his software wallet logs for the date bitcoin was moved into it. By analyzing the parameters of other passwords generated by RoboForm, the hacking duo was able to determine the type of password to be generated and used a date range between March 1 and April 20, 2013. When this didn’t work, or rather the generated passwords didn’t work, the time frame was changed to finish on June 1 but to no avail.

Eventually, however, by adjusting the parameters after gaining more information from Michael, the password that was generated on May 15, 2013 at 16:10 GMT, had been found.

RoboForm developer Siber Systems has confirmed the random generator issue has been fixed, way back in 2015.

Michael sold some of his bitcoin when the password was first cracked towards the end of 2023 after Grand and Bruno took their percentage reward for delivering it to him. With 30 BTC left in the wallet, Michael has some $3 million to play with. According to the story in Wired, he’s planning on waiting until the exchange rate reaches $100,000 to cash out.

ForbesLastPass Master Password Threat Confirmed-Don’t Press 1 Or 2



Source

Related Articles

Back to top button