A team of hackers finally unlocked a $3 million Bitcoin wallet after a man forgot his password for 11 years.
Back in 2012, an anonymous owner lost access to his crypto wallet so he enlisted the help of electrical engineer Joe Grand, who goes by the handle “Kingpin” online, to hack into an encrypted file.
The anonymous owner’s cryptocurrency was protected by a 20-character password created by a generator called Roboform and stored in a file encrypted with a tool called TrueCrypt.
Unfortunately, he forgot the password to his wallet, which led to him worrying that someone would hack his computer and ultimately gain access to a file holding 43.6 BTC – which was worth a total of about $5,300 at the time.
“At [that] time, I was really paranoid with my security,” he said, according to Wired.
The owner asked the so-called Kingpin for assistance as he became renowned for helping another person recover access to over $2 million in cryptocurrency he thought he’d lost forever.
However, Grand turned his pleas down, stating that many people had contacted him to ask for help with recovering their lost treasure.
But it all worked out in the end as the hacker eventually gave in to the request and teamed up with his colleague Bruno to crack the code.
The electrical engineer published a video on YouTube explaining how he solved the man’s password, revealing that he used a tool developed by the US National Security Agency (NSA) to disassemble the password generator’s code.
Watch the video below:
Grand explained: “In a perfect world when you generate a password with a password generator, you expect to get a unique, random output each time that no one else has. [But] in this version of RoboForm, it was not the case.
“While RoboForm’s passwords appear to be randomly generated, they’re not. With the older versions of this software, if we can control the time, we can control the password,” he added.
The tech wizards were able to trick the system by using a date range between March 1 and April 20, 2013, to see when the password was created, Forbes reported.
When this didn’t work, they changed the time frame once again after acquiring more information from the wallet owner.
Eventually, they discovered that the man had generated a password, with no special letters, on May 15, 2013, at 4:10:40PM GMT.
Grand revealed in an email to WIRED that he and his partner were “ultimately lucky that [their] parameters and time range was right”.
“If either of those were wrong, we would have… continued to take guesses/shots in the date,” he continued. “It would have taken significantly longer to precompute all the possible passwords.”
