Forgetting a password is a pain, but it was a near catastrophe in this case when a man forgot the password for his Bitcoin wallet worth $3 Million! But after 11 years, security experts finally cracked the password, recovering his fortune and giving him immense relief.
Per a report, security researchers have managed to recover a hefty sum of money by cracking a password to an inaccessible crypto wallet for 11 years. Electrical engineer Joe Grand, known online as "Kingpin", was brought in to crack the encryption on a file containing 43.6 BTC.
The hefty sum of cryptocurrency was secured by a password generated by a random password manager called RoboForm. Unfortunately, the password itself had been lost. The anonymous owner feared someone hacked his computer and accessed the password, thereby gaining access to the cryptocurrency.
Millions Recovered In Forgotten Bitcoin Wallet
"At [that] time, I was really paranoid with my security," he said. This is why the owner turned to Grand for help. Grand had gained a reputation within the community in 2022 for assisting another crypto owner to recover access to over $3 million worth of cryptocurrency they'd feared lost forever.
Grand says dozens of people had previously contacted him about retrieving lost cryptocurrency. However, he's declined many of these requests for various reasons. However, This anonymous owner's situation compelled him to offer his assistance.
According to a YouTube video by Grand, the wallet's owner noted that he "generated the password." Next, he copied it, put it in the passphrase of the wallet, and also in a text file that he then encrypted.
When the owner lost access to the account, their Bitcoin was between $3,000 and $4,000. However, the surge in Bitcoin's price, which skyrocketed by over 20,000 percent, prompted the owner to contact Grand for help retrieving his investment.
How A Hacker Unlocked A $3 Million Fortune
"In a perfect world, when you generate a password with a password generator, you expect to get a unique, random output each time that no one else has. [But] in this version of RoboForm, it was not the case," he said.
According to Grand, although Roboform's passwords seem randomly generated, there might have been a vulnerability in older versions that allowed controlling the output password by manipulating the time it was generated.
By exploiting a weakness in the older version of RoboForm's password generator, Grand manipulated the system time to control the output password generation process. This allowed him to generate a large number of possible passwords for the timeframe the original password was created.
He eventually cracked the code, attributing some of the success to luck, according to a Wired interview. "We ultimately got lucky that our parameters and time range was right. If either of those were wrong, we would have ... continued to take guesses/shots in the dark." he told the outlet in an email.
However, such success stories are rare. Just last month, two Massachusetts Institute of Technology (MIT) graduates allegedly perpetrated a $25 million cryptocurrency heist in a novel exploit, according to federal authorities who vowed to prevent similar attacks in the future.
Compounding the challenge for cryptocurrency investors, the UK's financial regulator clamped down on financial influencers (FinFluencers) in March for promoting investments and cryptocurrencies through memes.