Many technology enthusiasts, especially those familiar with digital currencies like Bitcoin, often hear stories like this:
Someone obtained a certain amount of Bitcoin many years ago, but it wasn’t worth much at the time, so they didn’t pay much attention to it or properly secure the password for their digital currency wallet. The password might have been written on a small piece of paper or stored on a USB drive or hard drive.
Years later, Bitcoin’s value skyrocketed, turning these previously insignificant digital currencies into a considerable fortune. However, the problem and embarrassment were that they couldn’t find the password for their encrypted wallet.
A few years ago, a British man claimed that his digital currency password was stored on a USB drive, which was likely thrown away as trash and ended up buried in a public landfill. He asked the local sanitation department to help him search the landfill for the USB drive, offering a percentage of the recovered fortune as a reward, but the local government refused.
Such cases are not uncommon worldwide, but the chances of recovering the password are very slim, and most end tragically, with immense wealth disappearing instantly, leaving people to sigh in regret.
However, here is a rare “comedy” case that I want to share with you.
A man named Michael, who owned a total of 43.6 Bitcoins, lost his password in 2013. The good news is that six months ago, he successfully recovered his password with the help of two third-party researchers.
The cracking work was done by renowned hardware hacker Joe Grand, also known as Kingpin, and his German partner, software hacker Bruno.
When Michael initially created his digital wallet, he used RoboForm’s password manager to generate a 20-character random password and stored it in a file encrypted with TrueCrypt, an open-source encryption software that is no longer maintained.
Unfortunately, the TrueCrypt file got corrupted shortly after its creation, and without a secondary password storage, Michael was unable to retrieve the wallet password, effectively losing his 43.6 Bitcoins. However, if he could recover the password, he could regain access to those Bitcoins.
Michael was quite fortunate. RoboForm versions released before 2015 were later found to have a significant flaw: the passwords they generated were not entirely random.
RoboForm linked the random password generation software with the date and time of password creation. This meant that anyone who could reverse-engineer the software and determine the date and time of password creation could recreate the password.
This was the principle and approach Grand and Bruno used to crack Michael’s password. After determining the date and time of password creation and roughly six months of effort, in November 2023, Grand and Bruno finally succeeded in recovering Michael’s password, allowing him to successfully log into his Bitcoin account.
At that time, a single Bitcoin was priced at $38,000, and now it is $68,000. The total value of those 43.6 Bitcoins is approximately $3 million, a considerable fortune with potential for further growth. Grand and Bruno received a percentage of the recovered fortune as a reward.
The entire cracking process took nearly six months. Grand discovered that any password generated by RoboForm versions before 7.9.14, released before 2015, was vulnerable to the same attack and could be cracked using the same method. He advised all users of these versions to immediately change their passwords.
Overall, Michael was extremely lucky. There have been many reported cases of lost Bitcoin wallet passwords over the years, but very few have successfully recovered them. It could be called a “miracle,” or as the saying goes, “his ancestors must be smiling down on him.”
Disclaimer: This article is created by the original author. The content of the article represents their personal opinions. Our reposting is for sharing and discussion purposes only and does not imply our endorsement or agreement. If you have any objections, please contact us through the provided channels.