Cracking the code: How researchers recovered millions from a decade-old, password-protected crypto wallet

Shawn Knight

Posts: 15,351   +193
Staff member
Finding the flaw: A cryptocurrency holder reached out to renowned hacker Joe Grand about two years ago for help in regaining access to an encrypted digital wallet on his computer reportedly containing about $2 million worth of Bitcoin. Grand turned down the offer. You see, Grand specializes in hardware skills and Michael stored his crypto in a software based wallet.

"Michael," the owner of the locked down digital currency, is based in Europe and told Wired he wished to remain anonymous. He had used a password manager called RoboForm, which generated a strong password that was then stored in an encrypted file created with a tool called TrueCrypt. As fate would have it, the file became corrupted and Michael lost access to the 20-character password used to secure his 43.6 Bitcoins.

Although he used the RoboForm password manager to generate the password, he did not store it in the manager over fear that someone might hack his computer and steal the password.

Determined, Michael reached out to multiple people that specialize in cryptography. Everyone told him he was wasting his time and that he had zero chance of retrieving the money. Last June, however, Michael reached out to Grand again in hopes of a miracle. Grant agreed to see what he could do, and wondered if the RoboForm password manager used to create the password contained any flaws in the way it generates passwords.

Grand worked with a fellow hacker in Germany named Bruno, and spent months reverse engineering the password manager. To their surprise, they found that the pseudo random number generator used to make passwords in that version did indeed have a significant flaw that made random numbers not all that random. Turns out, the password manager used a computer's date and time to help "randomize" passwords.

They were getting somewhere. If Michael knew the day or general time frame when he generated the password plus some other important parameters, they might have a shot at generating a clone of it.

Of course, Michael could not pinpoint exactly when he generated the password. His wallet notes he moved Bitcoin into it for the first time on April 14, 2013. With fingers crossed, the team configured the program to generate passwords from March 1 to April 20, 2013. None worked.

They then adjusted the time frame from April 20 to June 1, 2013, but still no luck. The hackers again asked for more details, like if he was sure he had used special characters to generate the PW. Michael's was mostly certain on his original information, but then found two passwords from 2013 that did not use special characters, so they tweaked the settings to exclude them and bingo, they had a match. Michael's crypto password was generated on May 15, 2013 at 4:10:40 pm GMT.

Grand and Bruno kept a small fee for their troubles and gave Michael the password to access the remainder. According to Wired, he waited until Bitcoin hit $62,000 before selling some of it. He is currently sitting on about 30 BTC, worth around $2 million. His goal is to hold on to the Bitcoins until they reach a value of $100,000 each, which would put his haul around $3 million.

In the end, Michael said he was lucky to have lost the password all those years ago. Otherwise, he believes he would have sold off his stash when Bitcoin hit $40,000 a coin and lost out on a lot of money.

Losing the password was financially a good thing, he said.

Permalink to story:

 
Didn't the bright spark ever think of simply writing down that password on a piece of paper? Duh.....

So many ways to store a password in plain sight, that even if someone searched your house and found it, it would be near useless to them unless billions of trials and error. Assuming they are not working on a dummy ones.
When I was on the road for a year or 2, easy to forget a unused bank pin. Used to store it as apart of phone number in an address book with real people, real numbers. Even needlessly made it harder by using the complement eg (212) 457 8692

If 5786 were the numbers I always used then pin would 5324, or I could have add my birth year to it etc
So if I did have BTC if would be lot more tricky than this

One bank also has that I have 10 personal questions , as well as 2fa for new transfer or big transfers enter 2 and 7 letter etc

Those questions are pretty cryptic. If I have seen one for awhile, even I have to think for a minute or so
 
Back