In a remarkable feat of cybersecurity, two researchers have successfully recovered nearly $3 million worth of Bitcoin from a wallet that had been locked since 2013. The wallet, containing 43.6 BTC, was inaccessible due to a lost password, but the researchers managed to crack it by exploiting a long-fixed vulnerability in a password manager.
Key Takeaways
- Two researchers recovered 43.6 BTC, valued at nearly $3 million, from a wallet locked since 2013.
- The wallet’s owner, known as Michael, had lost the password after the encrypted file storing it became corrupted.
- The researchers exploited a vulnerability in the RoboForm password manager to retrieve the password.
The Lost Password
In 2013, an anonymous man, referred to as Michael, created a Bitcoin wallet and used the RoboForm password manager to generate a complex 20-character password. Concerned about security, Michael stored the password in an encrypted file rather than within RoboForm itself. Unfortunately, the encrypted file became corrupted, rendering the password—and the 43.6 BTC it protected—inaccessible.
The Recovery Effort
In 2022, Michael reached out to Joe Grand, a hardware hacker known for his expertise in recovering lost cryptocurrency. Initially hesitant, Grand eventually agreed to take on the challenge, enlisting the help of his colleague Bruno. The duo focused on a vulnerability in the RoboForm password manager’s random number generator, which had been fixed in 2015 but still affected passwords created before then.
Exploiting the Vulnerability
The RoboForm vulnerability tied the generated passwords to the specific date and time on the user’s computer. By reverse-engineering the software, Grand and Bruno were able to simulate the conditions under which Michael’s password was created. They tested numerous passwords within a specific time frame until they found the correct one, which had been generated on May 15, 2013.
The Outcome
Upon successfully retrieving the password, Michael rewarded Grand and Bruno with a portion of the recovered Bitcoin. Michael sold some of the Bitcoin, retaining 30 BTC, which is currently worth around $2 million. He plans to hold onto the remaining Bitcoin until its value reaches $100,000 per coin.
Lessons Learned
This case highlights the importance of secure password management and the potential vulnerabilities in even the most trusted software. It also underscores the value of persistence and ingenuity in the field of cybersecurity.
Bitcoin’s value has fluctuated significantly since 2013, making the recovery of these funds particularly noteworthy. As of the latest reports, Bitcoin is trading at around $68,000 per coin, a substantial increase from its value when Michael first created his wallet.
Future Implications
Joe Grand and Bruno’s success in this endeavor opens the door for similar recovery efforts in the future. However, as password management software continues to evolve, new methods and vulnerabilities will need to be identified and addressed. Grand himself has expressed interest in helping more people recover lost cryptocurrency, though he acknowledges that each case presents unique challenges.
In conclusion, the recovery of nearly $3 million in Bitcoin from a locked wallet is a testament to the power of cybersecurity expertise and innovative problem-solving. It serves as a reminder of the ever-present need for robust digital security measures.
Sources
- Researchers find lost password to crypto wallet holding 43.6 BTC: Wired | The Block, The Block.
- Researchers ‘hack time’ to recover $3 million bitcoin wallet | The Independent, The Independent.
- A man got $3 million in Bitcoin back after he lost his password, Quartz.
- How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet | WIRED, WIRED.
- How Bitcoin Hackers Recovered $3 Million From Wallet Locked In 2013, Forbes.
