News
Computer engineers ‘hacked time’ to recover $3 million in Bitcoin from password manager
American engineer Joe Grand and his friend Bruno discovered a loophole in an older version of the RoboForm password manager, allowing them to recover $3 million in BTC.
Hacker and hardware engineer Joe Grand together with his friend, software hacker Bruno, found a loophole in an old version of the RoboForm password manager, allowing them to recover millions of passwords Bitcoin.
In a YouTube video published on May 28, Grand explained that in 2022 he was contacted by Michael, a European cryptocurrency owner who sought his help in recovering millions of Bitcoin, locked on his computer because he had lost access to his 20-character password generated by RoboForm and stored it in a TrueCrypt encrypted file.
Grand and Bruno spent months reverse-engineering the version of RoboForm that Michael used in 2013, when he created the password for his Bitcoin wallet.
Both eventually discovered that one of the older versions of RoboForm had a flaw in the way the software generated passwords, making them predictable based on the computer’s date and time. Luckily for Michael, his password was generated long before RoboForm fixed the bug.
Investigative journalist Kim Zetter noted in a post on the same way.” .” As of this writing, RoboForm has made no public statements on the matter.
This means that if any of RoboForm’s current 6 million users use passwords generated by @roboform Password managers before 2015, before the company quietly fixed the flaw, may have passwords that can be hacked in the same way.
— Kim Zetter (@KimZetter) May 28, 2024
After generating millions of passwords based on the length of time Michael supposedly created his password, the two began brutal cracking to find the one that would grant access to Michael’s wallet. After perfecting their approach, Grand and Bruno successfully cracked the password, created on May 15, 2013 at 16:10:40 GMT, unlocking Michael’s 43.6 BTC, currently worth around $3 million.
The founder of Grand Idea Studio, Joe Grand is an electrical engineer, inventor, and hardware hacker known in the crypto community for hacking a Trezor One wallet in 2022 to help its owner recover $2 million in BTC. Grand, known by the alias “Kingpin,” has a storied career in hardware hacking and continues to consult with companies to improve their digital security.