News

Roboform flaw breaks $3 million Bitcoin crypto wallet

Published

6 months ago

on

A group of researchers discovery the password to a crypto wallet containing $3 million worth Bitcoinby hacking an 11-year-old version of the RoboForm password management program.

In an extraordinary turn of events, a team of researchers has stumbled upon a digital treasure chest: a crypto wallet overflowing with Bitcoin worth a staggering $3 million! Their key? A clever attack on an unexpected source: an outdated version of a password manager program. But how did this treasure hunt take place?

A cry for help

Two years ago a European holder of the Bitcoin cryptocurrency, known by the name “Michael”, contacted hardware hacker Joe Grand to help him hack his Bitcoin wallet containing approximately millions of BTC.

Michael stored his crypto securely in a virtual wallet and had a twenty-character password produced by RoboForm and encrypted with TrueCrypt. Unfortunately, the file was damaged and access was lost

Initially, Grand refused because he believed his expertise in hardware devices had no relevance to a software wallet. But later Michael somehow convinces Grand and his acquaintance Bruno, a hacker, to take on the project.

Crack the code

Both researchers switched to the version of RoboForm used in 2013 and found that the PRNG pseudo-random number generator linked passwords with timestamps.

Knowing this, they set the computer’s date and time to a more appropriate date, 2013 to be precise. After several attempts, they successfully generated the correct password.

Rediscover luck

This not only paved the way for solving a technical problem, but also brought Michael monetary gain. After Bitcoin gained its price, his investment increased (around $5,300 in 2013). After the recovery, Michael sold some bitcoins for $62,000 and currently holds 30 BTC, which is equivalent to approximately $3 million today.

Crucial lessons learned

Riddled with such issues, RoboForm, developed by Siber Systems, addressed the issue in one of its updates in 2015, but history shows that users who have not updated their passwords may have to face such an experience.

Joe Grand also pointed out that they were quite lucky and skilled in considering themselves successful.

“We were really lucky that our parameters and time frame coincided to give us success,”

Michael considers this fortunate because the loss of access to his wallet denied him the ability to sell his Bitcoin too soon and it is now worth millions to him.

Also check: This week’s Cryptocurrency Hack Report: Analysis of recent DeFi hacks and security breaches

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version