Researchers crack an 11-year-old password and recover $3 million in bitcoins

Flavio Coelho/Getty Images

Two years ago, when cryptocurrency owner “Michael” contacted Joe Grand to help him regain access to around $2 million worth of bitcoins he stored in encrypted format on his computer, Grand turned him down. .

Michael, who resides in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet. He generated a password using the RoboForm password manager and stored it in an encrypted file with a tool called TrueCrypt. At some point, that file became corrupted and Michael lost access to the 20-character password he had generated to protect his 43.6 BTC (worth a total of about 4,000 euros, or $5,300, in 2013). Michael used RoboForm’s password manager to generate the password but did not store it in his password manager. He was worried that someone would hack into his computer and get the password.

“In [that] I was really paranoid about my safety at the time,” he laughs.

Grand is a famous hardware hacker who in 2022 helped another crypto wallet owner regain access to $2 million in cryptocurrency he thought he had lost forever after forgetting his Trezor wallet PIN. Since then, dozens of people have contacted Grand to help them recover his treasure. But Grand, known by the hacker nickname “Kingpin,” rejects most of them, for several reasons.

Grand is an electrical engineer who began hacking computer hardware at age 10 and in 2008 co-hosted the Discovery Channel show Prototype This. He now consults with companies that build complex digital systems to help them understand how hackers like him could subvert their systems. He cracked the Trezor wallet in 2022 using complex hardware techniques that forced the USB-style wallet to reveal its password.

But Michael stored his cryptocurrency in a software-based wallet, which meant that none of Grand’s hardware skills were relevant this time. He considered brute-forcing Michael’s password (writing a script to automatically guess millions of possible passwords and find the correct one), but determined this was not feasible. He briefly considered that the RoboForm password manager that Michael used to generate his password might have a flaw in the way he generated passwords, allowing him to guess the password more easily. Grand, however, doubted that such a defect existed.

Michael contacted several people who specialize in cracking cryptography; They all told him that “there is no possibility” of recovering the money from him. But last June he approached Grand again, hoping to convince him to help, and this time Grand agreed to give it a try, working with a friend named Bruno in Germany who also hacks digital wallets.

Leave a Comment