Two researchers helped a European resident recover the password to a crypto wallet with 43.6 BTC, the cost of which is about $2.96 million. Wired writes about this.
The man, who wished to call himself Michael, said that in 2013 he created a cryptocurrency wallet and used the RoboForm application to generate a secure password.
The software stored the information in encrypted form and after the file was corrupted, Michael lost the 20-digit password needed to access 43.6 BTC.
In 2022, he asked for help from Joe Grand, a well—known hardware hacker under the nickname Kingpin, who helped the owner of the Trezor wallet regain access to $2 million in assets after losing his PIN code.
However, in Michael's case, it was about software, and most of Grand's skills were useless. He agreed to take the job about a year later after repeated requests from Michael and brought in a partner from Germany named Bruno.
The researchers spent several months reverse engineering a version of RoboForm that Michael could use in 2013. As a result, they discovered a vulnerability (fixed in 2015) — the software used timestamps from the computer to generate a password.
According to the wallet log, Michael transferred the cryptocurrency to it on April 14, 2013, but he couldn't remember exactly when he created the password. The experts studied the parameters that Michael used when using RoboForm, and configured the program to generate 20 characters with uppercase and lowercase letters, numbers and eight special characters from March 1 to April 20.
This did not work, and they extended the time frame to June 1. Everything turned out to be useless. According to Michael, Grand and Bruno constantly contacted him and asked if he was sure of the parameters used.
"They really annoyed me, because who knows what I did 10 years ago," he said.
Michael found other passwords that he created through RoboForm in 2013, and two of them did not have special characters. The researchers have made adjustments to their algorithm.
In November 2023, they personally met with Michael and handed over the correct password — without special characters, generated on May 15, 2013.
"In the end, we were lucky: our parameters and time range turned out to be correct. If any of this turned out to be wrong, we would continue to speculate and take pictures in the dark. Pre—calculating all possible passwords would take much longer," Grand commented on the story.
The experts immediately took their share for the work done, at that time the price of bitcoin was about $ 38,000. Michael waited for the quotes to rise to $ 62,000 and sold some of the coins. He intends to keep the remaining 30 BTC until the exchange rate reaches $100,000.
In his opinion, the loss of the password many years ago eventually turned out to be luck, since he would have sold the coins earlier, having lost a significant part of his fortune.
Recall that in May 2023, the manufacturer of Ledger hardware wallets added a function to restore access to the Nano X device via a backup copy of the seed phrase. The option has been criticized in the community.