It was a costly case of forgotten password.
A team of security researchers successfully cracked a password to recover a man’s $3 million [just over £2 million] bitcoin fortune.
Electrical engineer and YouTuber Joe Grand was hired to hack into an encrypted file holding 43.6 BTC, which had been held there since 2013.
The password for the file was produced by a password generator called Roboform over a decade ago, and was a series of 20 upper and lower case letters, as well as numbers, that had been designed to be as difficult as possible to crack.
The wallet’s owner, who decided to remain anonymous, said in the video: “I generated the password, I copied it, put it in the passphrase of the wallet, and also in a text file that I then encrypted.”
The encrypted part of his computer that held the password became corrupted, thus resulting in the password being lost.
At the time this occurred, the bitcoin was worth a couple of thousand euros, which the wallet’s owner described as “painful but OK”.
The lost bitcoin grew into a fortune over the next decade, as the price of bitcoin rose by more than 20,000 per cent, causing its owner to reach out to the popular YouTuber.
Mr Grand used a reverse engineering tool developed by the US National Security Agency (NSA) to disassemble the password generator’s code.
“In a perfect world, when you generate a password with a password generator, you expect to get a unique, random output each time that no one else has. [But] in this version of RoboForm, it was not the case,” Mr Grand said.
“While RoboForm’s passwords appear to be randomly generated, they’re not. With the older versions of this software, if we can control the time, we can control the password.”
In other words, he made it seem as though he was requesting the password from Roboform for the first time, just like the anonymous account holder did back in 2013.
After several attemps, the generator produced the exact same password it had delivered on that day eleven years ago.
The video ends with the team eventually gaining access to the account, recovering $1.6 million worth of virtual money.
When asked what he was going to do with his new fortune, the owner of the fund said: “Pay debts from my apartment, potentially found a new company and securing the future life of my son.”
Related Links:
Student, 21, who spent $300 to start his side hustle now rakes in $500,000 a year
Boyfriend who earns three times more than girlfriend called ‘tight’ for asking her to pay half
Man mistakenly given £122k by bank was told he could keep it
