Hackers Crack $3M Bitcoin Wallet Lost for 12 Years

Hackers recover a $3 million Bitcoin wallet lost for 12 years by exploiting a flaw in RoboForm’s password generator.

A Bitcoin wallet that had been lost for 12 years has been successfully unlocked by security researchers. 

The wallet contained 43.6 BTC, which was worth over $3 million when recovered. 

The owner, known only as “Michael,” had lost access to the wallet after forgetting the password created in 2013. In late 2023, hackers Joe Grand and Bruno cracked the password using a flaw in the RoboForm password manager.

Flaw in RoboForm’s Password Generator

In 2013, Michael used RoboForm, a popular password manager, to generate a secure password for his Bitcoin wallet. 

The password was 20 characters long and considered very strong at the time. However, a flaw in the software’s random number generator made it predictable under certain conditions. 

Specifically, the random number generator was tied to the date and time the password was created.

Joe Grand and Bruno identified this flaw during their investigation.

They realized that by knowing the time frame when the password was generated, they could guess the correct password. 

The researchers worked to reverse-engineer the old version of RoboForm, which had been updated in 2015 to fix the issue. Their goal was to narrow down the possible passwords and successfully unlock the wallet.

After several months of trial and error, they managed to generate the correct password. The password was created on May 15, 2013, and it gave them access to the wallet.

This breakthrough led to the recovery of 43.6 BTC, which had been locked away for over a decade.

The Recovery Process and Results

The recovery process was a complex task for Grand and Bruno. They had only the wallet’s creation date and a rough time frame to guide their attempts. 

Despite these challenges, they were able to piece together the correct password after many attempts. By November 2023, they had successfully unlocked the wallet.

At the time of recovery, Bitcoin was valued around $38,000 per coin. 

This meant the 43.6 BTC in the wallet was worth roughly $3 million. After gaining access, Michael was able to reclaim his funds. He decided to wait for the market price to increase further before selling any of the Bitcoin.

By mid-2024, Bitcoin prices had risen to approximately $62,000 per coin. Michael sold a portion of his Bitcoin at that higher price, securing a significant profit. 

As of the latest reports, around 30 BTC remains in the wallet, valued at $3 million.

Related Reading: $1M Drained: Hacker’s “Ghost” Protocol Attack Exposed

Importance of Secure Password Management

This case highlights the importance of using secure and updated password management tools. 

While Michael’s wallet was eventually recovered, it shows the risks of using outdated software. The flaw in RoboForm’s random number generator was fixed in 2015, but many users may still be unaware of the vulnerability.

It is critical for users to regularly update their password managers and use truly random password generators. 

Additionally, storing passwords securely and using two-factor authentication can help prevent future losses. Moreover, as cryptocurrency becomes more valuable, ensuring strong security practices is essential to protect digital assets.

The recovery of this wallet also emphasizes the need for secure backup methods. 

Losing access to a Bitcoin wallet can result in the permanent loss of funds. Therefore, users need to take extra precautions when managing their cryptocurrency holdings.