Cyber engineers ‘hacked time’ to recover $3m in Bitcoin from password manager
crypto.news 10 h
American engineer Joe Grand with his friend Bruno discovered a loophole in an older version of the RoboForm password manager, enabling them to recover $3 million in BTC.
Hardware hacker and engineer Joe Grand together with his friend, software hacker Bruno have found a loophole in an old version of the RoboForm password manager, enabling them to recover millions worth of Bitcoin.
In a YouTube video published on May 28, Grand explained that in 2022 he was reached out by Michael, a European crypto owner who sought his help to recover millions worth of Bitcoin, stuck on his computer as he lost access to his 20-character password generated by RoboForm and stored it in a TrueCrypt-encrypted file.
Grand and Bruno spent months reverse-engineering the version of RoboForm Michael used in 2013, when created the password for his Bitcoin wallet.
They both eventually discovered that one of RoboForm’s old versions had a flaw in the way the software generated passwords, making them predictable based on the computer’s date and time. Luckily for Michael, his password was generated way before RoboForm patched the bug.
You might also like: Unciphered discovers $1b vulnerability in BitcoinJS-built crypto wallets
Investigative journalist Kim Zetter noted in an X post that “if any of RoboForm’s current 6 million users are using passwords generated by the RoboForm’s version prior to 2015 before the company silently fixed the flaw, they may have passwords that can be cracked in the same way.” As of press time, RoboForm made no public statements on the matter.
This means that if any of RoboForm’s current 6 million users are using passwords generated by the @roboform password manager prior to 2015, before the company silently fixed the flaw, they may have passwords that can be cracked in the same way.
— Kim Zetter (@KimZetter) May 28, 2024
Having generated millions of passwords based on the timeframe when Michael supposedly created his password, the two began brute forcing to find the one that would grant access to Michael’s wallet. After refining their approach, Grand and Bruno successfully discovered the password, created on May 15, 2013, at 4:10:40 PM GMT, unlocking Michael’s 43.6 BTC, currently worth around $3 million.
The founder of Grand Idea Studio, Joe Grand is an electrical engineer, inventor, and hardware hacker best known in the crypto community for hacking a Trezor One wallet in 2022 to help its owner recover $2 million in BTC. Grand, who goes by the hacker handle “Kingpin,” has a storied career in hardware hacking and continues to consult with companies to enhance their digital security.
Read more: Trezor X account compromised as hackers push phony Solana token
Source