In November last year, researchers Joe Grand and Bruno, using insights into a flawed password generator, successfully cracked an 11-year-old password, unlocking Michael’s $3 million cryptocurrency wallet initially thought irretrievable.
When “Michael,” a cryptocurrency owner, reached out to Joe Grand two years ago asking for assistance in regaining access to almost $2 million worth of bitcoin that Grand had kept on his computer in an encrypted format, Grand declined.
Michael, a European who has requested to remain anonymous, kept the cryptocurrency in a digital wallet that required a password to access. He used the RoboForm password manager to create a password, which he then saved in an encrypted file using TrueCrypt. The 20-character password Michael had created to protect his 43.6 BTC (worth a total of roughly €4,000, or $5,300, in 2013) was lost when that file became corrupted.
Michael created the password using the RoboForm password manager, but he didn’t keep it in his manager. He was concerned that the password would be stolen by someone breaking into his computer.
“At [that] time, I was really paranoid with my security,” he laughs.
Grand, a well-known hardware hacker, assisted another cryptocurrency wallet owner in 2022 in getting access to $2 million in cryptocurrency that he had assumed he would never get back after losing the PIN to his Trezor wallet. Dozens of people have now gotten in touch with Grand to assist them in finding their treasure. However, Grand, who goes by the hacker handle “Kingpin,” declines the majority of them for different reasons.
Grand, an electrical engineer, cohosted the Discovery Channel series Prototype This in 2008 and started breaking into computers at the age of ten. These days, he provides advice to businesses that develop intricate digital systems, helping them to comprehend how hardware hackers such as himself could compromise their systems. In 2022, he used sophisticated hardware techniques to force the USB-style wallet Trezor to expose its password.
However, Michael kept his cryptocurrency in a software-based wallet, so Grand’s hardware expertise was useless this time. He thought about creating a script to automatically guess millions of password combinations to brute-force Michael’s password, but he concluded this was not practical. For a moment, he wondered whether there was a bug in the RoboForm password manager Michael was using to create his password that would make it easier for him to guess it. But Grand didn’t think such a defect existed.
Michael reached out to several experts in deciphering encryption, but they all assured him that there was “no chance” of getting his money back. But when he called Grand again in June of last year in an attempt to persuade him to provide a hand, Grand consented to try it out this time, collaborating with a friend named Bruno in Germany who is also skilled at hacking digital wallets.
After spending months dissecting the RoboForm version they believed Michael had used in 2013, Grand and Bruno discovered that the pseudo-random number generator that was employed to create passwords in that version—as well as later versions up until 2015—had a serious flaw that prevented the random number generator from being truly random. Unwisely, the RoboForm program connected the date and time of the user’s computer to the random passwords it produced; it first ascertained the date and time of the machine before producing predictable passwords. Any password that would have been produced on a specific date and time in the past could be computed if you knew the date, time, and other details.
The number of possible password guesses would be reduced to a manageable amount if Michael knew the day or approximate period in 2013 when he generated the password, as well as the parameters he used to generate it (for example, the number of characters in the password, including lower- and upper-case letters, figures, and special characters). Then, by taking control of the RoboForm function that verifies the time and date on a computer, they could make it travel through time by tricking it into thinking that the current date was a day from 2013, the year that Michael created his password. The passwords that RoboForm had created on those days in 2013 would then be spat out.
One issue arose: Michael was unable to recall when he came up with the password.
The first time Michael moved bitcoin into his software wallet was on April 14, 2013, based on the log that was kept there. However, he was unable to recall whether he created the password on the same day or at a later date. Grand and Bruno set up RoboForm to produce 20-character passwords containing upper- and lower-case letters, digits, and eight special characters between March 1 and April 20, 2013, based on the characteristics of prior passwords he generated using the program.
It was unable to produce the correct password. Grand and Bruno therefore extended the period using the same assumptions, extending it from April 20 to June 1, 2013. Still no luck.
Michael claims that they kept getting back to him, inquiring as to whether he was certain of the guidelines he’d used. He stuck to his first answer.
“They really annoyed me, because who knows what I did 10 years ago,” he recalls. He found other passwords he generated with RoboForm in 2013, and two of them did not use special characters, so Grand and Bruno adjusted. Last November, they reached out to Michael to set up a meeting in person. “I thought, ‘Oh my God, they will ask me again for the settings.”
Instead, they disclosed that they had at last discovered the right password, which lacked any unusual characters. On May 15, 2013, at 4:10:40 PM GMT, it was produced.
To provide a more detailed explanation of the technical details, Grand and Bruno made a video.
“We ultimately got lucky that our parameters and time range were right. If either of those were wrong, we would have … continued to take guesses/shots in the dark,” Grand says in an email. “It would have taken significantly longer to precompute all the possible passwords.”
To provide a more detailed explanation of the technical details, Grand and Bruno made a video.
According to a business release, RoboForm, a password manager developed by US-based Siber Systems, was among the first available on the market and presently boasts over 6 million users globally. Siber appeared to have resolved the RoboForm password manager in 2015. Grand and Bruno believe they disabled the pseudo-random number generator in the 2015 version to address the bug because, at first glance, they saw no evidence that it was consuming computer resources. However, Grand notes that further investigation is necessary to be certain.
Siber Systems acknowledged that the problem with RoboForm version 7.9.14, which was published on June 10, 2015, had been resolved; however, a representative declined to comment on the method used. The company’s website has a changelog that simply states that Siber engineers made modifications to “increase randomness of generated passwords,” without explaining how they achieved this. According to Siber spokesperson Simon Davis, “RoboForm 7 was discontinued in 2017.”
According to Grand, attackers might still be able to generate passwords using versions of RoboForm released before the 2015 update, as it is unknown how Siber resolved the problem. He’s also unsure if the issue still exists in the most recent versions.
“I’m still not sure I would trust it without knowing how they improved the password generation in more recent versions,” he says. “I’m not sure if RoboForm knew how bad this particular weakness was.”
Additionally, users might still use passwords created by earlier iterations of the software before the update. When Siber issued the updated version 7.9.14 in 2015, it didn’t seem like it ever told users to create new passwords for important accounts or data. On this, the corporation did not reply to a query.
Customers such as Michael who generated passwords using RoboForm before 2015 and are still using those passwords might have weak passwords that hackers could generate if Siber failed to notify them.
“We know that most people don’t change passwords unless they’re prompted to do so,” Grand says. “Out of 935 passwords in my password manager (not RoboForm), 220 of them are from 2015 and earlier, and most of them are [for] sites I still use.”
More recent passwords may be vulnerable, depending on the company’s actions in 2015 to address the problem.
In November of last year, Michael received a password to access the remaining bitcoins after Grand and Bruno withheld a portion of their payment from his account for their services. At the time, one bitcoin was worth $38,000. Michael held out on selling some of it until the price per coin increased to $62,000. He currently has 30 Bitcoins, which are worth $3 million, and he is holding out for the price of a coin to reach $100,000.
Michael claims that it’s a good thing he forgot the password years ago because he would have missed out on a bigger fortune if he had sold the Bitcoin when it was only worth $40,000.
“That I lost the password was financially a good thing.”
Recently, GreatGameIndia reported that, according to monitors, North Korea has stolen $3.6 billion in crypto assets from cryptocurrency companies between 2017 and 2024, with $147.5 million stolen through the virtual currency platform Tornado Cash in March alone.