Crypto Ecosystems • May 28, 2024, 2:15PM EDT
Published 1 minute earlier on

Researchers recover nearly $3 million in bitcoin by retrieving lost password to 2013 crypto wallet

Read the non-AMP story on Theblock.co
Stokkete / Shutterstock

Quick Take

  • Two researchers helped a man recover the lost password to a 2013 crypto wallet containing 43.6 BTC, valued at nearly $3 million. 
  • The man had used the password manager RoboForm to generate his wallet’s password in 2013. 
  • They exploited a previous vulnerability in RoboForm’s random number generator until they found the right password. 

Two researchers helped a man find the lost password to his cryptocurrency wallet containing 43.6 BTC, valued at nearly $2.96 million at currency prices.

One of the researchers, Joe Grand, is a hardware hacker who had previously unearthed lost bitcoin held in a Trezor wallet. Grand explains in a video that he and his friend exploited a long-fixed vulnerability in the password generator RoboForm, which had been used to create the wallet's password to access the wallet. 

An anonymous man, dubbed Michael, had set up a cryptocurrency wallet sometime in 2013 and then used RoboForm to create its unique password. Michael held the password in an encrypted file, opting not to store it with RoboForm due to security concerns. 

However, when the encrypted file became corrupted, Michael no longer had the 20-character password needed to access the 43.6 BTC in the wallet. 

In 2022, Michael contacted Grand for help. Grand tapped a friend named Bruno to assist with cracking RoboForm's software.

They discovered that RoboFarm had a vulnerability in RoboForm's supposed "random number" generator. The generator connected a password to the specific date and time on the user's computer when the password was created. This issue was fixed in 2015, but the bug should have affected passwords created before then. 

Though Michael didn't exactly remember when he had created his password, the researchers noted that he moved bitcoin into his wallet on April 13, 2013. Using specific time parameters, they tested numerous passwords until they found the correct one, which had been created on May 15, 2013.

A portion of Michael's bitcoin went to Grand and Bruno. Michael sold off another small lot so he now owns 30 BTC, worth around $2 million. Michael told Wired that he intends to hold his bitcoin until a single token is valued at $100,000. 

He added that he was glad he lost access to his wallet as holding onto his tokens for longer allowed them to appreciate over time. 

Bitcoin traded at $67,840, falling 3.26% in the past day, as of 1:21 p.m. ET (17:21 UTC) on May 28, according to The Block Prices


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.