Cyber Engineers ‘Hacked Time’ to Recover $3M in Bitcoin from Password Manager
Pioneering Hackers Exploit RoboForm Flaw to Retrieve Lost Bitcoin
Hardware hacker and engineer Joe Grand, together with his friend, software hacker Bruno, have made headlines by recovering $3 million worth of Bitcoin. They discovered a loophole in an older version of the RoboForm password manager, enabling them to access the lost cryptocurrency.
The Discovery of the Loophole
In a YouTube video published on May 28, Joe Grand shared the remarkable story. In 2022, he was contacted by Michael, a European crypto owner who had lost access to his 20-character password, generated by RoboForm and stored in a TrueCrypt-encrypted file. The password was crucial to unlocking Michael’s Bitcoin wallet, containing millions in BTC.
The Reverse Engineering Process
Grand and Bruno dedicated months to reverse-engineering the specific version of RoboForm that Michael had used back in 2013. They discovered that this older version had a critical flaw in the way it generated passwords, making them predictable based on the computer’s date and time. This vulnerability was a stroke of luck for Michael, as his password was created before RoboForm patched the bug.
The Brute Force Attack
To exploit this flaw, Grand and Bruno generated millions of possible passwords based on the estimated timeframe when Michael’s password was created. After refining their approach, they successfully identified the correct password, which had been generated on May 15, 2013, at 4:10:40 PM GMT. This breakthrough unlocked Michael’s 43.6 BTC, now valued at approximately $3 million.
Implications for RoboForm Users
Investigative journalist Kim Zetter highlighted on X that any of RoboForm’s current six million users with passwords generated by versions prior to 2015 could be at risk. These passwords might be vulnerable to similar cracking techniques. As of the time of writing, RoboForm has not made any public statements regarding this security issue.
A Storied Career in Hacking
Joe Grand, the founder of Grand Idea Studio, is an electrical engineer, inventor, and renowned hardware hacker. He gained fame in the crypto community for hacking a Trezor One wallet in 2022, helping its owner recover $2 million in Bitcoin. Known by his hacker handle “Kingpin,” Grand has a distinguished career in hardware hacking and continues to work with companies to enhance their digital security.
This story underscores the importance of robust digital security practices and the evolving nature of cyber vulnerabilities. As technology advances, so too must our methods for protecting valuable digital assets.
Read More
Michael Saylor Hails Fed U-Turn: US Banks Cleared to Back Bitcoin on $95K Rally
Kuwait bans Bitcoin mining over energy concerns and legal violations
Cyber Engineers ‘Hacked Time’ to Recover $3M in Bitcoin from Password Manager
Pioneering Hackers Exploit RoboForm Flaw to Retrieve Lost Bitcoin
Hardware hacker and engineer Joe Grand, together with his friend, software hacker Bruno, have made headlines by recovering $3 million worth of Bitcoin. They discovered a loophole in an older version of the RoboForm password manager, enabling them to access the lost cryptocurrency.
The Discovery of the Loophole
In a YouTube video published on May 28, Joe Grand shared the remarkable story. In 2022, he was contacted by Michael, a European crypto owner who had lost access to his 20-character password, generated by RoboForm and stored in a TrueCrypt-encrypted file. The password was crucial to unlocking Michael’s Bitcoin wallet, containing millions in BTC.
The Reverse Engineering Process
Grand and Bruno dedicated months to reverse-engineering the specific version of RoboForm that Michael had used back in 2013. They discovered that this older version had a critical flaw in the way it generated passwords, making them predictable based on the computer’s date and time. This vulnerability was a stroke of luck for Michael, as his password was created before RoboForm patched the bug.
The Brute Force Attack
To exploit this flaw, Grand and Bruno generated millions of possible passwords based on the estimated timeframe when Michael’s password was created. After refining their approach, they successfully identified the correct password, which had been generated on May 15, 2013, at 4:10:40 PM GMT. This breakthrough unlocked Michael’s 43.6 BTC, now valued at approximately $3 million.
Implications for RoboForm Users
Investigative journalist Kim Zetter highlighted on X that any of RoboForm’s current six million users with passwords generated by versions prior to 2015 could be at risk. These passwords might be vulnerable to similar cracking techniques. As of the time of writing, RoboForm has not made any public statements regarding this security issue.
A Storied Career in Hacking
Joe Grand, the founder of Grand Idea Studio, is an electrical engineer, inventor, and renowned hardware hacker. He gained fame in the crypto community for hacking a Trezor One wallet in 2022, helping its owner recover $2 million in Bitcoin. Known by his hacker handle “Kingpin,” Grand has a distinguished career in hardware hacking and continues to work with companies to enhance their digital security.
This story underscores the importance of robust digital security practices and the evolving nature of cyber vulnerabilities. As technology advances, so too must our methods for protecting valuable digital assets.
Read More
Michael Saylor Hails Fed U-Turn: US Banks Cleared to Back Bitcoin on $95K Rally