How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers managed to unearth the password to a crypto wallet containing a fortune.

The Beginning of the Journey

Two years ago, “Michael,” a cryptocurrency owner in Europe who wished to remain anonymous, contacted Joe Grand for help. Michael had stored about $2 million worth of bitcoin in a password-protected digital wallet but had lost the password. He had used the RoboForm password manager to generate a 20-character password and stored it in a file encrypted with TrueCrypt. However, the file became corrupted, and Michael lost access to his 43.6 BTC (worth about €4,000, or $5,300, in 2013).

“At that time, I was really paranoid with my security,” Michael said, laughing.

Initially, Grand, a famed hardware hacker known as “Kingpin,” turned Michael down. Grand had previously helped another crypto wallet owner recover access to $2 million in cryptocurrency by cracking the PIN to his Trezor wallet using complex hardware techniques. However, Michael’s case was different as it involved a software-based wallet.

The Turning Point