A group of hackers unlocked a $3 million Bitcoin wallet after a man forgot his password for 11 years.
Back in 2022, an anonymous wallet owner referred to as Michael reached out to electrical engineer Joe Grand, who goes by the handle "Kingpin" online, to hack into an encrypted file, as reported by Wired.
The owner generated a 20-character password by using Roboform and stored it in a file encrypted with a tool called TrueCrypt to keep his 43.6 BTC, which was worth a total of about $5,300, in 2013, safe.
But the password got lost, leaving Michael worried that someone would hack his computer and ultimately gain access to his cryptocurrency. "At [that] time, I was really paranoid with my security," he shared, per the outlet.
The owner asked Grand for his assistance because the famed hacker became renowned for helping another owner recover access to over $2 million in cryptocurrency he thought he'd lost forever.
However, the electrical engineer turned him down, stating that many people had contacted him to ask for help with recovering their lost treasure.
Thankfully, Grand gave in to this particular anonymous owner's request and teamed up with his colleague Bruno to crack the code.
The so-called Kingpin published a video on YouTube explaining how he solved the man's password, revealing that he used a tool developed by the US National Security Agency (NSA) to disassemble the password generator’s code.
"In a perfect world, when you generate a password with a password generator, you expect to get a unique, random output each time that no one else has," he explained. "[But] in this version of RoboForm, it was not the case."
"While RoboForm’s passwords appear to be randomly generated, they’re not. With the older versions of this software, if we can control the time, we can control the password," he added.
According to Forbes, the tech wizard and Bruno were able to cleverly trick the system by using a date range between March 1 and April 20, 2013, to see when the password was created.
When this didn’t work, they adjusted the time frame once again after gaining more information from the wallet owner.
Eventually, they discovered that Michael generated a password, with no special letters, on May 15, 2013, at 4:10:40PM GMT, per Forbes.
In an email to WIRED, Grand remarks he and his partner were "ultimately lucky that [their] parameters and time range was right" adding: "If either of those were wrong, we would have… continued to take guesses/shots in the dark."
“It would have taken significantly longer to precompute all the possible passwords," he concluded.
