Researchers hacked time to recover $3 million worth of Bitcoin.
A crypto wallet locked since 2013 was opened following security researchers’ “hacking of time.”
Security researchers successfully cracked a password to recover over $3 million worth of Bitcoin stuck in a crypto wallet for 11 years.
Electrical engineer Joe Grand, using the alias “Kingpin,” was hired to break into an encrypted file containing 43.6 BTC held since 2013. The cryptocurrency was protected by a password generated by a random password generator called Roboform, but the password had long been lost.
The password consisted of a series of 20 characters, including both uppercase and lowercase letters, as well as numbers, making it extremely difficult to crack.
The wallet’s owner, who preferred to remain anonymous, stated in a video released by Grand, “I created the password, copied it, put it into the wallet’s passphrase, and then put it into an encrypted text file.”
The password was lost after the encrypted section of their computer was corrupted. At that time, Bitcoin was worth only a few thousand dollars, and the wallet owner described the situation as “painful but no big deal.”
However, with its value increasing by over 20,000% in the following 10 years, the lost Bitcoin turned into a fortune, leading its owner to reach out to Grand.
Initially rejecting the job, Grand eventually agreed to attempt to recover the money after finding a new method to break the original password generator.
Grand used a reverse engineering tool developed by the United States National Security Agency (NSA) to dissect the code of the password generator.
The electrical engineer stated:
“When you generate a password with a password generator, you expect to get a unique, random output each time, something that no one else possesses. However, that was not the case with this version of RoboForm.”
“While RoboForm’s passwords may appear to be randomly generated, they are not. If we can control time in older versions of this software, then we can control the password as well.”
Grand realized that if he could trick the system into thinking it was in 2013 at the moment the password was generated, the system would recreate the same password.
With only a rough idea of when the password was generated, Grand, working with his colleague Bruno, generated millions of potential passwords and eventually cracked the code.
Since then, RoboForm has updated its platform to improve the randomness of its tool, so the time-based hacking approach no longer works on passwords generated after 2015.
Grand now hopes to help more people who are deprived of their cryptocurrency wallets, but he said that new approaches may be needed:
“If this project requires hacking time, what dimension will we have to hack next?”
Page Contents
Toggle