American hardware hacker Joe Grand, alongside his software hacker friend Bruno, successfully exploited a flaw in an older version of the RoboForm password manager to recover $3 million worth of Bitcoin.
In a YouTube video released on May 28, Grand detailed how he was contacted in 2022 by Michael, a European cryptocurrency owner who had lost access to his Bitcoin wallet. Michael’s 20-character password, generated by RoboForm, was stored in a TrueCrypt-encrypted file, and he sought Grand’s help to retrieve it.
Grand and Bruno embarked on a meticulous journey, spending months reverse-engineering the 2013 version of RoboForm that Michael had used to create his password. They discovered that this version had a significant flaw: it generated passwords predictably based on the computer’s date and time. This flaw, fortuitously for Michael, existed before RoboForm silently patched it in 2015.
Investigative journalist Kim Zetter highlighted the potential implications of this flaw, noting in an X post that any of RoboForm’s current 6 million users who generated passwords with versions prior to 2015 might have similarly vulnerable passwords. As of now, RoboForm has not issued a public statement regarding the matter.
Leveraging the predictable nature of the password generation, Grand and Bruno created millions of potential passwords based on the timeframe when Michael likely generated his password. After a rigorous brute-force attack, they successfully identified the correct password, which had been created on May 15, 2013, at 4:10:40 PM GMT. This unlocked Michael’s 43.6 BTC, valued at approximately $3 million.
Joe Grand, founder of Grand Idea Studio, is renowned in the crypto community for his expertise in hardware hacking. Notably, he gained recognition in 2022 for hacking a Trezor One wallet to help another owner recover $2 million in Bitcoin. Known by his hacker alias “Kingpin,” Grand continues to use his skills to consult with companies, enhancing their digital security frameworks.
This remarkable feat underscores the importance of robust and unpredictable password management systems, and serves as a reminder of the vulnerabilities that can exist in older software versions.
Powered by Crypto Expert BD
Follow us on Twitter: https://x.com/CryptoExpert_BD
Join our Telegram channel: https://t.me/CryptoExpert_BD
