Engineer and hacker Joe Grand regained access to his software wallet 10 years after losing his password. Due to an error in the RoboForm password manager, it was possible to enter the wallet containing 43.6 bitcoins worth approximately $3 million by cracking the encrypted password.

According to Forbes, in 2013, a European known by the pseudonym Michael created a Bitcoin wallet and created a complex password for it using the RoboForm password manager. He then encrypted this password using TrueCrypt but the encrypted password file was corrupted and there was no backup. Michael did not save his password in RoboForm because he was afraid someone might hack his computer and access his bitcoins.

10 years later, in 2023, Michael sought help from the famous electrical engineer, inventor and white hacker Joe Grand, also known by the nickname Kingpin, who had previously successfully recovered access to Bitcoin wallets with lost passwords. Grand refused at first, as his main job was to advise developers, but after Michael’s second objection in 2023, he decided to solve the problem together with his German colleague Bruno.

Hackers discovered that the problem was a vulnerability in an older version of RoboForm used to generate the password, and Siber Systems, the company that developed RoboForm, confirmed that the problem with the random number generator was only fixed in 2015. It turns out that the password is not completely random, but depends on the date and time it was created. By knowing these parameters, any password created at some point in the past can be identified. However, Michael did not remember the exact date and time of creating the password.

Grand and Bruno analyzed Michael’s software wallet records to determine when the Bitcoins were transferred to him. They also examined the parameters of other passwords generated by RoboForm to determine the type of password and the time period in which it was created. After several unsuccessful attempts and adjustments to the parameters, the hackers finally found the correct password, which was generated on 15 May 2013 at 16:10 GMT.

After successfully cracking the password in late 2023, Michael paid Grand and Bruno their share of the reward by selling some of their Bitcoins. At that time, Michael had 30 BTC left in his wallet out of 43.6 BTC. According to Wired, he plans to wait for Bitcoin to reach $100,000 before cashing out the remaining amount.