Roboform flaw cracks $3M Bitcoin crypto wallet

A group of researchers discovered the password to a crypto-wallet filled with $3mln worth of Bitcoin, by hacking into an 11-year-old version of the RoboForm password manager program. 

In a remarkable turn of events, a team of researchers stumbled upon a digital treasure chest – a crypto-wallet overflowing with a staggering $3 million worth of Bitcoin! Their key? A clever hack into an unexpected source – an outdated version of a password manager program. But how did this treasure hunt unfold?

A Cry for Help

 Two years ago a European holder of the cryptοcurrency Bitcoin, who goes by the name “Michael” contacted hardware hacker Joe Grand to help him hack his Bitcoin wallet containing approximately millions worth of BTC. 

Michael kept his crypto securely in a virtual wallet and had a password with twenty characters manufactured by RoboForm and encrypted with TrueCrypt. Unfortunately, the file was damaged and the access was lost 

At first, Grand refused as he considered that his expertise in the hardware devices has no relevance to a software wallet. But later Michael somehow persuades Grand and his acquaintance Bruno, a hacker, to take up the project. 


Cracking the Code

Both the researchers downgraded to the version of RoboForm used in 2013 and identified that the pseudo-random number generator PRNG connected passwords with date/Time. 

Knowing this, they set the date and time of the computer to a more appropriate date, 2013 to be precise. After multiple attempts, they successfully generated the correct password.

Rediscovering Fortune

This not only paved the way for the solution for a technical problem but it also rendered monetary gain for Michael. After Bitcoin gained its price, his investment expanded (approximately $5,300 in 2013). After the recovery, Michael sold some bitcoin at $62,000 and currently holds 30 BTC which is approximately $3m today.

Crucial Lessons Learned

Packed with such problems, RoboForm, developed by Siber Systems, addressed the issue in one of its updates in 2015, but the story shows that users who haven’t updated their passwords may face such an experience. 

Joe Grand also stressed that they were rather lucky and skilled to consider themselves successful.

“We were indeed fortunate that our parameters and time period coincided to give us success”,  

Michael perceives this as fortunate because his losing access to his wallet denied him the chance to sell his Bitcoin too early and now it is worth millions for him. 

Also Check Out: Crypto Hack Report This Week: Analyzing Recent DeFi Hacks and Security Breaches