How security researchers cracked a Bitcoin wallet with 3 million US dollars
The owner of a valuable Bitcoin wallet has forgotten his password. Thanks to dedicated security researchers, he now has access again.
(Image: stockphoto-graf/Shutterstock)
Imagine you have a Bitcoin wallet with cryptocurrency worth 3 million US dollars. But because you have forgotten the password, you cannot sell the bitcoins and have to do without the money. Especially with long passwords with special characters, the chances of cracking the password are very slim. Thanks to a software error, however, this has now been successful in a recent case.
Videos by heise
Locked out of wealth
According to a report by Wired, the owner of a wallet containing almost 44 Bitcoin – currently worth around 3 million US dollars – forgot the 20-digit password he created eleven years ago and asked a security researcher specializing in password cracking for help. He has already successfully helped a forgetful crypto wallet owner.
The case from early 2022 involved a forgotten PIN, which he was able to elicit from the USB wallet using a complex hardware setup. In the current case, however, it was a software wallet, and he first tried out long password lists. However, this brute force method did not work.
Software vulnerability as a starting point
After further investigation, the security researcher discovered a vulnerability in the random number generator of the password manager RoboForm, which the wallet owner had used to create his password. The values were not left to chance, but the application took the date and time of the computer as the basis for the generation.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externes YouTube-Video (Google Ireland Limited) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Google Ireland Limited) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
He then teamed up with another security researcher and, together with the wallet owner, they tried to narrow down the time period in which the password was created. After a few failures, they actually managed to find the date and generate the correct password.
The security researchers state that the software vulnerability in RoboForm has been closed since 2015 in version 7.9.14. However, the provider has never specifically communicated how they have eliminated the vulnerability in the random generator. As a result, the researchers remain suspicious and warn that passwords generated with RoboForm before 2015 are insecure.
The wallet owner claims to have paid the security researchers a reward. The amount is currently unknown. Meanwhile, he has sold some Bitcoins and now wants to wait with further sales until the Bitcoin value increases from currently around 60,000 euros to 90,000 euros. According to his own statements, he is now glad that he did not have access to the wallet earlier, as he would probably have sold the cryptos earlier at a significantly lower price.
(des)
