Notebookcheck Logo

Hackers recover $3 million in bitcoin from software wallet locked for over a decade

Ethical hackers Joe Grand and Bruno help recover $3 million in bitcoin from a locked wallet. (Source: YouTube)
Ethical hackers Joe Grand and Bruno help recover $3 million in bitcoin from a locked wallet. (Source: YouTube)
Well-known YouTuber and ethical hacker Joe Grand, along with fellow software wizard Bruno successfully reverse-engineered a password generation tool and discovered a critical flaw in its earlier version. Thanks to this feat, they were able to re-create the password for a Bitcoin wallet which had been locked since 2013, allowing its owner to regain access to his fortune - worth now over $3 million.

Joe Grand - an ethical hacker and YouTuber who is widely known for his projects involving crypto wallets, has successfully recovered a life-changing amount of bitcoin, presently valued north of $3 million from a software wallet that has been locked for more than a decade. This splendid technical feat was the result of some serious reverse engineering and bug-hunting conducted by Joe and his friend Bruno, who also happens to be a hacking heavyweight.

The premise

The titular Bitcoin wallet was secured using a complex, 20-character password generated by the famous password generation software called RoboForm. Its owner, Michael, had used the software to generate a secure password, which was then stored in a TrueCrypt container. As luck would have it, the encrypted partition became corrupted, abandoning Michael without any recourse, and rendering his funds inaccessible.

Given the massively complex and lengthy nature of the password, traditional brute-forcing attacks were completely unrealistic. Put into perspective by Joe, the probability of being able to correctly 'guess' the password would be as troublesome as finding a specific drop of water in all of Earth's oceans - a task that a mere mortal could never hope to achieve. However, they say where there is desire, there will always be means, and Joe would soon achieve a major step forward

The first breakthrough

Enter Bruno - a fellow ethical hacker, and Joe Grand's frequent collaborator. Bruno's extensive experience in reverse-engineering software would soon prove to be a boon leading to the project's success. Considering the insurmountable nature of a brute-force attack, the duo turned to hunting for vulnerabilities within RoboForm's password generation function. Upon perusing RoboForm's change log (which records changes and bug fixes to the software), they discovered older versions of RoboForm had a critical flaw - the 'random' generation of the password was not random at all. So in essence, by recreating the situational variables that the software used to generate passwords, it would, theoretically, be possible to recreate exact passwords.  

The piece of code which calls the system time, making the password generation process not so random. (Source: Joe Grand via YouTube)
The piece of code which calls the system time, making the password generation process not so random. (Source: Joe Grand via YouTube)

Ghidra to the rescue

For this next part, it is important for us to know what Ghidra and Cheat Engine really do. Both of them, are powerful tools widely used to analyze and reverse engineer or 'decompile' software. Developed by the NSA, Ghidra allows for software decompilation, thus enabling engineers to probe the underlying code of a certain program, helping in finding vulnerabilities and flaws that can then be used to create exploits. Cheat Engine, on the other hand, is a memory scanning tool that lets the user scan and modifies the program's memory while it is in execution, allowing for behavior modification in real-time. 

The register responsible for storing the time value. (Source: Joe Grand via YouTube)
The register responsible for storing the time value. (Source: Joe Grand via YouTube)

Using the aforementioned tools, the team was able to do the impossible. They dove into RoboForm's inner workings, locating the very specific segment of code responsible for the actual password generation. Upon further inspection, they discovered that the function actually used the system time as a seed value of sorts to generate a password. This is the exact opposite of what you'd expect from password-generation software, because the resulting password could then easily be recreated simply by changing the system time. However  for Michael, what was essentially a flaw, would soon turn out to be his safety net.

Hacking 'time'

Utilizing their newfound discovery, the team consisting of Joe & Bruno developed a method to roll back the system time to when Michael claimed he created the password - a 50-day period. They recreated all the potential passwords in the date range by adjusting the time seed value, hoping to find the password generated at that exact past moment. By doing so, the list of potentially correct passwords was reduced exponentially, making a brute-force attack far more effective than before.

But the grind didn't end there. The team encountered several more hurdles involving software crashes and exhausting debugging sessions, but their persistence finally paid off. Upon slightly modifying Michael's initially provided parameters, which now excluded special characters, the team ultimately stumbled upon an exact match. Having struck gold, Bruno announced his victory to Joe through a single text message - 'Success'.

The successful recovery of the 43 BTC - worth over $3 million now, is not only a significant financial relief for the owner but also highlights the undeniable expertise and perseverance of the hacker duo. But it goes without saying, that RoboForm has since addressed the vulnerability, which will make any more recent passwords significantly more tedious to crack, perhaps even impossible. Thus, it is not only necessary to create strong passwords, but also to keep them securely managed.

Disclaimer: The information reported here should not be used as a basis for any personal investment decision. Notebookcheck does not offer cryptocurrency, NFT, or other trading, investment, or financial advice.

Read all 2 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2024 06 > Hackers recover $3 million in bitcoin from software wallet locked for over a decade
Sambit Saha, 2024-06-13 (Update: 2024-06-13)