Researchers Recover Access to 2013 Bitcoin Wallet Worth Nearly $3 Million

Two researchers assisted a European resident in recovering the password to a cryptocurrency wallet containing 43.6 BTC, valued at approximately $2.96 million, according to Wired.

The man, who wished to be called Michael, explained that he created a cryptocurrency wallet in 2013 and used the RoboForm application to generate a secure password.

The software stored information in an encrypted form, and after the file became corrupted, Michael lost the 20-character password needed to access the 43.6 BTC.

In 2022, he sought help from Joe Grand, a renowned hardware hacker known as Kingpin, who had previously assisted a Trezor wallet owner in recovering assets worth $2 million after losing a PIN code.

However, Michael’s case involved software, rendering much of Grand’s skills ineffective. He agreed to take on the task about a year after Michael’s repeated requests and enlisted a partner from Germany named Bruno.

The researchers spent several months reverse-engineering the version of RoboForm that Michael might have used in 2013. They discovered a vulnerability (patched in 2015) where the software used timestamps from the computer to generate passwords.

According to the wallet log, Michael transferred cryptocurrency to it on April 14, 2013, but he could not recall when he created the password. The experts examined the parameters Michael used with RoboForm and configured the program to generate 20 characters with uppercase and lowercase letters, numbers, and eight special symbols from March 1 to April 20.

This yielded no results, so they extended the timeframe to June 1. All efforts were futile. According to Michael, Grand and Bruno frequently asked him if he was sure about the parameters he used.

“They were very annoying because who knows what I did 10 years ago,” he noted.

Michael found other passwords he had created with RoboForm in 2013, and two of them lacked special symbols. The researchers adjusted their algorithm accordingly.

In November 2023, they met with Michael in person and provided the correct password—without special symbols, generated on May 15, 2013.

“In the end, we were lucky: our parameters and timeframe were correct. If any of this had been wrong, we would have continued making guesses and shots in the dark. Precomputing all possible passwords would have taken much longer,” Grand commented on the story.

The experts immediately took their share for the work done, at which point the price of Bitcoin was around $38,000. Michael waited for the price to rise to $62,000 and sold part of the coins. He intends to hold the remaining 30 BTC until the price reaches $100,000.

In his view, losing the password years ago turned out to be fortunate, as he would have sold the coins earlier, losing a significant portion of his wealth.

Back in May 2023, hardware wallet manufacturer Ledger added a feature to the Nano X device for recovering access via a seed phrase backup. The community criticized the option.