My brother bought dozens of bitcoins 11 years ago, and after losing the password, hackers worked hard to help him retrieve them
Author: International Student Uncle
In 2022, a man named Michael in Spain was troubled by a dilemma.
As early as 2013, he purchased Bitcoin, which was not yet popular at that time, for a total price of $5,300, acquiring 43 coins in total.
He then stored these coins in an electronic wallet and, to prevent theft, generated a long random password of 20 characters using a password software.
Michael was worried that saving this password with the same software was not secure enough. If it were decrypted by hackers or if his computer was lost, they could easily find the password and access his Bitcoin.
So, he cleverly pasted this long password into a document, making it hard for anyone to guess its purpose. He also set a password for this document and encrypted it.
After layers of encryption, Michael believed he had an unbreakable password for his Bitcoin account and just needed to wait for the price of Bitcoin to rise so he could cash out.
Unexpectedly, Michael ultimately fell victim to his own actions—his encrypted document containing the password inexplicably became corrupted and was completely inaccessible, making it impossible to retrieve the long 20-character password.
At the same time, he watched helplessly as the value of Bitcoin soared from $123 per coin to over $30,000 per coin.
"I have this wealth, I can see it, but I can't use it because I don't have the password."
Over the years, Michael searched for various password recovery experts to see if anyone could help him retrieve the randomly generated password from the software.
But countless cybersecurity experts told Michael: A 20-character random password?! Forget about your Bitcoin; it can never be recovered.
Upon hearing this bad news, Michael thought he would never be able to access this enormous wealth in his lifetime.
Until the year 2022, he learned about an American hacker named Joe Grand online, and then Michael sought Joe's help.
Joe is a world-renowned hardware hacker, as well as an electrical engineer and inventor, with a hacking history dating back to when he was 10 years old.
He is recognized by the mainstream and provides consulting for system developers on how to defend against hackers like himself…
Joe also had experience helping two strangers recover lost cryptocurrency passwords.
Once, someone accidentally dropped a USB drive containing the password into a lake, and after divers retrieved it, Joe used a series of physical methods to restore the USB drive's functionality, allowing the person to find the stored password as if they had never lost the USB drive.
On another occasion, there was a password decryption case where a family member had passed away unexpectedly. Before passing, he mentioned that the Bitcoin password might be related to their grandmother's name, so Joe helped search based on this clue using a "brute force" method, trying millions of combinations one by one…
In 2022, Michael contacted Joe online, but Joe did not agree to help as he had before.
The reason was simple: Joe was a hardware hacker and was not skilled in dealing with software-generated random passwords.
Moreover, helping someone recover cryptocurrency passwords was not his specialty or interest, regardless of the high price offered.
Thus, Joe flatly rejected Michael's request that year.
However, last summer, when Michael reached out to Joe in despair again, Joe agreed to give it a try.
This time, it wasn't because Joe had softened; rather, his German partner, a young software hacker, suggested that they had a certain chance of recovering Michael's lost password.
This young hacker was named Bruno, a German specializing in software vulnerabilities, and like Joe, Bruno had shown great interest in finding security flaws in systems and software since childhood.
Bruno often received requests for help from people troubled by lost cryptocurrency passwords, but he had never encountered a situation like Michael's.
He suggested to Joe that they might have a chance to take a gamble, and both genius hackers were incredibly interested in this challenging yet potentially promising project.
Joe flew to Europe to meet up with Bruno and Michael.
Michael had generated that random password using software called "RoboForm," one of the earliest random password generators in the world, which is still in use today.
Joe and Bruno tested the software and found that it could generate completely different passwords at any given moment.
For the two of them, finding Joe's random password from back then was like searching for a needle in a haystack:
"If we have to try all possible password combinations, that would be equivalent to a trillion times the number of water droplets in the world.
If we imagine a password as a droplet of water, we would find it might be flowing at the bottom of a river, it might fall from the sky, or it might be in any ocean around the world.
If we could somehow reduce this situation, we could turn this insurmountable problem into something we could succeed at."
After understanding how RoboForm worked, they began looking for clues along the timeline to narrow down the search range.
They quickly noticed that the update notes for the 2015 version of the software were somewhat suspicious:
"We increased the randomness of password generation."
This statement raised suspicion in both genius hackers: Increased randomness??
Does this mean that the passwords generated by versions before 2015 were not as random??
As computer hardware and software geniuses, Joe and Bruno also knew that it is "very, very difficult" for computers to continuously generate a string of "completely random" numbers, as many random numbers often have associations with some reference parameters:
"If we could manipulate this 'randomness,' we might be able to get a predictable output that could be used to attempt to crack Michael's wallet password."
But now it was 2023; how could they return to the time when Michael created the password ten years ago and make the software mimic Michael's actions back then?
At this point, their expertise became evident: they reverse-engineered the software, not only reverting it to the 2013 version but also manipulating the system data to make the software believe it was executing a command from a 2013 user:
"We can deceive the system into thinking we are still generating passwords within the time window when Michael created them."
Riding the "time machine" back to around ten years ago, they used a software tool also used by the NSA to try to understand the patterns of past password generation:
"This software is like a Russian nesting doll. Our goal is the little doll in the middle that generates the password."
Through calculations and tests, they were pleasantly surprised to discover that the random password generation from back then indeed had a pattern, and that pattern was the system time!
It turned out that the software in 2013 generated a "pseudo-random password" strictly linked to the time the user created the password, with each moment's password directly associated with the creation time.
Having obtained this crucial clue that the password was related to the time Michael created it, both Joe and Bruno were excited.
This meant that their search range could be greatly narrowed; as long as they knew the day and approximate time Michael created the random password, they could calculate a limited number of passwords and try them one by one.
However, Michael could not remember the exact date he opened the software to generate the Bitcoin password ten years ago…
Joe and Bruno did not lose heart and patiently continued their investigation.
They found out the time Michael stored the Bitcoin in the electronic wallet: April 2013.
Logically, Michael should have created the random password within a few months before or after this date. Therefore, Joe and Bruno set the search time from March to the end of April of that year.
They discussed and calculated all night, waiting for the computer to run the results, but the outcome disappointed them: not a single result could unlock Michael's Bitcoin account.
In desperation, the two contacted Michael again, asking him to recall the exact date more carefully.
But Michael was also confused, after all, who could remember such details from ten years ago?
However, this time Bruno asked Michael to send him several other passwords he had created using the same software back then. Joe and Bruno hoped to find some clues from the other passwords created by Michael using the same software.
They discovered that Michael's other two passwords did not contain any special characters (like ¥……\& and similar).
Whether special characters appeared in the random password could be set by the user, so Joe and Bruno, holding onto a glimmer of hope, removed the option for special characters from the search range and extended the search time to June 1, 2013.
And one ordinary early morning, Bruno's computer suddenly displayed a specific string of characters composed of numbers and letters:
A unique result popped up on the computer screen!
This result was something even software expert Bruno did not expect; there was actually a unique result!
Bruno was overjoyed.
The result showed that Michael clicked to create this password on May 15, 2013, at 4:10:40 PM…
In November of last year, Joe and Bruno initially kept this astonishing news from Michael. They customized a huge foam board inscribed with a $1.6 million award for Michael and successfully shipped this board to Barcelona by plane.
Then, while Michael was in front of the camera recounting how he lost this enormous wealth, Joe and Bruno suddenly appeared before him, informing him of this good news with a medal!
All three were overjoyed.
After five months of effort, Joe and Bruno truly turned what was previously impossible into a 100% success!
In return, Joe and Bruno received a specific percentage of Bitcoin from Michael's account after successfully cracking the password (they had agreed with Michael beforehand that they would only collect fees after successfully decrypting the password).
By November of last year, Michael's Bitcoin had risen from $5,300 ten years ago to $1.6 million.
Joe and Bruno turned the entire story into a short and exquisite documentary, and by May of this year, when the documentary aired, this $1.6 million had risen to $3 million…
At the end of last year, Michael sold some coins and shared some with his benefactors, keeping 30 coins for himself.
He plans to sell the remaining coins when Bitcoin reaches $100,000 per coin.
In the end, Michael not only thanked Joe and Bruno but also reflected on his own "cleverness backfiring":
"If I hadn't lost the password, I might not have waited ten years; I could have sold it long ago."
How to put it, if it weren't for the dedicated help of these two genius hackers, combined with the software having a significant system vulnerability in past versions, Michael's password would have long been lost to the Pacific Ocean.
Hopefully, he can learn from this experience…