Scan to download
Home
Article
Flash
Token Unlock
Hot Projects
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools

Eleven years ago, my brother bought dozens of bitcoins, and after losing the password, a hacker went through great efforts to help retrieve them

Recommended Reading
2024-10-30 21:32:56
Collection
"20 random passwords?! Forget about your Bitcoin, they will never be recovered."

Author: International Student Uncle

In 2022, a man named Michael in Spain was troubled by a dilemma.

As early as 2013, he purchased Bitcoin, which was not yet popular at the time, for a total price of $5,300, acquiring a total of 43 coins.

He then stored these coins in an electronic wallet and, to prevent theft, generated a long random password of 20 characters using a password software.

Michael was worried that saving this password with the same software was not secure enough; if it were decrypted by hackers or if his computer were lost, they could easily find the password and access his Bitcoin.

So, he cleverly pasted this long password into a document, disguising its purpose. He also set a password for this document and encrypted it.

After layers of encryption, Michael believed he had an unbreakable password for his Bitcoin account, just waiting for the price of Bitcoin to rise so he could cash out.

Unexpectedly, Michael ultimately fell victim to his own actions—his encrypted document containing the password inexplicably became corrupted and was completely inaccessible, making it impossible to retrieve the long 20-character password.

At the same time, he watched helplessly as the value of Bitcoin soared from $123 per coin to over $30,000 per coin.

"I have this wealth, I can see it, but I can't use it because I don't have the password."

Over the years, Michael sought help from various password recovery experts to see if anyone could help him retrieve the randomly generated password from the software.

But countless cybersecurity experts told Michael: A 20-character random password?! Forget about your Bitcoin; it can never be recovered.

Upon hearing this bad news, Michael thought he would never be able to access this enormous wealth in his lifetime.

Until the year 2022, he learned about an American hacker named Joe Grand online, and then Michael sought Joe's help.

Joe is a world-renowned hardware hacker, an electrical engineer, and an inventor, with a hacking history dating back to when he was 10 years old.

He is recognized by the mainstream and provides consulting to system developers on how to defend against hackers like himself…

Joe also had experience helping two strangers recover lost cryptocurrency passwords.

Once, a person lost a USB drive containing the password in a lake, and after divers retrieved it, Joe used a series of physical methods to restore the USB drive's functionality, allowing the person to find the stored password as if they had never lost the USB drive.

On another occasion, there was a password decryption case where a family member unexpectedly passed away, and before dying, he mentioned that the Bitcoin password might be related to their grandmother's name. Joe helped search based on this clue using a "brute force" method, trying millions of combinations one by one…

In 2022, Michael contacted Joe online, but Joe did not agree to help as he had before.

The reason was simple: Joe was a hardware hacker and was not skilled in dealing with software-generated random passwords.

At the same time, helping someone recover a cryptocurrency password was not his specialty or interest, regardless of the price offered.

So, Joe flatly rejected Michael's request that year.

However, last summer, when Michael reached out to Joe in despair again, Joe agreed to give it a try.

This time, it was not because Joe had softened his heart, but because his German partner, a young software hacker, suggested they might have a chance to recover Michael's lost password.

The young hacker's name was Bruno, a German specializing in software vulnerabilities, and like Joe, Bruno had shown great interest in finding security loopholes in systems and software since childhood.

Bruno often received requests from people seeking help with lost cryptocurrency passwords, but this was the first time he encountered a situation like Michael's.

He suggested to Joe that they might have a chance to take a gamble, and both genius hackers were incredibly interested in this challenging yet slim opportunity.

Joe flew to Europe to meet with Bruno and Michael.

Michael had generated that random password using software called "RoboForm," one of the earliest random password generators in the world, which is still in use today.

Joe and Bruno tested the software and found that it could generate completely different passwords at any given moment.

For the two of them, finding Joe's random password from that time was like searching for a needle in a haystack:

"If we have to try all possible password combinations, that would be equivalent to a trillion times the number of water droplets in the world.

If we imagine a password as a droplet of water, we would find that it could be flowing at the bottom of a river, it could fall from the sky, or it could be in any ocean anywhere in the world.

If we could somehow reduce this situation, we could turn this insurmountable problem into something we could succeed at."

After understanding how RoboForm worked, they began to look for clues along the timeline to narrow down the search range.

They quickly noticed that in the version release timeline of the software, the update notes for the 2015 version were somewhat suspicious:

"We increased the randomness of password generation."

This statement raised suspicion for both genius hackers: Increased randomness??

Did this imply that the passwords generated by versions prior to 2015 were not as random??

Joe and Bruno, being computer hardware and software geniuses, also knew that generating a string of "completely random" numbers continuously was "very, very difficult," and many random numbers often had associations with some reference parameters:

"If we could manipulate this 'randomness,' we might be able to get a predictable output that could be used to attempt to crack Michael's wallet password."

But now it was 2023; how could they go back to the time when Michael created the password ten years ago and make the software mimic Michael's actions back then?

At this point, their expertise became evident: they reverse-engineered the software, not only reverting it to the 2013 version but also manipulating the system data to make the software believe it was executing a command from a 2013 user:

"We can deceive the system into thinking we are still within the time window when Michael generated the password in 2013."

Using a "time machine" to go back ten years, they also used a software tool that the NSA was using to try to understand the patterns of past password generation:

"This software is like a Russian nesting doll. Our goal is the little doll in the middle that generates the password."

Through calculations and tests, they were pleasantly surprised to discover that the random password generation from back then indeed had a pattern, and that pattern was the system time!

It turned out that the software from 2013 generated a strictly time-linked "pseudo-random password" based on the time the user created the password, with each password directly associated with the creation time.

Obtaining this crucial clue that the password was related to the time Michael created it excited both Joe and Bruno.

This meant that their search range could be greatly narrowed; as long as they knew the day and approximate time when Michael created the random password, they could calculate a limited number of passwords and try them one by one.

However, Michael couldn't remember exactly which month and day he opened the software to generate the Bitcoin password ten years ago…

Joe and Bruno did not lose heart and patiently continued their investigation.

They found out the time when Michael deposited Bitcoin into his electronic wallet: April 2013.

Logically, Michael should have created the random password within a few months before this date. So, Joe and Bruno set the search time from March to the end of April that year.

They discussed and calculated all night, waiting for the computer to run the results, but the outcome disappointed them: none of the results could unlock Michael's Bitcoin account.

In desperation, the two contacted Michael again, asking him to recall the exact date more carefully.

But Michael was also confused, after all, who could remember such details from ten years ago?

However, this time Bruno asked Michael to send him several other passwords he had created using the same software back then. Joe and Bruno hoped to find some clues from the other passwords created by Michael using the same software.

They discovered that Michael's other two passwords did not contain any special characters (like ¥……\& and similar).

The presence of special characters in the random password could be set by the user, so Joe and Bruno, holding onto a glimmer of hope, removed the option for special characters from the search range and extended the search time to June 1, 2013.

And one ordinary morning, Bruno's computer suddenly displayed a specific string of characters composed of numbers and letters:

A unique result popped up on the computer screen!

This result was something even software expert Bruno did not expect; there was actually a unique result!

Ecstatic Bruno

The result showed that Michael clicked to create this password on May 15, 2013, at 4:10:40 PM…

In November last year, Joe and Bruno initially kept this astonishing news from Michael. They customized a huge foam board that read "Awarding Michael $1.6 million" and successfully shipped it to Barcelona by plane.

Then, while Michael was on camera recounting how he lost this enormous wealth, Joe and Bruno suddenly appeared in front of him, informing him of this good news with a medal!

All three were overjoyed.

After five months of effort, Joe and Bruno truly turned what was previously impossible into a 100% success!

In return, Joe and Bruno received a specific percentage of Bitcoin from Michael's account after successfully cracking the password (they had agreed with Michael beforehand that they would only collect fees after successfully decrypting).

By November last year, Michael's Bitcoin had risen from $5,300 ten years ago to $1.6 million.

Joe and Bruno turned the entire story into a short and exquisite documentary, and by May of this year, when the documentary aired, this $1.6 million had risen to $3 million…

At the end of last year, Michael sold some coins and shared some with his benefactors, keeping 30 coins for himself.

He plans to sell the remaining coins when Bitcoin reaches $100,000 per coin.

In the end, Michael not only thanked Joe and Bruno but also reflected on his past "cleverness leading to his own downfall":

"If I hadn't lost the password, I might not have waited ten years; I could have sold it long ago."

What can I say, if it weren't for the dedicated help of these two genius hackers, combined with the software having significant system vulnerabilities in past versions, Michael's password would have long been lost to the Pacific Ocean.

Hopefully, he will learn a lesson…

Related tags
Bitcoin hacker cryptocurrency RoboForm Spain Michael
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
Recommended Reading

Recommended Reading

Vitalik talks to Chinese developers: Extreme idealism and casinos are both unhealthy
Vitalik talks to Chinese developers: Extreme idealism and casinos are both unhealthy
Web3 Lawyer Interpretation: From Regulatory Framework to Market Implications, How is Hong Kong Doing It?
Web3 Lawyer Interpretation: From Regulatory Framework to Market Implications, How is Hong Kong Doing It?
Related tags
Bitcoin hacker cryptocurrency RoboForm Spain Michael
Related reading
Former TON Foundation executives will bring trustless crypto asset management to Telegram
Former TON Foundation executives will bring trustless crypto asset management to Telegram
Arthur Hayes: The narrative of stablecoins is hot, IPOs may be a "dead end," but I advise you not to short
Arthur Hayes: The narrative of stablecoins is hot, IPOs may be a "dead end," but I advise you not to short
CICC: The Potential Impact of Stablecoins on the Financial System
CICC: The Potential Impact of Stablecoins on the Financial System
SignalPlus Macro Analysis Special Edition: Opening Salvo
SignalPlus Macro Analysis Special Edition: Opening Salvo
Copyright © 2023
About Us
Media Kit
Apply for a column
Disclaimer
RSS LINK
Recruitment
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
ChainCatcher Building the Web3 world with innovators
Open the app