American engineer Joe Grand and his friend Bruno discovered a loophole in an older version of the RoboForm password manager, enabling them to recover $3 million in BTC.

Joe Grand, a hardware hacker and engineer, along with his friend, software hacker Bruno, found a vulnerability in an old version of RoboForm password manager. This allowed them to recover millions worth of Bitcoin.

In a video published on May 28, Grand explained that in 2022, he was contacted by Michael, a European crypto owner seeking help to recover Bitcoin worth millions. Michael had lost access to his 20-character password generated by RoboForm, which was stored in a TrueCrypt-encrypted file.

Grand and Bruno spent months reverse-engineering the version of RoboForm that Michael used in 2013 to create the password for his Bitcoin wallet. They discovered that an older version of RoboForm had a flaw in how the software generated passwords, making them predictable based on the computer’s date and time. Fortunately for Michael, his password was generated before RoboForm patched the bug.

Investigative journalist Kim Zetter noted that if any of RoboForm’s current 6 million users are using passwords generated by the version prior to 2015, before the company quietly fixed the flaw, their passwords might be at risk of being cracked in the same way.

β€œIf any of RoboForm’s current 6 million users are using passwords generated by RoboForm prior to 2015, they may have passwords that can be cracked in the same way.”

Having generated millions of passwords based on the timeframe when Michael likely created his password, the duo began brute-forcing to find the correct one. After refining their approach, Grand and Bruno successfully discovered the password, created on May 15, 2013, at 4:10:40 PM GMT, unlocking Michael’s 43.6 BTC, currently worth around $3 million.

Joe Grand, founder of Grand Idea Studio, is an electrical engineer, inventor, and hardware hacker known in the crypto community for his work. He gained attention for hacking a Trezor One wallet in 2022 to help its owner recover $2 million in BTC. Known by the hacker handle β€œKingpin,” Grand continues to consult with companies to enhance their digital security.

Stay updated with the latest news in the cryptocurrency world by exploring more on Global Crypto News.

Post Views: 9