Randomly guessing a long Bitcoin wallet password is as unlikely as winning the Powerball 100 times in a row. But there are some do-good hackers who’ve made a living doing exactly that.
Two years ago, “Michael” contacted a team of white hat hackers with a near-impossible request.
Could they help him brute-force attack the lost password to his decade-old Bitcoin wallet, which now holds the equivalent of $3 million in Bitcoin?
The catch? Michael’s lost password is 20 characters long, and he has no clue what it could be because he used a password generator.
“Nobody would take on a brute-forcing project of this scale,” says Grand. (YouTube)
The task was so monumental that Offspec.io co-founder, lead hacker and YouTuber Joe Grand turned down the job.
“If we had to try every possible password combination, that’s more than 100 trillion times the number of water drops in the entire world,” explained Grand in a YouTube video about the case.
But in a stroke of luck a year later, Grand and his team stumbled across a way to significantly trim the odds.
It turns out that Michael’s password generator, RoboForm, had a long-since patched vulnerability at the time, where it relied too much on the computer’s system time to generate “random” passwords — meaning the passwords weren’t so random after all.
After reverse engineering the algorithm and plugging in every potential possibility over a seven-week period (that’s millions upon millions of guesses), Grand and his team finally cracked the wallet, ending with one very thrilled Bitcoin hodler.
What the RoboForm password generator looks like today. (RoboForm)
“It was a good one. It definitely was,” Grand tells Magazine. However, not every case has a happy ending. Some of the recovered wallets have turned out to be almost empty.
“It’s not a business for the faint of heart. I would say its not really a business for…
..
