A hacker explains the method he used to help a person who forgot the password to a wallet that holds 470 million yen worth of bitcoin
Bitcoin and other virtual currencies are generally stored in wallets that are heavily protected by passwords and private keys, but if you forget your password, you will not be able to withdraw your virtual currency from the wallet.
I hacked time to recover $3 million from a Bitcoin software wallet - YouTube
Researchers cracked an 11-year-old password to a $3M crypto wallet | Hacker News
https://news.ycombinator.com/item?id=40503925
In 2013, Michael, who lives in Europe, stored 43.6 BTC (equivalent to approximately 470 million yen at the time of writing) in a digital wallet. To store his Bitcoin, Michael used a password manager to generate a 20-character password. He saved the password as a text file and encrypted the file with TrueCrypt .
However, the corruption of the encrypted files meant that Michael could no longer access the password to access the digital wallet that holds his bitcoins. 'I was worried that someone would hack into my computer and obtain the password,' he said.
So Michael asked Grand, who has been active as a hardware hacker since he was 10 years old, is a member of the well-known hacker group L0pht, and has explained a certain vulnerability to the Senate in 1998, to decrypt the password. Grand has previously hacked into the hardware wallets of users who had forgotten their PINs and successfully extracted $2 million (about 310 million yen) worth of virtual currency.
What method did a hacker take for a person who forgot the PIN code for a hardware wallet containing more than 200 million yen in virtual currency? - GIGAZINE
Grand initially declined Michael's request because the cryptocurrency was stored in a software-based digital wallet, rather than a hardware-based one that is easier to hack, but he suspected there was a flaw in the way password managers generate passwords, so he and fellow hacker Bruno accepted Michael's request.
Grand and his team restored the password manager used by Michael to the version from 2013 that is said to have generated the password. Their investigation revealed that the passwords generated were predictable and tied to the date and time of the user's computer. Therefore, if the date, time, and other parameters such as special characters are known, it is possible to calculate any password generated at a specific date and time in the past.
However, a problem was discovered: 'Michael could not remember when he generated his password in 2013.' When the digital wallet logs were checked, it was revealed that Michael had moved bitcoin to the wallet for the first time on April 14, 2013.
So Grand and his team used historical data to set up the password manager to generate 20-character passwords containing uppercase letters, lowercase letters, numbers, and eight special characters between March 1 and April 20, 2013. However, they were unable to access the digital wallet using the generated passwords.
Grand and his team also used the same parameters to generate passwords between April 20 and June 1, 2013. They were still unable to identify the password used by Michael.
'Grand and his team came to me multiple times and asked me if any of these passwords looked familiar,' Michael said. 'I don't even remember when I generated the passwords, more than a decade ago. I was really annoyed with Grand and his team.'
Nevertheless, Grand and his colleagues discovered that some of the passwords generated in 2013 did not contain special characters, and so they continued to generate passwords without special characters based on this parameter.
Grand and his team's hard work paid off, and they eventually identified the password generated at 4:10:40 pm on May 15, 2013 as the password generated by Michael.
'It took a fair amount of time, but the appropriate parameters we used and the time range we specified led to us identifying this password,' Grand said.
By the way, Michael reportedly paid Grand and others a portion of his Bitcoin as compensation.
Related Posts:
