There's nothing worse than forgetting your password, but in 2024, you can't just have 'password' as your password.
We've all been there, facing the 'forgot your password' window and inputting a new one, only to be told you can't use one that you previously have.
Then, it's a case of coming up with a brand-new one, 12 letters long, must contain capital letter, must contain a special character, must be written in runes...with at least one reference of morse code.
Advert
While forgetting your password is stressful enough, imagine forgetting your password and losing $3 million at the same time?
Well, this actually happened to one man, who had his Bitcoin fortune lost behind a forgotten password for 11 years.
Thankfully, not all hackers are trying to steal our personal information and financials, meaning hackers came to the rescue to get back this man's fortune.
Advert
In this strange tale of cybersecurity, one anonymous person got in touch with electrical engineer Joe Grand, who is better known by his alias of 'Kingpin'.
Grand has a particular set of skills, and with the anonymous person asking for help getting into an encrypted file holding 43.6 BTC, the hacker rose to the challenge.
The owner had previously tried to protect his Bitcoin wallet by using a random password generator called RoboForm.
Unfortunately, the system worked too well and he lost his password...for 11 years.
Advert
With this Bitcoin fortune sitting untouched, the owner was worried that someone would hack his computer and scoop up his cryptocurrency, so he turned to Kingpin for help.
When the owner first invested in his Bitcoin, it was worth between $3,000 and $4,000, but with prices soaring by 20,000% since, it's now worth in the region of $3 million.
In a video posted to YouTube, Grand explains how he used a tool created by the US National Security Agency (NSA) and disassembled the RoboForm generator’s code: "In a perfect world, when you generate a password with a password generator, you expect to get a unique, random output each time that no one else has. [But] in this version of RoboForm, it was not the case."
Advert
Not everyone can be as lucky, though, and writing in an email to Wired, Grand said: "We ultimately got lucky that our parameters and time range was right. If either of those were wrong, we would have [...] continued to take guesses/shots in the dark."
Even though RoboForm's passwords are supposed to be randomly generated, they actually aren't.
By tricking RoboForm into thinking it was 2013 again, Grand was able to generate the same password as back then.
After a few failed attempts, the password was generated, and working with a colleague, Grand was able to create millions of potential passwords.
Advert
Then, it was a not-so-simple case of crackng the code.
Grand has a history with these kind of cases, and in 2022, helped someone recover $2 million in crypto.
Like a crypto Indiana Jones, Kingpin is the guy you need to to turn to if you want to get your money back.