<p>Two researchers helped a man find the lost password to his cryptocurrency wallet containing 43.6 BTC, valued at nearly $2.96 million at currency prices.</p>
<p>One of the researchers, Joe Grand, is a hardware hacker who had previously unearthed lost bitcoin held in a <a href="https://www.theblock.co/learn/245703/what-is-a-hardware-wallet-and-how-to-safely-use-one">Trezor</a> wallet. Grand explains in a <a href="https://www.youtube.com/watch?v=o5IySpAkThg">video</a> that he and his friend exploited a long-fixed vulnerability in the password generator RoboForm, which had been used to create the wallet's password to access the wallet. </p>
<p>An anonymous man, dubbed Michael, had set up a cryptocurrency wallet sometime in 2013 and then used RoboForm to create its unique password. Michael held the password in an encrypted file, opting not to store it with RoboForm due to security concerns. </p>
<p>However, when the encrypted file became corrupted, Michael no longer had the 20-character <a href="https://www.theblock.co/learn/271537/how-do-popular-cryptocurrency-wallets-metamask-rabby-work">password</a> needed to access the 43.6 BTC in the wallet. </p>
<p>In 2022, Michael contacted Grand for help. Grand tapped a friend named Bruno to assist with cracking RoboForm's software.</p>
<p>They discovered that RoboFarm had a vulnerability in RoboForm's supposed "random number" generator. The generator connected a password to the specific date and time on the user's computer when the password was created. This issue was fixed in 2015, but the bug should have affected passwords created before then. </p>
<p>Though Michael didn't exactly remember when he had created his password, the researchers noted that he moved bitcoin into his wallet on April 13, 2013. Using specific time parameters, they tested numerous passwords until they found the correct one, which had been created on May 15, 2013.</p>
<p>A portion of Michael's bitcoin went to Grand and Bruno. Michael sold off another small lot so he now owns 30 BTC, worth around $2 million. Michael told <a href="https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/">Wired</a> that he intends to hold his bitcoin until a single token is valued at $100,000. </p>
<p>He added that he was glad he lost access to his <a href="https://www.theblock.co/learn/286315/how-to-safely-store-bitcoin-ethereum-and-other-cryptocurrencies">wallet</a> as holding onto his tokens for longer allowed them to appreciate over time. </p>
<p>Bitcoin traded at $67,840, falling 3.26% in the past day, as of 1:21 p.m. ET (17:21 UTC) on May 28, according to The Block <a href="https://www.theblock.co/price/248348/bitcoin-btc-usd">Prices</a>. </p>