Researchers cracked open $1.6 million Bitcoin wallet after 20-character password was lost — well worth the six months of effort

Cryptocurrency
(Image credit: Shutterstock)

Hardware hacker Joe Grand, also known as Kingpin, along with a partner from Germany, successfully cracked into a 10-year-old crypto wallet by utilizing a flaw in the password manager RoboForm, as requested by the wallet's owner. Since losing access to his wallet in 2013, the owner finally has access to his 43.6 Bitcoins, now worth over $3 million. 

Joe Grand, or Kingpin — not to be confused with EVGA legend Kingpin — was first requested to break into this Bitcoin wallet by Michael (last name unknown per Wired)  in 2022 after Grand went viral for breaking into another wallet. Grand turned down this first request; Kingpin's skills are in the world of hardware hacking, so his initial break into a hardware wallet was a far cry from Michael's request for help with his software wallet. But the second time the call was issued in 2023, Grand had the help of his friend Bruno, a software hacker, and got to work.

Kingpin's greatest takeaway from the months-long ordeal is the potential danger behind old passwords made with RoboForm. Any password generated before RoboForm version 7.9.14, released in 2015, is vulnerable to the same exploit and should be replaced immediately. "We know that most people don't change passwords unless they're prompted to do so," said Grand. "I'm still not sure I would trust [RoboForm] without knowing how they actually improved the password generation in more recent versions."

Sunny Grimm
Contributing Writer

Sunny Grimm is a contributing writer for Tom's Hardware. He has been building and breaking computers since 2017, serving as the resident youngster at Tom's. From APUs to RGB, Sunny has a handle on all the latest tech news.