TWO YEARS AGO, when “Michael,” a cryptocurrency owner, contacted Joe Grand to assist him restore access to around $2 million worth of bitcoin saved in encrypted format on his computer, Grand declined.

Michael, who resides in Europe and wishes to remain anonymous, kept the cryptocurrency in a password-protected digital wallet. He created a password using the RoboForm password manager and saved it in a file encrypted with TrueCrypt. That file eventually became corrupted, and Michael lost access to the 20-character password he had created to secure his 43.6 BTC (worth around €4,000, or $5,300, in 2013). Michael generated the password with the RoboForm password manager but did not keep it in his manager. He was concerned that someone would hack his computer and steal the password.

“At [that] time, I was really paranoid with my security,” he says with a giggle.

Grand is a well-known hardware hacker who, in 2022, assisted another crypto wallet owner in recovering access to $2 million in cryptocurrency that he thought he had lost forever after forgetting his Trezor wallet’s PIN. Since then, scores of people have called Grand, requesting assistance in recovering their riches. However, Grand, also known as the hacker handle “Kingpin,” declines the majority of them for a variety of reasons.

READ MORE: Sam Bankman-Fried Is Sentenced To 25 Years In Prison For A Crypto Fraud Case

Grand is an electrical engineer who began hacking computing devices when he was ten years old and cohosted the Discovery Channel’s Prototype This in 2008. He now advises with organizations that create complicated digital systems to assist them understand how hardware hackers like him could undermine their systems. In 2022, he cracked the Trezor wallet using complicated hardware techniques, forcing the USB-style wallet to expose its password.

But Michael kept his cryptocurrency in a software wallet, so none of Grand’s hardware talents were applicable this time. He contemplated brute-forcing Michael’s password, which would involve building a script to mechanically guess millions of possible passwords in order to get the correct one, but decided it was not practicable. He briefly considered that Michael’s RoboForm password manager may have a problem in the way it generated passwords, allowing him to guess the password more readily. However, Grand questioned the existence of such a problem.

Michael contacted several cryptography experts, and they all informed him “there’s no chance” of reclaiming his money. But last June, he called Grand again, hoping to persuade him to help, and this time Grand decided to give it a shot, collaborating with a friend in Germany named Bruno who also hacks digital wallets.

Grand and Bruno spent months reverse engineering the version of the RoboForm program that they believed Michael had used in 2013, and discovered that the pseudo-random number generator used to generate passwords in that version—and subsequent versions until 2015—did indeed have a significant flaw that rendered the random number generator less random. The RoboForm program erred by linking the random passwords it created to the date and time on the user’s computer—it determined the computer’s date and time before generating predictable passwords. If you knew the date, time, and other criteria, you could calculate any password that would have been produced on that specific date and time in the past.

If Michael knew the day or general time frame in 2013 when he generated the password, as well as the parameters he used to generate the password (for example, the number of characters in the password, including lower- and upper-case letters, figures, and special characters), he could reduce the number of possible password guesses to manageable levels. Then they could hijack the RoboForm function, which checks the date and time on a computer, and cause it to travel back in time, believing the current date was a day in 2013, when Michael generated his password. RoboForm would then produce the identical passwords it had generated on previous days in 2013.

There was one problem: Michael couldn’t recall when he generated the password.

According to the record on his software wallet, Michael initially added bitcoin to his wallet on April 14, 2013. But he couldn’t remember whether he generated the password on the same day or sometime before or after that. So, based on the characteristics of prior passwords he made with RoboForm, Grand and Bruno set RoboForm to generate 20-character passwords containing upper- and lower-case letters, digits, and eight special characters between March 1 and April 20, 2013.

It failed to generate the proper password. So Grand and Bruno extended the time window from April 20 to June 1, 2013, using the same parameters. Still no luck.

Michael claims they kept coming back to him, asking if he was certain about the boundaries he’d set. He stuck to his first answer.

READ MORE: Crypto Scammers Hack Matthew Perry’s X Account… Solicit Donations, Too.

“They really annoyed me, because who knows what I did 10 years ago,” he says. He discovered other passwords he created with RoboForm in 2013, two of which did not include unusual characters, so Grand and Bruno adjusted. Last November, they contacted Michael to arrange an in-person encounter. “I thought, ‘Oh my God, they will ask me again for the settings.”

Instead, they disclosed that they had finally obtained the correct password, which contained no unique characters. It was produced on May 15, 2013, at 4:10:40 PM GMT.

“We were eventually fortunate that our parameters and time frame were correct. “If either of those were wrong, we would have continued to take guesses/shots in the dark,” Grand explains in an email to WIRED. “It would have taken significantly longer to precompute all the possible passwords.”

Grand and Bruno made a video to go over the technical details more thoroughly.

READ MORE: An Unreleased Film Purports To Depict The Capture And Torture Of An Ontario “Crypto King”

According to a business release, RoboForm, developed by Siber Systems in the United States, was one of the first password managers to hit the market and now has over 6 million customers worldwide. In 2015, Siber appeared to fix the RoboForm password manager. Grand and Bruno couldn’t discover any evidence that the pseudo-random number generator in the 2015 version used the computer’s time, so they believe it was deleted to remedy the vulnerability, but Grand says they’d need to look more closely to be sure.

Siber Systems verified to WIRED that version 7.9.14 of RoboForm, which was released on June 10, 2015, resolved the issue, but a spokeswoman declined to comment on how. A changelog on the company’s website merely states that Siber engineers made adjustments to “increase the randomness of generated passwords,” but it does not specify how they did so. According to Siber spokesman Simon Davis, “RoboForm 7 was discontinued in 2017.”

Grand believes that, without knowing how Siber addressed the vulnerability, attackers may still be able to regenerate passwords issued by RoboForm versions released prior to the 2015 modification. He’s also unsure whether current versions have the problem.

“I’m still not sure I would trust it without knowing how they actually improved the password generation in more recent versions,” he states. “I’m not sure if RoboForm knew how bad this particular weakness was.”

Customers may still be using passwords generated with earlier versions of the application before the patch. When Siber issued the updated version 7.9.14 in 2015, it did not appear to notify consumers that they needed to generate new passwords for essential accounts or data. The corporation did not react to a query regarding this.

If Siber did not notify customers, this would imply that everyone, including Michael, who used RoboForm to generate passwords prior to 2015 and is still using those passwords, may have insecure credentials that hackers might regenerate.

“We know that most people don’t change passwords unless they’re prompted to do so,” Grand explains. “Out of 935 passwords in my password manager (not RoboForm), 220 of them are from 2015 and earlier, and most of them are [for] sites I still use.”

Depending on how the organization addressed the issue in 2015, fresh passwords may also be vulnerable.

Last November, Grand and Bruno deducted a percentage of Michael’s bitcoins for their efforts and handed him the password to access the rest. Bitcoin was worth $38,000 per coin at the time. Michael waited until it soared to $62,000 per coin before selling some of it. He currently has 30 BTC, which is worth $3 million, and is waiting for the price to rise to $100,000 per coin.

Michael believes he was fortunate to lose the password years ago because otherwise he would have sold the bitcoin when it was worth $40,000 a coin, missing out on a larger profit.

“That I lost the password was financially a good thing.”