CyberSecurityBoard
Sponsor Register Login

Researchers crack 11-year-old password, recover $3 million in bitcoin

Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet.
He generated a password using the RoboForm password manager and stored that password in a file encrypted with a tool called TrueCrypt.
At some point, that file got corrupted, and Michael lost access to the 20-character password he had generated to secure his 43.6 BTC. Michael used the RoboForm password manager to generate the password but did not store it in his manager.
He worried that someone would hack his computer and obtain the password.
Grand is a famed hardware hacker who in 2022 helped another crypto wallet owner recover access to $2 million in cryptocurrency he thought he'd lost forever after forgetting the PIN to his Trezor wallet.
Dozens of people have contacted Grand to help them recover their treasure.
Grand is an electrical engineer who began hacking computing hardware at age 10 and in 2008 cohosted the Discovery Channel's Prototype This show.
He now consults with companies that build complex digital systems to help them understand how hardware hackers like him might subvert their systems.
He cracked the Trezor wallet in 2022 using complex hardware techniques that forced the USB-style wallet to reveal its password.
Michael stored his cryptocurrency in a software-based wallet, which meant none of Grand's hardware skills were relevant this time.
He considered brute-forcing Michael's password-writing a script to automatically guess millions of possible passwords to find the correct one-but determined this wasn't feasible.
He briefly considered that the RoboForm password manager Michael used to generate his password might have a flaw in the way it generated passwords, which would allow him to guess the password more easily.
Last June he approached Grand again, hoping to convince him to help, and this time Grand agreed to give it a try, working with a friend named Bruno in Germany who also hacks digital wallets.


This Cyber News was published on packetstormsecurity.com. Publication date: Thu, 30 May 2024 14:13:05 +0000


Cyber News related to Researchers crack 11-year-old password, recover $3 million in bitcoin

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto - Y is the author of a book I can very greatly recommend, with the fascinating title Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. As I dug into this cypherpunk world, around 2010 and 2011, I came upon this thing that ...
1 year ago Nakedsecurity.sophos.com
Crypto Enthusiasts Embrace New Frontier: Investing in Bitcoin ETFs Explained - This was the first time the Securities and Exchange Commission approved an exchange-traded fund that contained bitcoin, but the Commission stressed that its decision does not mean it endorses or approves Bitcoin, but that it remains deeply sceptical ...
11 months ago Cysecurity.news
The United States is Monitoring Vulnerabilities in Bitcoin - The United States has shown a keen interest in the cybersecurity aspects of Bitcoin, particularly honing in on a vulnerability associated with the Ordinals Protocol in 2022. The National Vulnerability Database, overseen by the National Institute of ...
1 year ago Cysecurity.news
Here's Some Bitcoin: Oh, and You've Been Served! - The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction - such as a link to a civil claim filed in federal court - as reasonably likely to provide notice of the lawsuit to the ...
11 months ago Krebsonsecurity.com
Misconfigured Firebase Instances Expose 125 Million User Records - Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple ...
9 months ago Securityweek.com
How long does it take to crack a password in 2024? - With AI entering the game, the time to brute force passwords has been reduced significantly already and continues to be reduced. ADVERTISEMENT. Password guidelines and rules have not changed all that much for users in the past ten or so years, ...
7 months ago Ghacks.net
Password Advice for the Rest of Us - Cisco Blogs - The key function you’re wanting out of a password manager is the ability to create passwords that are at least twenty (20) characters long, with all the typical mix of letters, numbers and symbols, as well as the ability to create a unique password ...
2 months ago Feedpress.me
Researchers crack 11-year-old password, recover $3 million in bitcoin - Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet. He generated a password using the RoboForm password manager and stored that password in a file encrypted with a tool ...
6 months ago Packetstormsecurity.com
Navigating the Paradox: Bitcoin's Self-Custody and the Privacy Challenge - Self-custody in Bitcoin refers to individuals holding and controlling their private keys, which in turn control their bitcoin. This concept is akin to securing physical gold in a personal safe rather than relying on a bank or third-party custodian. ...
11 months ago Cysecurity.news
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
6 months ago Cyberdefensemagazine.com
CVE-2024-38365 - The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients ...
2 months ago Tenable.com
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
1 year ago Packetstormsecurity.com
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
1 year ago Bleepingcomputer.com
LastPass breach linked to theft of $4.4 million in crypto - Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. The news comes ...
1 year ago Bleepingcomputer.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
1 year ago Darkreading.com
SEC Approves Bitcoin ETFs, Crypto Industry Rejoices - The US securities regulator has officially approved the first US-listed exchange traded funds to track bitcoin, in what is being labelled a watershed moment for the world's largest cryptocurrency, as well as the broader crypto industry. Earlier this ...
11 months ago Silicon.co.uk
More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
1 year ago Therecord.media
El Salvador to Offer Citizenship for a $1 Million Bitcoin 'Investment' - Last week, the El Salvador government, along with the stablecoin company Tether, joined in an initiative called 'Adopting El Salvador Freedom,' which will enable foreigners to obtain a Salvadoran passport in exchange for a million dollars in Bitcoin. ...
1 year ago Cysecurity.news
Bitcoin Core Flaw Raises Concerns Regarding Blockchain Integrity - The blockchain's defence against spam may have a weakness, as this discovery has sparked concerns in the cryptocurrency community. According to Dashjr, Dashjr, Bitcoin Core users have been able to set limits on extra data in transactions using the ...
1 year ago Cysecurity.news
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
1 year ago Bleepingcomputer.com
Google Researchers' Attack Prompts ChatGPT to Reveal Its Training Data - A team of researchers primarily from Google's DeepMind systematically convinced ChatGPT to reveal snippets of the data it was trained on using a new type of attack prompt which asked a production model of the chatbot to repeat specific words forever. ...
1 year ago 404media.co
Poking holes in Google products bagged bug hunters $10M The Register - Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. The web goliath's 2023 total represents a slight dip compared to the $12 million in bounties it paid the previous year. Hopefully this means ...
9 months ago Go.theregister.com
Google Paid Out $10 Million via Bug Bounty Programs in 2023 - Google on Tuesday announced that it paid out a total of $10 million through its bug bounty programs in 2023, bringing the total amount awarded by the tech giant for vulnerabilities found in its products since 2010 to $59 million. The total paid out ...
9 months ago Securityweek.com
Dark Web Hitman Paid with BTC to Murder Teen Victim - The 31-year-old man paid $20,000 to a supposed murder-for-hire website on the dark web, which turned out to be a scam. A resident of Haddonfield, New Jersey, John Michael Musbach pleaded guilty before U.S. District Judge Joseph H. Rodriguez for ...
1 year ago Hackread.com
Raspberry Robin devs are buying exploits for faster attacks The Register - Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to ...
10 months ago Go.theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)