
Brother lost password to dozens of bitcoins bought 11 years ago, hacker goes to great lengths to help recover them
TechFlow Selected TechFlow Selected

Brother lost password to dozens of bitcoins bought 11 years ago, hacker goes to great lengths to help recover them
The process was just too twisty...
By Uncle Overseas Student
In 2022, a man named Michael from Spain was troubled by a problem.
Back in 2013, he purchased 43 bitcoins—before they became wildly popular—for a total of $5,300.
He then stored these coins in a digital wallet. To prevent theft, he used a password generator software to create a randomly generated 20-digit password.
Michael worried that storing the password using the same software wouldn’t be secure enough—if hackers cracked it or his computer was lost, someone could easily trace and retrieve his Bitcoin.
So, thinking himself clever, he pasted this long password into a separate document disguised so no one could guess its purpose. He also set a password on this document, encrypting it further.
With these layers of encryption, Michael believed he had created an unbreakable Bitcoin account password, waiting only for Bitcoin’s price to rise so he could cash out.
But unexpectedly, Michael ultimately fell victim to his own precautions—the encrypted document containing his password suddenly became corrupted, rendering it impossible to open or extract the 20-digit password.
Meanwhile, he watched helplessly as Bitcoin's value surged from $123 per coin to over $30,000 per coin.
"I have this wealth. I can see it. But I can't access it—because I don’t have the password."
For years, Michael sought out various password recovery experts, hoping someone could help him recover the random password generated by the software back then.
But countless cybersecurity experts told Michael: "A 20-digit random password? Forget about your Bitcoin. It’s gone forever."
Hearing this news repeatedly, Michael once believed he would never reclaim this fortune during his lifetime.
Then in 2022, through the internet, he learned of an American hacker named Joe Grand—and reached out to him for help.
Joe is a world-renowned hardware hacker, electrical engineer, and inventor whose hacking journey began at age 10.
He is widely recognized and even consults for system developers on how to defend against hackers like himself...
Joe had also previously helped two strangers recover lost cryptocurrency passwords.
One time, someone dropped their password-storing USB drive into a lake. After divers retrieved it, Joe restored its functionality through physical methods, allowing the owner to access the password just as if it had never been lost.
The other case involved password cracking: a young man in a family passed away unexpectedly, having mentioned before his death that the Bitcoin password might be related to their grandmother’s name. Joe assisted them by conducting a “brute-force search,” systematically trying millions of possible combinations based on that clue...
In 2022, Michael contacted Joe online—but Joe didn’t accept his request as he had with others.
The reason was simple: Joe specialized in hardware hacking, not software-generated random passwords.
Besides, recovering lost cryptocurrency passwords wasn’t his area of expertise or interest—no matter how high the reward offered.
So that year, Joe flatly refused Michael’s plea.
But last summer, when Michael desperately reached out again, Joe agreed to give it a try.
This time, it wasn’t just compassion that made Joe say yes—his German partner, a young software hacker, believed there was a chance they could recover Michael’s lost password.
The young hacker’s name is Bruno—a German expert specializing in software vulnerabilities. Like Joe, Bruno developed a deep fascination with discovering security flaws in systems and software from a very young age.
Bruno occasionally received requests for help recovering lost cryptocurrency passwords, but Michael’s case was unprecedented.
He proposed to Joe that they might stand a chance—and both genius hackers were deeply intrigued by challenging projects with even the slimmest possibility of success.
Joe flew to Europe to meet up with Bruno and Michael.
Michael had originally generated the random password using a software called "RoboForm," one of the earliest random password generators in the world, still in use today.
Joe and Bruno tested the software and found that it could generate entirely different passwords at every moment.
To them, finding the exact password Michael created years ago seemed like searching for a needle in a haystack:
"If we had to try every possible password combination, that number would be 100 trillion times the total number of water droplets on Earth.
If we imagine each password as a single drop of water, it could be flowing along the riverbed, falling from the sky, or floating somewhere in any ocean across the planet.
If we could somehow narrow down this scope, we could turn an insurmountable challenge into something achievable."
After studying RoboForm’s operational principles, the two began tracing timelines to find clues that could reduce the search space.
They quickly noticed something suspicious in the version history: the 2015 update notes stated,
"We increased the randomness of password generation."
This sentence raised red flags for the two geniuses: Increased randomness??
Did that mean passwords generated before 2015 weren’t truly random??
As computer software and hardware experts, Joe and Bruno knew well that generating truly "random" numbers continuously is extremely difficult for computers—many so-called random numbers are actually tied to certain reference parameters:
"If we can manipulate this 'randomness,' we might obtain predictable outputs that could help crack Michael’s wallet password."
But it was already 2023—how could they go back ten years to replicate the exact conditions under which Michael created his password?
Here, their expertise shone: they reverse-engineered the software, not only reverting it to its 2013 version but also manipulating system data to make the software believe it was executing a user command from 2013:
"We tricked the system into going back to 2013. It thinks we're still within the time window when Michael generated his password."
Having traveled back in time via this digital "time machine," they used a software tool—even employed by the U.S. National Security Agency—to analyze patterns in historical password generation:
"This software is like a set of Russian nesting dolls. Our goal is the tiny doll in the center—the actual password generator."
Through computation and testing, they made an exciting discovery: the old password generation did follow a pattern—and that pattern was system time!
It turned out that in 2013, the software generated strictly time-dependent "pseudo-random passwords" based on when users created them—each password directly linked to the precise moment it was generated.
With this crucial clue connecting the password to the time Michael created it, Joe and Bruno were thrilled.
This meant their search space could be drastically reduced: knowing roughly when Michael created the password would allow them to compute a limited number of possible passwords and test them one by one.
But unexpectedly, Michael couldn’t remember exactly what day—or even month—he had opened the software ten years ago to generate the Bitcoin password…
Undeterred, Joe and Bruno continued their meticulous investigation.
They identified the date Michael deposited Bitcoin into his digital wallet: April 2013.
Logically, Michael must have created the random password within a few months before or after that date. So, Joe and Bruno narrowed their search window to March through April of that year.
They worked through the night discussing and calculating, waiting for the computer results—but ultimately, none of the generated passwords unlocked Michael’s Bitcoin account.
Defeated, they contacted Michael again, urging him to recall the exact date more precisely.
But Michael was overwhelmed—after all, who can clearly remember events from ten years ago?
This time, however, Bruno asked Michael to send him several other passwords he had created around the same time using the same software. Joe and Bruno hoped to uncover additional clues from those.
They discovered that two of Michael’s other passwords contained no special characters (like ¥, &, etc.).
Since users can choose whether to include special characters in random passwords, Joe and Bruno decided to exclude special characters from their search criteria and extend the search period to June 1, 2013.
Then, on an ordinary early morning, a unique string composed of letters and numbers suddenly appeared on Bruno’s screen:
A single result popped up!
This outcome was something even software expert Bruno hadn’t anticipated—a single, unique solution actually existed!
Bruno, ecstatic
The result showed that Michael clicked to generate the password on May 15, 2013, at 4:10:40 PM.
In November last year, Joe and Bruno kept this incredible breakthrough secret from Michael. They custom-made a giant foam board reading "$1.6 million awarded to Michael" and successfully shipped it by air cargo to Barcelona.
Then, while Michael was still being filmed recounting how he lost this massive fortune, Joe and Bruno suddenly appeared before him, presenting the board to deliver the joyful news!
All three were overwhelmed with joy.
After five months of effort, Joe and Bruno truly turned the impossible into 100% success!
In return, after successfully cracking the password, Joe and Bruno received a pre-agreed percentage of Bitcoin from Michael’s account (they had established a fee arrangement only upon successful recovery).
By November last year, Michael’s Bitcoin—originally worth $5,300 ten years earlier—had appreciated to $1.6 million.
Joe and Bruno documented the entire journey into a short, powerful documentary. By the time it aired in May this year, that $1.6 million had grown to $3 million…
At the end of last year, Michael sold some of his coins, sharing portions with his saviors while keeping 30 coins for himself.
He plans to sell the remaining coins when Bitcoin reaches $100,000 per coin.
In the end, besides thanking Joe and Bruno, Michael also expressed gratitude for his own past "cleverness backfiring":
"If I hadn’t lost the password, I probably wouldn’t have waited ten years—I might’ve sold earlier."
Well, without the dedicated efforts of these two brilliant hackers—and the lucky coincidence that the software’s older version had a major systemic flaw—Michael’s password would’ve been lost to the Pacific Ocean forever.
Let’s hope he learns his lesson…
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News


































