A team of security researchers cracked a password to recover over $3 million in Bitcoin after it had been stuck in a crypto wallet for 11 years. 

The Block reported that one of the researchers was identified as electrical engineer Joe "Kingpin" Grand, who had previously recovered lost bitcoin held in a Trezor wallet. In a YouTube video, he explained how he and a friend named Bruno were able to exploit a long-fixed vulnerability in the password generator RoboForm, which was used to create the wallet's password to access the wallet owned by an anonymous man.

The wallet's owner, who is only identified as Michael, said that he set it up on May 15, 2013, and stored the password in an encrypted file. He opted not to store it in RoboForm due to security reasons. 

However, when the encrypted file was corrupted, Michael no longer had the 20-character password needed to access the 43.6 BTC in the wallet, equivalent to about $3 million.

READ NEXT: SEC Approves Ether ETFs, Marking Major Milestone for Cryptocurrency Industry

Recovering Michael's Bitcoin Tokens

Given the crypto's value in his wallet, Michael employed Grand's help in 2022 and eventually contacted Bruno to work on cracking RoboForm's software using a reverse engineering tool developed by the US National Security Agency (NSA) to crack the password generator's code. 

The Independent reported that the duo eventually discovered that RoboForm had a vulnerability in its supposed "random number" generator. This generator connected a password to a specific date and time on the user's computer when the password was created. While the issue was fixed in 2015, the bug still affected passwords created before then.

In compensation and gratitude for their work, part of Michael's Bitcoin was given to Grand and Brun, while Michael sold off another small portion, giving away a total of 13.6 BTC. This process left him with 30 BTC, which is worth around $2 million.

He told Wired that he would intend to hold on to his remaining Bitcoin amount until a single token would value $100,000, adding that his situation with his wallet turned out to be a good thing as it allowed his tokens to appreciate over time. 

READ MORE: Cryptocurrency Trader Loses $70 Million in 6 Hours in So-called 'Address Poisoning' Scam