Hello,
Don't know if you are still around but a friend and I might be able to help you.
Thanks to technology improvement (and my friend being and crypto algorithm genius) we have a wallet recovery tool that is immensly more effective than everything else. Some wallets that use to be lost forever can now be saved!
We are new to this, hence the low number of messages here, but it is very possible that we can help you recover your wallet if you still need help.
We are well aware this space is full of scammers so just so you know :
> We are not going to ask for any money or info from you upfront
> We are doxxed and willing to do a video call with you to prove it
> Anything you'll need to feel safe we'll do if possible
Just contact me via DM or via [email protected] and we'll talk to see if our technology can solve your situation.
Looking forward to hear from you if we can help,
Topic: 11/12 words seed, Any1 can please hepl me (Read 479 times)
Yeah, as odolvlobo has said, with a 12 word seed phrase there are only 16 possible checksums, so for any word substitution there is a 1 in 16 chance (on average) of the checksum is still correct. As an example, here is a random phrase I just generated:
If we change only the first word - melody (1109 on the BIP39 word list) - the next word in the BIP39 list which generates a valid checksum is method (1122 on the word list):
After that, the next word is model (1141):
Code:
melody ensure share example hole license typical time type answer world biology
If we change only the first word - melody (1109 on the BIP39 word list) - the next word in the BIP39 list which generates a valid checksum is method (1122 on the word list):
Code:
method ensure share example hole license typical time type answer world biology
After that, the next word is model (1141):
Code:
model ensure share example hole license typical time type answer world biology
This might be interesting: https://github.com/odolvlobo/bip39
Specifically, https://github.com/odolvlobo/bip39/blob/master/cs/missing.coffee
Specifically, https://github.com/odolvlobo/bip39/blob/master/cs/missing.coffee
Substituting one word for another in a 12 word seed phrase would result in an invalid seed phrase 15 times out of 16 on average, and only 1 out of 16 times would pass the checksum.
Sorry for going off-topic but how did you arrive at this percentage? SHA256 of the entropy is supposed to give results in a way the first 4 bits, or all the bits for that matter, of the result are pseudorandom. I suspect you arrived at 16 by dividing the 256 bits returned by SHA256 by the 4-bit length of the checksum.
That is probably true for arbitrary bits input but when you're just substituting a single word, you can only change up to 11 bits at once, and because a bunch of input bits can't just be flipped to predictable some output bits from SHA256, I think the probability of a checksum collision from word substitution is much, much lower than 1/16 on average, especially if the last word is the one being changed (7 input bits changed + the entire checksum, two moving targets at once).
In fact for a given checksum there may not even be a substitution in any single word that makes an equal checksum. Multiple word substitutions is a different story and I can imagine at least a few collisions being made of many words are allowed to be replaced at once.
I didn't follow your explanation, so sorry if I am arguing a moot point, but here is why it is 1/16:
The checksum value in a 12-word phrase is 4 bits and it is constant, assuming that the last word is not variable. There are 16 possible computed checksums but only one matches the expected value, and since computed checksums are random, then 1/16 of the computed checksums will match the expected value.
Now, if the last word is variable, then the expected checksum is not constant. In this case, there are 7 bits that can be changed and the other 4 are the expected checksum and are determined. If you try all possible 2048 words, then for each value of the first 7 bits, only 1 out of 16 values for the last 4 bits will match the computed checksum.
Or, in general, in a random string of bits, of which the last 4 are expected to match the computed checksum for the other bits, only 1 of 16 of these random strings will be valid.
Substituting one word for another in a 12 word seed phrase would result in an invalid seed phrase 15 times out of 16 on average, and only 1 out of 16 times would pass the checksum.
Sorry for going off-topic but how did you arrive at this percentage? SHA256 of the entropy is supposed to give results in a way the first 4 bits, or all the bits for that matter, of the result are pseudorandom. I suspect you arrived at 16 by dividing the 256 bits returned by SHA256 by the 4-bit length of the checksum.
That is probably true for arbitrary bits input but when you're just substituting a single word, you can only change up to 11 bits at once, and because a bunch of input bits can't just be flipped to predictable some output bits from SHA256, I think the probability of a checksum collision from word substitution is much, much lower than 1/16 on average, especially if the last word is the one being changed (7 input bits changed + the entire checksum, two moving targets at once).
In fact for a given checksum there may not even be a substitution in any single word that makes an equal checksum. Multiple word substitutions is a different story and I can imagine at least a few collisions being made of many words are allowed to be replaced at once.
Could you remember anything about the wallet you used to create these words?
Apparently, it was Exodus
Wallet was an exodus wallet
Which means that it should be BIP39 and BIP44/BIP84 compatible.... as per the Exodus documentation here: https://support.exodus.io/article/159-import-your-bitcoin-wallet-into-electrum
If the OP is not finding his wallet after following those steps to restore their Exodus wallet in Electrum, then I can only conclude that they have a seed that is "valid" but, is not the seed that generated their Exodus wallet... ie. they have the wrong seed.
There are too many unknowns here. You have to try and narrow it down.
For example when you say "years ago" how long are we talking about? Was it before 2017 or after? Coming up with a year could eliminate certain BIPs (derivation paths, address types,...).
Could you remember anything about the wallet you used to create these words? Best thing would be the name of it but the type could also be helpful, a phone/desktop wallet or though some website, a web wallet like blockchain.info or some custodial web wallet? Because the words you have may not even be a mnemonic.
For example when you say "years ago" how long are we talking about? Was it before 2017 or after? Coming up with a year could eliminate certain BIPs (derivation paths, address types,...).
Could you remember anything about the wallet you used to create these words? Best thing would be the name of it but the type could also be helpful, a phone/desktop wallet or though some website, a web wallet like blockchain.info or some custodial web wallet? Because the words you have may not even be a mnemonic.
the thing that i have the 12 words BUT with the list i have i a, opening a wallet that is not mine..
So this is a completely different problem to only having 11 out of 12 words.It is unlikely that you have incorrectly copied down a seed phrase which passes the checksum. Substituting one word for another in a 12 word seed phrase would result in an invalid seed phrase 15 times out of 16 on average, and only 1 out of 16 times would pass the checksum. Since you are able to recover your seed phrase without difficulty, then chances are it is correct and you have not made a mistake with one word. The far more likely problem here is either you are recovering the wrong derivation path, or you extended the seed phrase with a passphrase which you have forgotten.
For the former, using the latest version of Electrum, enter your seed phrase, go to Options and check the box marked "BIP39 seed", and on the next page click "Detect Existing Accounts". Electrum will automatically scan common derivation paths for your wallet.
For the latter, your only option is to try to remember if you set up a passphrase and what it might be. If you have a habit of using poorly secured passwords/passphrases, then it may be brute forcible.
Do you know any of the addresses from the wallet?
Maybe problem is the derivation path, what you see are addresses from another 'pool'? Legacy, segwit, native segwit....
If you do not know your original address, that's not good. But if it was old, we may assume it was legacy address.
yes, well i though that holding the 12 words seed would be enough but opening in a new device i have just a new wallet If you do not know your original address, that's not good. But if it was old, we may assume it was legacy address.
. Yes i have been checking that also before via electrum wallet and choosing the 3 different derivation path options. But no results,
Maybe problem is the derivation path, what you see are addresses from another 'pool'? Legacy, segwit, native segwit....
If you do not know your original address, that's not good. But if it was old, we may assume it was legacy address.
If you do not know your original address, that's not good. But if it was old, we may assume it was legacy address.
Thanks everyone for your replies, havent the chance to try yet but i am starting to try 1 by 1. Wallet was an exodus wallet, the thing that i have the 12 words BUT with the list i have i a, opening a wallet that is not mine.. I have asked Exodus but they just give me reply like sorry ;;we are sorry you lost your coins bla bla bla;; i am asking help about 11 words from 12 because there is 1 of the 12 that could be wrong, i am for 1 year already trying to restore my btc 
It checks balance of 10 addresses using blockchain api - not fast as I must slow it down (not to be rejected by them) but it works.
I have a feeling that now it works only for legacy addresses, so this is something to improve.
I have a feeling that now it works only for legacy addresses, so this is something to improve.
you should change how it works entirely because this method is currently unusable. but for now at least try to find a blockchain explorer API that allows you to batch check the address balances like blockcypher and send it maximum number of addresses it allows.
It checks 10 addresses generated per each seed (in a single call to blockchain api)
What do you mean by "unusable"?
it is not practical, searching like this is so slow that it can take weeks to go through all the possible keys and figure out which seed is the correct one with the combination of its corresponding derivation path. and blockchain.com bans IP addresses of those who download a lot of data from their servers like this after some time.
It checks balance of 10 addresses using blockchain api - not fast as I must slow it down (not to be rejected by them) but it works.
I have a feeling that now it works only for legacy addresses, so this is something to improve.
I have a feeling that now it works only for legacy addresses, so this is something to improve.
you should change how it works entirely because this method is currently unusable. but for now at least try to find a blockchain explorer API that allows you to batch check the address balances like blockcypher and send it maximum number of addresses it allows.
It checks 10 addresses generated per each seed (in a single call to blockchain api)
What do you mean by "unusable"?
It checks balance of 10 addresses using blockchain api - not fast as I must slow it down (not to be rejected by them) but it works.
I have a feeling that now it works only for legacy addresses, so this is something to improve.
I have a feeling that now it works only for legacy addresses, so this is something to improve.
you should change how it works entirely because this method is currently unusable. but for now at least try to find a blockchain explorer API that allows you to batch check the address balances like blockcypher and send it maximum number of addresses it allows.
hello i have 1 word missing from my seed and i need help to find a program to restore my BTC. i have just that 11 words, no addresses or other details as this was years ago. Thank you in advance
- What wallet did you use to create this 12 word seed?- Do you know what position the missing word is supposed to be?
- Are the 11 words you current have in the correct order?
This isn't the "best" case scenario... but it's not "bad"... not knowing any addresses will slow you down as you'll need to manually check every valid seed combination that you can generate from your 11 words +1 "guess" word and see if any of the first 5-10 addresses have "history" to know if you're found the "correct" seed.
Not ideal, but a script and a blockexplorer API should be able to work that for you.
Take a look: https://github.com/PawelGorny/lostword
I added configuration example ONE_UNKNOWN_CHECK_ALL
It checks balance of 10 addresses using blockchain api - not fast as I must slow it down (not to be rejected by them) but it works.
I have a feeling that now it works only for legacy addresses, so this is something to improve.
The bigger problem is the derivation path otherwise with 1 missing word the number of mnemonics to check is going to be around 130 which can quickly be generated in less than a second. But if you don't know your derivation path then you have nearly unlimited number of keys that can be generated (eg. m/0, m/0', m/0/0, m/0'/0, m/0'/0', m/44'/1'/0, ...).
The other problem is about not knowing how many addresses were used from that wallet, which means even if you check the first 10 keys versus a big database of addresses that currently have a balance you may miss the correct combination if 11 keys were used and the first 10 were empty (eg. 11th one has balance with the first 10 used once and emptied later).
The other problem is about not knowing how many addresses were used from that wallet, which means even if you check the first 10 keys versus a big database of addresses that currently have a balance you may miss the correct combination if 11 keys were used and the first 10 were empty (eg. 11th one has balance with the first 10 used once and emptied later).
There's only going to be 2048 combinations of seed phrases to check if OP has 11 of them in order, so guessing the derivation path should be doable. There are only a few practical combinations anyway depending on the wallet software OP was using. Electrum seems the most likely so once a seed guess is obtained you could e.g check m/0/i and m/1/i for the first 100 change and receiving addresses, especially if OP seldomly used that wallet (which sounds like the case as he doesn't remember his addresses or other details and probably doesn't know what a derivation path is either).
Next most likely combination is some random BIP39 wallet that's using legacy addresses, so m/44'/0'/0'/0/i and m/44'/0'/0'/1/i, as he mentioned his wallet is from years ago.
If the missing word could be any of them, then there are approximately 1536 possible mnemonics (12 x 128).
It's actually going to be 128+11*2048 possibilities because each word that's scrambled except for the last one adds 2048 more unique combinations (the last word adds only 128). The checksum being known ahead of time does save time from processing derivation paths though.
The bigger problem is the derivation path otherwise with 1 missing word the number of mnemonics to check is going to be around 130 which can quickly be generated in less than a second. But if you don't know your derivation path then you have nearly unlimited number of keys that can be generated (eg. m/0, m/0', m/0/0, m/0'/0, m/0'/0', m/44'/1'/0, ...).
The other problem is about not knowing how many addresses were used from that wallet, which means even if you check the first 10 keys versus a big database of addresses that currently have a balance you may miss the correct combination if 11 keys were used and the first 10 were empty (eg. 11th one has balance with the first 10 used once and emptied later).
The other problem is about not knowing how many addresses were used from that wallet, which means even if you check the first 10 keys versus a big database of addresses that currently have a balance you may miss the correct combination if 11 keys were used and the first 10 were empty (eg. 11th one has balance with the first 10 used once and emptied later).
hello i have 1 word missing from my seed and i need help to find a program to restore my BTC. i have just that 11 words, no addresses or other details as this was years ago. Thank you in advance
- What wallet did you use to create this 12 word seed?- Do you know what position the missing word is supposed to be?
- Are the 11 words you current have in the correct order?
This isn't the "best" case scenario... but it's not "bad"... not knowing any addresses will slow you down as you'll need to manually check every valid seed combination that you can generate from your 11 words +1 "guess" word and see if any of the first 5-10 addresses have "history" to know if you're found the "correct" seed.
Not ideal, but a script and a blockexplorer API should be able to work that for you.
You can write a script e.g. in python for this purpose. Something that can find balances of generated addresses by using online API, although probably, I think, there is something near to it if you search.
Additional information could make recovery process easier,
1. Do you remember what software you used to generate the words seed? While most wallet uses BIP 39 standard, Electrum have different word seed standard
2. Do you have the wallet file created by wallet? It could be used to extract address to make recovery process faster
1. Do you remember what software you used to generate the words seed? While most wallet uses BIP 39 standard, Electrum have different word seed standard
2. Do you have the wallet file created by wallet? It could be used to extract address to make recovery process faster
Jump to: