Topic: Difficulty restoring old BTC. I have wallet.dat (Read 1502 times)

If your old wallet.dat file was not secured with a password, then it is VERY likely that your new computer is (or was) infected with a virus or other malware.  The malware would have recognized your wallet.dat file when you attached the hard drive and would have immediately created a transaction that took those bitcoins.

If your wallet was secured with a password, then the malware could wait until the first time you typed in your password and steal your bitcoins then.

The 13QSnhZrKYpHkbxuKiXaEwqVFgsSfB7Gi9 address would have been a change address created by your wallet and NOT displayed in your "receiving addresses" when you used transaction 1495ad382534192f8d2fea655bf02790e3246bd856e35e84d92ae77dbfabddd3 to send 5 BTC to 1GXSMQhfi66AGwUNibEFmrR3USDZ57Y8fs on 2013-12-04 12:41:33.  The Bitcoin Core wallet usually does not show change addresses in the "receiving addresses" list.

I checked the addresses I used so far but did not recognize any of them in the transaction. Also 13QSnhZrKYpHkbxuKiXaEwqVFgsSfB7Gi9 isn't one of my addresses.

My confusion starts with the second transaction. The first transaction is totally fine. But I never (at least knowingly) made the transfer to the red address. And it does not show up as a receiving address in my wallet either (change address).

1LAwJ5N8Mn3p4pfSMLy9rqoYv1Jqyen8Dv      1GXSMQhfi66AGwUNibEFmrR3USDZ57Y8fs 5 BTC
                                                                  13QSnhZrKYpHkbxuKiXaEwqVFgsSfB7Gi9 5 BTC

I had my hard drive offline for several years and after plugging it to my new computer and transferring the wallet.dat to the new hard drive the issue appeared. But according to blockchain.info the BTC were already transferred on 2013-12-04 to this other address with this very last transaction I made.

Before that transaction I made the following one:

1DyYLZvhMLFosuFZj3YyhSF1QsoekVkUtK      1GXSMQhfi66AGwUNibEFmrR3USDZ57Y8fs 10 BTC
                                                                  1LAwJ5N8Mn3p4pfSMLy9rqoYv1Jqyen8Dv 10 BTC

Here the change address 1LAwJ5N8Mn3p4pfSMLy9rqoYv1Jqyen8Dv was generated and I could use it for the transaction above. The other change address 13QSnhZrKYpHkbxuKiXaEwqVFgsSfB7Gi9 never showed up as a receiving address in my wallet.

Is there any known scam that works like this to steal BTC?

Someone with access to the private key for 13QSnhZrKYpHkbxuKiXaEwqVFgsSfB7Gi9 has sent the 5 BTC from that address (combined it with 516 other inputs (!!?! ) and sent it to 18yhZFwZcHGVKStRfVWBV5dXJ6Yb1MdHdx.

Do you recognise ANY of the other INPUT addresses in this transaction: https://blockchain.info/tx/c2ac656069e9719aa906aab4a8ba8dc5805ddca75b7cc3c6c3afb897216a6cab

Are any of them (apart from the 13QSnhZrKYpHkbxuKiXaEwqVFgsSfB7Gi9 one) yours? Did you try and combine all your BTC or send them to an exchange or other online service or sweep them into a different wallet?

If you're 100% sure that you didn't send those coins anywhere, then the only other explanation is that they have been stolen.


That is most likely a "change" address from your wallet. You can read about "change" here: https://en.bitcoin.it/wiki/Change and here: https://en.bitcoin.it/wiki/Coin_analogy

It looks like it's been sent to a mixer/exchange service.
If you didn't initiate that then your coins may be stolen.

Thanks so far for the input. The wallet is synced and up to date. The transaction ID is c2ac656069e9719aa906aab4a8ba8dc5805ddca75b7cc3c6c3afb897216a6cab

https://imgur.com/a/sGjkv

The relevant transaction from 2013-12-04 looks like this in blockchain.info:

https://imgur.com/a/AmWEm

And in my wallet it looks like this:

https://imgur.com/a/s563M

Why is there a second transaction from 2015-09-05? I never initiated it and there is neither a "type" nor a "label" in my wallet for this transaction. Where does the address 13QSnhZrKYpHkbxuKiXaEwqVFgsSfB7Gi9 come from?

During sync the amount of BTC that should be in the wallet is shown as "available" until 2015-09-05.

Your screenshot shows nothing useful... If your wallet is fully synced and showing no coins, then there are most probably no coins in it (or it isn't completely synced)

Two things to try...

1. Check the "Help -> debug window -> information" tab... And check that the number of blocks listed is the same as the current block height... 485,834+

2. Use the "help -> debug window -> console" tab... And use the "listaddressgroupings" command... It will show you all the used addresses and the number of coins in them..

If the number of coins showing doesn't seem right, try checking the addresses that the command outputs on a block explorer like blockchain.info and see if the coins have been moved since the last transaction shown in 2015

Can you screenshot the addresses you have or post them here?

You should be able to find them in your core so we can work out what you're supposed to have in that wallet.

Is it syncronised to the point the progress bar is no longer there? Is there a debug.log file that you can post?

Hi, did you fix your problem? I'm experiencing the same issue after copying the wallet.dat file from an old hard drive:

https://imgur.com/a/tubYt

Even after synchronizing the wallet the problem still remains. Would be great if you could tell me what you did to fix it. Many thanks!

Glad to hear you (sort of) got it solved.

Honestly, it isn't super hard to export the keys... And if you really don't want to use the full Bitcoin Core client and the 150gigs of Blockchain, then you should consider exporting your keys sooner rather than later.

The reason for this is that if you do a transaction now that doesn't spend an entire input and generates change that comes back to your wallet... You will then need to sync the WHOLE blockchain for that transaction to be shown properly.

I guess it really comes down to whether you want to migrate to a lightweight wallet like Electrum or if you want to stick with Bitcoin Core.

If you're in no rush to do anything with your coins in the immediate future, and you have the bandwidth and spare storage capacity, maybe just leave Core syncing, "just in case" you decide to stick with it

Thanks!  I let the wallet sync for a while and eventually my BTC showed up.  Whew.  At least I know they're not lost.

Haven't tried dumpprivkey yet.  That and the rest of the steps you mentioned are technical enough that I'd probably screw them up somehow.  For now, I'm happy to know that I still have my BTC.

Thanks again.

Given that Core is showing as 7 years 43 weeks behind, you haven't synced up to August 2012 when your transactions were made, so Core is treating them as unconfirmed until it has the block data to show them as confirmed and add them to your balance.

Click the bar at the bottom that says "7 years and 43 weeks behind" and it should pop up a window that shows exactly where it is synced to.

Also, you only need to sync up to Aug 14th 2012 to have all the transactions that your wallet currently knows about... However, there may be newer transactions that your wallet is unaware of...

Alternatively, you can export your private keys and import them into Electrum and you'll see your transactions and total balance within moments...

"Help -> debug window -> console"

Then use either the "dumpprivkey" or "dumpwallet" commands to export your private keys as required...

Download Electrum from here: https://electrum.org/#download

Install and during wallet creation, select "use public or private keys" option... Then copy/paste your private keys. I'd suggest doing all this offline, so as to minimise the chance of leaking your private keys...

Personally, I would create a new HD wallet in Electrum ("create a new seed" option) and then "sweep" the private keys... This will cost a transaction fee as it effectively sends the coins from old addresses to a new address in your new wallet, but offers some benefits like having your wallet backed up with the seed, coins are now on new (unexposed) private keys etc

I'm trying to restore some BTC from an old hard drive.

I found the wallet.dat file on that hard drive, installed Bitcoin Core on my new computer, replaced wallet.dat on my new computer with the one from my old hard drive, and now this is what I see:

https://www.screencast.com/t/z2I0kGsvMv

So I can see my transactions in Bitcoin Core now, but I see a balance of 0 BTC.

Questions:

1 - Do I need to wait for the entire ~150 GB blockchain to load onto my computer before I'll see my actual balance?
2 - Is there any way that I can get my BTC balance into a different wallet without waiting for the entire blockchain to load in BTC Core?  I really don't want to download 150 GB!

Thanks in advance.