Just a little info for people reading this thread. I'm a professional in the cyber security world although I can not say to what degree. These are crackable if you know what your doing, an I don't mean guessing a number and hoping with hashcat. Here is the issue, anyone with wallet.dat that they obtained probably can crack it there self. Let's say that the person has but does not know how to crack. Why sale when they could cut a deal with someone that could. With alot hat said will there be accounts with free coins and tokens on some of the ones "for sale" sure. Some people have realized they can sale a wallet.dat to multiple people because 99% are not gonna be able to crack it. That said if you want to try it that's fine it's your choice just go into it expecting to loose the money you spent on it.
Why can't you say 'to what degree'? I'm also a cyber security professional, I've been a mid-level info-sec consultant for 5 years.
My feeling is that if the wallets are genuine, you would have to be extraordinarily lucky to 'crack' them. I agree you have to go into this expecting to lose anything spent on them. I know that cracking these is pretty hard - I have some experience with them. You need extraordinary compute power and time, or really good lists and rules to apply to the lists, and even more time, and therefore potentially expense.
). This is why I didn't see hashcat brain as a necessary. If it can help, I will still implement it on my server asap.