Topic: HUGE PROBLEM, LOST MASSIVE AMOUNT OF BTC. 100 BTC is Reward (Read 877 times)

Yes, I know, the situation is not funny at all and I am completely lost here as I am afraid for my savings and my money here.

The file gets deleted if you let bitcoin-qt overwrite it. If it's overwritten nothing can bring it back. It's lost, scanning for metadata of deleted files on the drive is a lost cause after so many years because the more you delete and use the disk the more bits are going to get changed.

What I understood when he says it's deleted is that bitcoin-qt creates a new one instead of trying to open the old corrupt one, but he kept the old files. He just cant open them using bitcoin-qt with risk of deletion.


i'm sure even pywallet would have a hard time extracting keys from deleted files / disk metadata, it's just one big blob of bits. It's probably much more efficient to get a serious recovery tool that works for that specific purpose to correctly retrieve the deleted data, and then try to scan it for bits.

But bottom line, OP is gone, he was probably lying, or just faking this for attention. Who knows, it's been almost 4 days since his last login.. If I had that much money on the line I wouldn't sleep for more than one hour without waking up in the middle of the night.

Sorry if it came across like that... I guess something got lost in the typing.

I was just trying to clarify if the utility is able to scan the raw bits on a device the way PyWallet was able to with it's "--recover" option...


But it does get deleted, doesn't it?

Watch from 1:48 here: https://youtu.be/8BOxflDzhgU?t=108

He renames the "wallet.TIMESTAMP.bak" (the now very corrupt wallet) back to "wallet.dat"... then tries to start Bitcoin Core... then at 1:58 he states "And see what happens now. It.. is.. deleting the wallet.. It's not there any more"... and you can see that the wallet.dat is deleted... Bitcoin Core then finishes starting up and a new wallet.dat is created. "It puts a completely new wallet file in there".

This would seem to be the OPs real problem... he no longer has his original wallet.dat file, corrupted or otherwise.


On the contrary, I never said the software was useless or didn't work... I was just pointing out that the video was a little confusing.

The software is actually very useful and it's nice to have an updated "pywallet"-type key recovery utility that plays nicely with the newer wallet.dat format, but unfortunately, I don't think that it is able to help the OP given their specific circumstances.

No idea what you even mean. I'm not going to get into an argument with you about what happens to data when it's deleted. About how OSX is a Unix-based system where metadata for unlinked files is automatically cleared on shutdown. About how your derisive tone is really not helping your case.


That's not the problem. The file doesn't get deleted in the video. The problem is that when he renames it while bitcoin-qt is running, and tries to open it again, it's corrupt.


Compressed or uncompressed keys are both derived from the same elliptic curve signature. I really don't like how you're insisting this hard on arguing over banalities. The private key is stored in bitcoin-qt  https://iancoleman.io/bitcoin-key-compression/ This is one of many links to show you the link between all the ways private keys are stored.

In addition, I added exporting of both compressed and uncompressed keys to my software. By all means if you think the software is useless or doesn't help solve OP's problem, you are welcome to making your own, or contributing to mine with whatever function you see I might have missed. Thank you.

So, that would be a no then... it is only searching files that the file system can actually find?

Which means that, unfortunately, your app is not likely to help the OP... who doesn't have a wallet file any more... if you watch their demo video, you'll see that they're demonstrating how their wallet file got deleted and then a completely new (and empty) wallet file was created by Bitcoin Core when they renamed the "wallet.TIMESTAMP.bak" file to wallet.dat and started their old version of Bitcoin Core.


But your video doesn't really seem to show that. As far as I could tell, you "found" a bunch of "uncompressed" private keys ("5JHmj...")... but then you demonstrated "dumpprivkey" using the "compressed" address which gave a completely different private key ("KYK2R...").  You then did the same thing after using the "getnewaddress" command.

I don't know about anyone else... but, personally, I found it a little bit confusing. Just saying, it might have been better to highlight the same key/address in both places rather than mixing the compressed/uncompressed ones.

https://bitcointalksearch.org/topic/findwallet-bitcoin-core-wallet-finder-5071775  


  Do you really think I would have gotten this far if I didn't know the difference. bitcoin core stores the ECDSA private key, I'm computing the uncompressed key from it myself, (and I added even compressed keys later). The point of the video was to prove that those addresses were actually stored in that bitcoin core wallet, rather than fake/generated elsewhere.

You kind of missed the point... OP no longer has a wallet file... Bitcoin Core deleted it (or at least, the corrupted/renamed "wallet.TIMESTAMP.bak" file).

or is your app scanning the actual raw bits on the disk?


Also, just FYI, the reason why you were getting different addresses when you were attempting to validate the extracted keys using bitaddress, was because you were using the "compressed" addresses from bitaddress with dumpprivkey... but your software is spitting out uncompressed private keys (start with a "5")

It took a while and was a pain in the ass but I upgraded my software to extract private keys from un-encrypted wallets now.

It searches for bit patterns even inside corrupted wallets so it's probably the most hardproof software out there, as long as the wallet isn't losing any data, it'll find your keys.

Demo video

I'm heading off to sleep now. The 100 btc will have to wait

Taking this into consideration anyone that is going to be downloading third party wallet.dat files for any reason. Make sure you do it in a secure environment such as a virtual box which is being run on a non admin account. Make sure that the virtual machine doesn't have any sensitive data on it. That should be enough to safe guard you from any issues as far as I'm aware.

I've sent you a PM. I'm confident I can help you recover your wallet file.

This is quite bad advice, with the last sentence being completely false to begin with. Things get stolen, vaults get broken into. It's alwalys a trade-off between different threat models and convenience.

It seems very fishy that the reward is 100 BTC anyways.

Please don't.

---

You're using Core 0.11 .

Hi Klerni , If you tested pywallet method and didn’t get any favorite result, I can help you to solve your problem, but you must recover exactly all wallet files from your HDD and be sure your image from your HDD is exactly identical to HDD from aspect of clusters,… and also File System data.
I think your wallet files aren’t encrypted?
P.S. please change your forum’s settings that I can send you PMs. Also, I have send you a message on Reddit. Thank you.

I have one more suggestion: you can use pywallet to search an entire partition.
Obviously, the partition itself has to be unencrypted.

i saw people wasting 20k$ like water because of bad done backup or lost password... (and i was always remember them to be careful while escrowing the transaction but still... )
yep the amount of this guys is very huge... but... who knows

1.  Do you know your BTC Address, Go to a btc block explorer and verify the funds match the block explorer

2.  Open the Wallet.dat with the Bitcoin Client Software, look under Receive coins Tab and verify that is the correct wallet.

Then  Dump your Private keys and import into another Wallet.
steps: Open the wallet, Click on Help, click Debug Window, click the Console tab,
For unencrypted wallets: beside > type dumpprivkey (BTC Receive Address) , hit Enter key.
For encrypted wallets:  beside > type: walletpassphrase "your walletpassphrase here" 600 , hit enter, then type dumpprivkey (BTC Receive Address) , hit Enter key.
Copy and Paste the private key along with the BTC receive address into a text document.
Repeat those steps for each of your Receive address that had BTC in them, once you have finished.
Go to your new BTC Wallet installation on another pc that you have newly synced.
steps: Open the text document created above.
Open the wallet, Click on Help, click Debug Window, click the Console tab,
beside > type importprivkey (Paste your Private Key here) , hit Enter key.
Then Close & Restart your wallet with bitcoin-qt.exe -rescan
The Amount for that address should be available after the rescan finishes.
Repeat until you have imported all of your private keys into the new wallet.
You should be good to go.

If the receive address are not in the wallet.dat when you view it, you have the wrong wallet.dat
Or the wallet.dat is so corrupted , that the address is not viewable.
If that is the case look for a older wallet.dat that has the address viewable, does not matter if it was before funds were transfered , what you are looking for is the private key for that address, and a rescan after import will have the updated amount of BTC in it.

If you don't have a wallet.dat files with the receive address so that you can export out the private key, there is not much you can do.





FYI:
If you are into python programming:
Then check out on how to extract the keys.
https://bitcointalksearch.org/topic/pywallet-help-need-to-recover-private-key-from-walletdat-615391
https://github.com/jackjack-jj/pywallet

FYI2:
If this was a windows install, you can use shadow explorer to see if their is a good shadow copy of wallet.dat to restore,
https://www.shadowexplorer.com/

I think this is why you always hard copy print your private-keys, and put them in a safe place, like a fire-proof vault.

Disks go down, backups fail, online storage can be hacked, computer get stolen, exchanges steal or go bankrupt taking your keys, hard-disk write caches clobber files,  ... the only safe place for magic-numbers is a hard-printout that will not fade over time.

If you didn't print it and store it in a safe place, then you never had it.

This is all very strange...But I do not think the OP is trying to fool anyone by sending malicious files. He could put the file directly for download if that was the case. Or he could send it to anyone who asked. However, he asks for evidence that anyone offering to help demonstrate on video how he will recover. But, it may be that the OP is trying to trick somebody or do some kind of crime with that request for help.

To offer 100BTC, which today is worth almost half a million dollars, I believe it has something like 5000BTC in this wallet. I have tried to find some wallet that had been opened for the last time in 2016, but I did not find it, maybe someone can do it. The video was posted by a personal profile. In a few minutes, it is possible to discover the profile on facebook and some other social media. In addition to some news related to MLM scam, That may be about the same person or just a coincidence about the same name.

But there is a high possibility that this can be an elaborate attempt of a scam or is an attempting to recover the funds that were obtained with a MLM/scam. So anyway, since the OP does not want to write in a clearer way telling what actually happened, and did not try to use the help offered by gmaxwell, I could only thank him for making Bitcoin more rare and valuable.

I think the issue seems to be that the OP doesn't have a corrupted wallet to try to salvage... in fact, they don't seem to have any wallet due to the fact that, as shown in the youtube clip, Bitcoin Core seems to delete the "corrupted" wallet.dat. That is to say, the renamed "wallet.TIMESTAMP.bak" is just removed and a completely new wallet.dat is created in it's place.

Reading through the associated Reddit thread, it would appear that whatever "recovered" wallet files that the OP has managed to find using recovery software are not the correct wallet files.

I posted the standard recovery procedure for the kind of corruption described here.  It seems to be being ignored.

I would take a substantial bet that the OP here is either scamming or is going to get scammed.

As an aside, it is not safe to use potentially malicious wallet.dat files.  Anyone who gets sent a wallet.dat from a third party should take great care in using it. I would not be shocked if it were possible to get arbitrary code execution from a wallet.dat file.  If a bad guy found a way to do that the best way to exploit that discovery would be to pose as someone who corrupted their wallet and encourages people to try to 'scam' them by getting a copy of their wallet or help them with a promise of an outsized reward.

So you haven’t the bak file anymore if i understood right.

Which version of MacOS is it ?
Did you already tried some feature of MacOS like time machine backup or this http://osxdaily.com/2015/06/16/revert-to-prior-version-file-mac-os-x/ ?