Pages:
Author

Topic: HUGE PROBLEM, LOST MASSIVE AMOUNT OF BTC. 100 BTC is Reward (Read 883 times)

sr. member
Activity: 714
Merit: 253
Yes, I know, the situation is not funny at all and I am completely lost here as I am afraid for my savings and my money here.
sr. member
Activity: 938
Merit: 452
Check your coin privilege

But it does get deleted, doesn't it? Huh

Watch from 1:48 here: https://youtu.be/8BOxflDzhgU?t=108

He renames the "wallet.TIMESTAMP.bak" (the now very corrupt wallet) back to "wallet.dat"... then tries to start Bitcoin Core... then at 1:58 he states "And see what happens now. It.. is.. deleting the wallet.. It's not there any more"... and you can see that the wallet.dat is deleted... Bitcoin Core then finishes starting up and a new wallet.dat is created. "It puts a completely new wallet file in there".

This would seem to be the OPs real problem... he no longer has his original wallet.dat file, corrupted or otherwise. Undecided

The file gets deleted if you let bitcoin-qt overwrite it. If it's overwritten nothing can bring it back. It's lost, scanning for metadata of deleted files on the drive is a lost cause after so many years because the more you delete and use the disk the more bits are going to get changed.

What I understood when he says it's deleted is that bitcoin-qt creates a new one instead of trying to open the old corrupt one, but he kept the old files. He just cant open them using bitcoin-qt with risk of deletion.

On the contrary, I never said the software was useless or didn't work... I was just pointing out that the video was a little confusing.

The software is actually very useful and it's nice to have an updated "pywallet"-type key recovery utility that plays nicely with the newer wallet.dat format, but unfortunately, I don't think that it is able to help the OP given their specific circumstances.

i'm sure even pywallet would have a hard time extracting keys from deleted files / disk metadata, it's just one big blob of bits. It's probably much more efficient to get a serious recovery tool that works for that specific purpose to correctly retrieve the deleted data, and then try to scan it for bits.

But bottom line, OP is gone, he was probably lying, or just faking this for attention. Who knows, it's been almost 4 days since his last login.. If I had that much money on the line I wouldn't sleep for more than one hour without waking up in the middle of the night.
HCP
legendary
Activity: 2086
Merit: 4363
No idea what you even mean. .... About how your derisive tone is really not helping your case.
Sorry if it came across like that... I guess something got lost in the typing.

I was just trying to clarify if the utility is able to scan the raw bits on a device the way PyWallet was able to with it's "--recover" option...


Quote
That's not the problem. The file doesn't get deleted in the video. The problem is that when he renames it while bitcoin-qt is running, and tries to open it again, it's corrupt.
But it does get deleted, doesn't it? Huh

Watch from 1:48 here: https://youtu.be/8BOxflDzhgU?t=108

He renames the "wallet.TIMESTAMP.bak" (the now very corrupt wallet) back to "wallet.dat"... then tries to start Bitcoin Core... then at 1:58 he states "And see what happens now. It.. is.. deleting the wallet.. It's not there any more"... and you can see that the wallet.dat is deleted... Bitcoin Core then finishes starting up and a new wallet.dat is created. "It puts a completely new wallet file in there".

This would seem to be the OPs real problem... he no longer has his original wallet.dat file, corrupted or otherwise. Undecided


Quote
By all means if you think the software is useless or doesn't help solve OP's problem, you are welcome to making your own, or contributing to mine with whatever function you see I might have missed. Thank you.
On the contrary, I never said the software was useless or didn't work... I was just pointing out that the video was a little confusing.

The software is actually very useful and it's nice to have an updated "pywallet"-type key recovery utility that plays nicely with the newer wallet.dat format, but unfortunately, I don't think that it is able to help the OP given their specific circumstances.
sr. member
Activity: 938
Merit: 452
Check your coin privilege

So, that would be a no then... it is only searching files that the file system can actually find?

No idea what you even mean. I'm not going to get into an argument with you about what happens to data when it's deleted. About how OSX is a Unix-based system where metadata for unlinked files is automatically cleared on shutdown. About how your derisive tone is really not helping your case.

Which means that, unfortunately, your app is not likely to help the OP... who doesn't have a wallet file any more... if you watch their demo video, you'll see that they're demonstrating how their wallet file got deleted and then a completely new (and empty) wallet file was created by Bitcoin Core when they renamed the "wallet.TIMESTAMP.bak" file to wallet.dat and started their old version of Bitcoin Core.

That's not the problem. The file doesn't get deleted in the video. The problem is that when he renames it while bitcoin-qt is running, and tries to open it again, it's corrupt.

But your video doesn't really seem to show that. As far as I could tell, you "found" a bunch of "uncompressed" private keys ("5JHmj...")... but then you demonstrated "dumpprivkey" using the "compressed" address which gave a completely different private key ("KYK2R...").  You then did the same thing after using the "getnewaddress" command.

I don't know about anyone else... but, personally, I found it a little bit confusing. Just saying, it might have been better to highlight the same key/address in both places rather than mixing the compressed/uncompressed ones. Wink

Compressed or uncompressed keys are both derived from the same elliptic curve signature. I really don't like how you're insisting this hard on arguing over banalities. The private key is stored in bitcoin-qt  https://iancoleman.io/bitcoin-key-compression/ This is one of many links to show you the link between all the ways private keys are stored.

In addition, I added exporting of both compressed and uncompressed keys to my software. By all means if you think the software is useless or doesn't help solve OP's problem, you are welcome to making your own, or contributing to mine with whatever function you see I might have missed. Thank you.
HCP
legendary
Activity: 2086
Merit: 4363
So, that would be a no then... it is only searching files that the file system can actually find?

Which means that, unfortunately, your app is not likely to help the OP... who doesn't have a wallet file any more... if you watch their demo video, you'll see that they're demonstrating how their wallet file got deleted and then a completely new (and empty) wallet file was created by Bitcoin Core when they renamed the "wallet.TIMESTAMP.bak" file to wallet.dat and started their old version of Bitcoin Core.


The point of the video was to prove that those addresses were actually stored in that bitcoin core wallet, rather than fake/generated elsewhere.
But your video doesn't really seem to show that. As far as I could tell, you "found" a bunch of "uncompressed" private keys ("5JHmj...")... but then you demonstrated "dumpprivkey" using the "compressed" address which gave a completely different private key ("KYK2R...").  You then did the same thing after using the "getnewaddress" command.

I don't know about anyone else... but, personally, I found it a little bit confusing. Just saying, it might have been better to highlight the same key/address in both places rather than mixing the compressed/uncompressed ones. Wink

sr. member
Activity: 938
Merit: 452
Check your coin privilege

or is your app scanning the actual raw bits on the disk?

https://bitcointalksearch.org/topic/findwallet-bitcoin-core-wallet-finder-5071775   Cheesy

Also, just FYI, the reason why you were getting different addresses when you were attempting to validate the extracted keys using bitaddress, was because you were using the "compressed" addresses from bitaddress with dumpprivkey... but your software is spitting out uncompressed private keys (start with a "5") Wink

 Grin Do you really think I would have gotten this far if I didn't know the difference. bitcoin core stores the ECDSA private key, I'm computing the uncompressed key from it myself, (and I added even compressed keys later). The point of the video was to prove that those addresses were actually stored in that bitcoin core wallet, rather than fake/generated elsewhere.
HCP
legendary
Activity: 2086
Merit: 4363
You kind of missed the point... OP no longer has a wallet file... Bitcoin Core deleted it (or at least, the corrupted/renamed "wallet.TIMESTAMP.bak" file).

or is your app scanning the actual raw bits on the disk?


Also, just FYI, the reason why you were getting different addresses when you were attempting to validate the extracted keys using bitaddress, was because you were using the "compressed" addresses from bitaddress with dumpprivkey... but your software is spitting out uncompressed private keys (start with a "5") Wink
sr. member
Activity: 938
Merit: 452
Check your coin privilege
It took a while and was a pain in the ass but I upgraded my software to extract private keys from un-encrypted wallets now.

It searches for bit patterns even inside corrupted wallets so it's probably the most hardproof software out there, as long as the wallet isn't losing any data, it'll find your keys.

Demo video

I'm heading off to sleep now. The 100 btc will have to wait Smiley
legendary
Activity: 1232
Merit: 1080
I posted the standard recovery procedure for the kind of corruption described here.  It seems to be being ignored.

I would take a substantial bet that the OP here is either scamming or is going to get scammed.

As an aside, it is not safe to use potentially malicious wallet.dat files.  Anyone who gets sent a wallet.dat from a third party should take great care in using it. I would not be shocked if it were possible to get arbitrary code execution from a wallet.dat file.  If a bad guy found a way to do that the best way to exploit that discovery would be to pose as someone who corrupted their wallet and encourages people to try to 'scam' them by getting a copy of their wallet or help them with a promise of an outsized reward.

Taking this into consideration anyone that is going to be downloading third party wallet.dat files for any reason. Make sure you do it in a secure environment such as a virtual box which is being run on a non admin account. Make sure that the virtual machine doesn't have any sensitive data on it. That should be enough to safe guard you from any issues as far as I'm aware.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
I've sent you a PM. I'm confident I can help you recover your wallet file.
legendary
Activity: 2674
Merit: 3000
Terminated.
I think this is why you always hard copy print your private-keys, and put them in a safe place, like a fire-proof vault.
Disks go down, backups fail, online storage can be hacked, computer get stolen, exchanges steal or go bankrupt taking your keys, hard-disk write caches clobber files,  ... the only safe place for magic-numbers is a hard-printout that will not fade over time.
If you didn't print it and store it in a safe place, then you never had it.
This is quite bad advice, with the last sentence being completely false to begin with. Things get stolen, vaults get broken into. It's alwalys a trade-off between different threat models and convenience.

I posted the standard recovery procedure for the kind of corruption described here.  It seems to be being ignored.

I would take a substantial bet that the OP here is either scamming or is going to get scammed.
It seems very fishy that the reward is 100 BTC anyways.

P.S. please change your forum’s settings that I can send you PMs. Also, I have send you a message on Reddit. Thank you.
Please don't.

You're using Core 0.11 Undecided.
newbie
Activity: 42
Merit: 0
Hi Klerni , If you tested pywallet method and didn’t get any favorite result, I can help you to solve your problem, but you must recover exactly all wallet files from your HDD and be sure your image from your HDD is exactly identical to HDD from aspect of clusters,… and also File System data.
I think your wallet files aren’t encrypted?
P.S. please change your forum’s settings that I can send you PMs. Also, I have send you a message on Reddit. Thank you.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I have one more suggestion: you can use pywallet to search an entire partition.
Obviously, the partition itself has to be unencrypted.
jr. member
Activity: 72
Merit: 2
This is all very strange...But I do not think the OP is trying to fool anyone by sending malicious files. He could put the file directly for download if that was the case. Or he could send it to anyone who asked. However, he asks for evidence that anyone offering to help demonstrate on video how he will recover. But, it may be that the OP is trying to trick somebody or do some kind of crime with that request for help.

To offer 100BTC, which today is worth almost half a million dollars, I believe it has something like 5000BTC in this wallet. I have tried to find some wallet that had been opened for the last time in 2016, but I did not find it, maybe someone can do it. The video was posted by a personal profile. In a few minutes, it is possible to discover the profile on facebook and some other social media. In addition to some news related to MLM scam, That may be about the same person or just a coincidence about the same name.

But there is a high possibility that this can be an elaborate attempt of a scam or is an attempting to recover the funds that were obtained with a MLM/scam. So anyway, since the OP does not want to write in a clearer way telling what actually happened, and did not try to use the help offered by gmaxwell, I could only thank him for making Bitcoin more rare and valuable.

i saw people wasting 20k$ like water because of bad done backup or lost password... (and i was always remember them to be careful while escrowing the transaction but still... )
yep the amount of this guys is very huge... but... who knows
member
Activity: 364
Merit: 13
Killing Lightning Network with a 51% Ignore attack
1.  Do you know your BTC Address, Go to a btc block explorer and verify the funds match the block explorer

2.  Open the Wallet.dat with the Bitcoin Client Software, look under Receive coins Tab and verify that is the correct wallet.

Then  Dump your Private keys and import into another Wallet.
steps: Open the wallet, Click on Help, click Debug Window, click the Console tab,
For unencrypted wallets: beside > type dumpprivkey (BTC Receive Address) , hit Enter key.
For encrypted wallets:  beside > type: walletpassphrase "your walletpassphrase here" 600 , hit enter, then type dumpprivkey (BTC Receive Address) , hit Enter key.
Copy and Paste the private key along with the BTC receive address into a text document.
Repeat those steps for each of your Receive address that had BTC in them, once you have finished.
Go to your new BTC Wallet installation on another pc that you have newly synced.
steps: Open the text document created above.
Open the wallet, Click on Help, click Debug Window, click the Console tab,
beside > type importprivkey (Paste your Private Key here) , hit Enter key.
Then Close & Restart your wallet with bitcoin-qt.exe -rescan
The Amount for that address should be available after the rescan finishes.
Repeat until you have imported all of your private keys into the new wallet.
You should be good to go.

If the receive address are not in the wallet.dat when you view it, you have the wrong wallet.dat
Or the wallet.dat is so corrupted , that the address is not viewable.
If that is the case look for a older wallet.dat that has the address viewable, does not matter if it was before funds were transfered , what you are looking for is the private key for that address, and a rescan after import will have the updated amount of BTC in it.

If you don't have a wallet.dat files with the receive address so that you can export out the private key, there is not much you can do.


Cool


FYI:
If you are into python programming:
Then check out on how to extract the keys.
https://bitcointalksearch.org/topic/pywallet-help-need-to-recover-private-key-from-walletdat-615391
https://github.com/jackjack-jj/pywallet

FYI2:
If this was a windows install, you can use shadow explorer to see if their is a good shadow copy of wallet.dat to restore,
https://www.shadowexplorer.com/
member
Activity: 182
Merit: 30
Hello,

exactly like in topic. I've lost a lot of bitcoins and looking for help. I was trying to solve it in past, couldn't.. Right now I want to come back to topic and make it happen somehow. Do anyone know how to solve this problem? Reward is 100BTC and this thread is completely serious.

https://www.youtube.com/watch?v=8BOxflDzhgU&t=3s

Share with friends to make this topic loud.. You could help rescue massive amounts of bitcoins.

====

PC is completely frozen. Nobody touch it and we have made image of all hard drive so it's safe. Our idea is to look for private keys through hex and we checked all PC length and breadth. There were found some bitcoins, but not that... I think private key to this wallet could be partially broken, but I'm not sure..

I think this is why you always hard copy print your private-keys, and put them in a safe place, like a fire-proof vault.

Disks go down, backups fail, online storage can be hacked, computer get stolen, exchanges steal or go bankrupt taking your keys, hard-disk write caches clobber files,  ... the only safe place for magic-numbers is a hard-printout that will not fade over time.

If you didn't print it and store it in a safe place, then you never had it.
hero member
Activity: 672
Merit: 526
This is all very strange...But I do not think the OP is trying to fool anyone by sending malicious files. He could put the file directly for download if that was the case. Or he could send it to anyone who asked. However, he asks for evidence that anyone offering to help demonstrate on video how he will recover. But, it may be that the OP is trying to trick somebody or do some kind of crime with that request for help.

To offer 100BTC, which today is worth almost half a million dollars, I believe it has something like 5000BTC in this wallet. I have tried to find some wallet that had been opened for the last time in 2016, but I did not find it, maybe someone can do it. The video was posted by a personal profile. In a few minutes, it is possible to discover the profile on facebook and some other social media. In addition to some news related to MLM scam, That may be about the same person or just a coincidence about the same name.

But there is a high possibility that this can be an elaborate attempt of a scam or is an attempting to recover the funds that were obtained with a MLM/scam. So anyway, since the OP does not want to write in a clearer way telling what actually happened, and did not try to use the help offered by gmaxwell, I could only thank him for making Bitcoin more rare and valuable.
HCP
legendary
Activity: 2086
Merit: 4363
I posted the standard recovery procedure for the kind of corruption described here.  It seems to be being ignored.
I think the issue seems to be that the OP doesn't have a corrupted wallet to try to salvage... in fact, they don't seem to have any wallet due to the fact that, as shown in the youtube clip, Bitcoin Core seems to delete the "corrupted" wallet.dat. That is to say, the renamed "wallet.TIMESTAMP.bak" is just removed and a completely new wallet.dat is created in it's place.

Reading through the associated Reddit thread, it would appear that whatever "recovered" wallet files that the OP has managed to find using recovery software are not the correct wallet files.
staff
Activity: 4284
Merit: 8808
I posted the standard recovery procedure for the kind of corruption described here.  It seems to be being ignored.

I would take a substantial bet that the OP here is either scamming or is going to get scammed.

As an aside, it is not safe to use potentially malicious wallet.dat files.  Anyone who gets sent a wallet.dat from a third party should take great care in using it. I would not be shocked if it were possible to get arbitrary code execution from a wallet.dat file.  If a bad guy found a way to do that the best way to exploit that discovery would be to pose as someone who corrupted their wallet and encourages people to try to 'scam' them by getting a copy of their wallet or help them with a promise of an outsized reward.
jr. member
Activity: 72
Merit: 2
If you are reliable, then please repeat same what we did on youtube (on same bitcoin core version), put there 0.01btc and get it back. With results please share me directly. I think it's about everyone who are looking for reward.

So you haven’t the bak file anymore if i understood right.

Which version of MacOS is it ?
Did you already tried some feature of MacOS like time machine backup or this http://osxdaily.com/2015/06/16/revert-to-prior-version-file-mac-os-x/ ?
Pages:
Jump to: