Author

Topic: [Solved]W̶a̶r̶n̶i̶n̶g̶! Possibly huge flaw/disadvantage in New Blockchain Wallet (Read 1539 times)

full member
Activity: 141
Merit: 116
...
And yes You cannot get your private key.
This is false statement.


So... ok you may call me a dumb blockhead after all as there is a way to extract your private keys from The New Blockchain Wallet,
although before you start using my new pseudonym please take into consideration that some steps involved in the extraction process
exist outside The New Blockchain Wallet as opposed to Legacy Wallet where one has a direct access.

Before I describe how to do it big thank you and recognition to reliable and knowladgable (as per usual) DannyHamilton for having pointed the right direction.

1. After having logged in  The New Blockchain Wallet go to  >settings>security>Wallet Recovery Phrase.
2. Click >Backup Phrase and follow instruction making sure you have 12 words (which are given in a few screens) noted/copied.
3. Now outside the wallet go to https://dcpos.github.io/bip39/ .
3. Type/paste these words into BIP39 Mnemonic field.
4. Scroll a bit down and vous voilà! Your private keys are there.

This is main receiving address in the wallet:


and corresponding private key after seeding
Code:
vehicle enrich lounge seven table erase govern crane shallow salmon weasel zoo
into https://dcpos.github.io/bip39/ ....




...
I haven't looked at that code yet, so I wouldn't trust it with any wordlist mnemonic tied to any actual bitcoins.

Well I tried it myself as a purely educational exercise without any coins involved but for somebody who has actually their skin in
the game and no other options, it may as well be worth trying.

My conclusions:
1. It is possible to get private keys from The New Blockchain Wallet .
2. Support at The New Blockchain Wallet is not actually that much supportive.
3. If they do not introduce this feature into the new wallet and do automatic switch from legacy wallet to the new one
    I for one will be parting my ways with them for sheer laziness of mine (mind you ! the new UI isn't that great either).
4. I'm going to lock this tread up in say 72 hours unless somebody comes in with a fresh idea/method/approach.


Edit: Corrected some wordings.

legendary
Activity: 3472
Merit: 4801
- quote -
So I put down these words with an intention to recover the wallet in say Electrum but Electrum reported "Error Incorrect seed".
- quote -

I think we're getting pretty close at this point.

So, there is a BIP0039 wordlist for generating a wallet recovery mnemonic, and then there is the older Electrum wordlist:

http://chimera.labs.oreilly.com/books/1234000001802/ch04.html#_deterministic_seeded_wallets
Quote
Mnemonic codes are defined in Bitcoin Improvement Proposal 39 (see [bip0039]), currently in Draft status. Note that BIP0039 is a draft proposal and not a standard. Specifically, there is a different standard, with a different set of words, used by the Electrum wallet and predating BIP0039. BIP0039 is used by the Trezor wallet and a few other wallets but is incompatible with Electrum’s implementation.

So, you probably need to either use a wallet that has implemented BIP0039, or you need to find a program that will convert the BIP0039 wordlist mnemonic into an xprv key.  Perhaps this one would work:
https://dcpos.github.io/bip39/

I haven't looked at that code yet, so I wouldn't trust it with any wordlist mnemonic tied to any actual bitcoins.
legendary
Activity: 2968
Merit: 1895
Lol Holy shit people still use blockchain.info. You're fucking nuts. If your bank 'lost' people's money would you still bank with them? This is just stupidity people. Stop using them.


blockchain.info is EASY, which is important to beginners (like I was say a year or two ago).  That said, I have not used their new wallet because I have read about the problems that you all post above.  "Legacy Only" for me at least for a while.  I only keep small amounts at blockchain.info.

I suppose the best way to use the New Wallet would be to transfer all of your BTC somewhere else (hardware wallets work for me) from your legacy, then take your chances with the new one.  That's probably what I will do once blockchain.info starts telling everyone that they will no longer support the LEGACY ones.
legendary
Activity: 966
Merit: 1042
Lol Holy shit people still use blockchain.info. You're fucking nuts. If your bank 'lost' people's money would you still bank with them? This is just stupidity people. Stop using them.
full member
Activity: 141
Merit: 116
...
I haven't used blockchain.info since they switched to their new format.  Do you know if they make the seed information available to you when you set up the wallet?
...

Ok so I played around a little bit more and I can say that not exactly when I set up but when the wallet
is already created and you're logged in there is  >settings>security>Wallet Recovery Phrase (where you can allegedly
back up the wallet) and you're asked to note down 12 words.
So I put down these words with an intention to recover the wallet in say Electrum but Electrum reported "Error Incorrect seed".

Any other ideas where I can try and seed these words to get access to private keys except New Blockchain Wallet which brings me back to square one.

For anyone willing to fiddle around there is the seed:

Code:
vehicle enrich lounge seven table erase govern crane shallow salmon weasel zoo

of New Blockchain Wallet I created and backed up in the quest of finding an access to private keys
but which I will not be using.

Have fun !

member
Activity: 72
Merit: 10
and once you upgrade a "legacy" Blockchain Wallet to the new Walllet YOU CAN NOT USE IT to legacy login, and there is no way back.
God damn i hate the new wallet...
sr. member
Activity: 416
Merit: 250
Have a mining rig
that sounds bad trough, i don't use blockchain now anymore because of that i cannot access my money without my private key because now new blockchain is bad its most like coinbase who controlling your bitcoins.
newbie
Activity: 4
Merit: 0
ONCE YOU CREATE A New Blockchain Wallet YOU CAN NOT USE IT to legacy login.

BEcarefull.



And yes You cannot get your private key.
legendary
Activity: 3472
Merit: 4801
I believe that blockchain.info has switched to a BIP0032 hierarchical deterministic (HD) wallet format.

Therefore, it should be possible to generate the entire set of all addresses (and their associated private keys) if you have the correct seed information.

I haven't used blockchain.info since they switched to their new format.  Do you know if they make the seed information available to you when you set up the wallet?

For more information about BIP0032:

http://blog.richardkiss.com/?p=313
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki


full member
Activity: 141
Merit: 116
I will have access to the private keys (connecting using legacy login) ?
I'm not sure as I created fresh New Blockchain Wallet because I didn't want to take chances connecting via  my legacy login.
As I said and I can confirm all features of legacy login still work as long as you use legacy login but I heard they going to phase it out.

staff
Activity: 3500
Merit: 6152
I never connected into their new wallet but If I do , I will have access to the private keys (connecting using legacy login) ?
As far as I know they keep adding features and I'm pretty sure they will do something about this otherwise the "Be your own Bank" slogan will be crap.
Btw , this belong to Service Discussion section.
full member
Activity: 141
Merit: 116
EDIT: Update. There is a method to get hold of private keys.


Firstly I'm not sure if this is the right place to post it. If not, mods feel free to move it where it belongs.

TLDR;

Unless anyone can prove how dumb a blockhead I'm in that I can not find out how to export private keys from The New Blockchain Wallet I would like to warn the community  about impossibility accessing private keys created by The New Blockchain Wallet.

Long version

I've been using Blockchain Wallet every one and then since February 2013.
It's not my wallet of preference but sometimes in the event of circumstances it turned out to be handy. It's got quite
broad functionality: two factor authentication, importing private keys, signing a message to name just a few but
above all direct access to all private keys inside your wallet. So far so good.

Now sometime ago I noticed there was "Legacy Login" and "Login To The New Blockchain Wallet"



So I still could login to my old (legacy wallet) and it worked just as before but I was a bit curious about
The New Blockchain Wallet so I created fresh one.
I played around for a while getting accustom to the new design of UI and I could NOT find a way to get to my private keys.
Well that didn't bode well for controlling funds that could possibly ended up on one of my newly created addresses.
Despite of as lazy as I might've been I decided to contact support about the issue. There is an answer I got:

Quote
Thanks for trying out our new web wallet and for your feedback!

You can view your xPubs under Settings > Addresses > Show XPub. You can view the private keys for your imported addresses under Settings > Addresses > Manage Addresses for Imported Addresses > More Options > Private Key.

If you have any other issues, please don't hesitate to contact our support team https://support.blockchain.com they are happy to help!

Thanks,

Jamie
Blockchain Quality Assurance Lead

Wow !  I can view the private keys for my imported addresses. Well for me that's obvious because otherwise I wouldn't be able to import
them in the first place but that's not what I was looking for. I wanted to find access to the private keys for the addresses that were created by
the wallet itself.
I contacted them two more times trying as hard and eloquently as I could about the predicament and receiving the exact same answer
each time. At that stage I gave up. I mean I wasn't locked out of any coins or tokens so no harm for me but anyone who is familiar with
bitcoin/crypto world should realize how dire consequences this feature or, to put it more precisely, the lack of it can have.


Jump to: