Topic: Trying to recover bitcoin from a legacy address given out by a trezor circa 2017 (Read 402 times)

Trezor is open source right? So if someone wanted to they could inspect the source code to figure out under what conditions a legacy account will become "greyed out". then we could know what was really going on. Should be a very simple matter.

Fairly sure that the wallet.trezor.io system didn't store "state"... and it certainly doesn't now. So, as soon as you unplug the device, everything is "forgotten". When you reconnect and unlock the device, then it does the account discovery again.


I've certainly never seen it show both "default" and "passphrased" accounts in the UI at the same time... and I've had my Trezor since 2016. But yes... it's possible that this behaviour changed at some point between then and now.

Could this be a case of a passphrased account? OP's sister added the passphrased account to their Trezor software (perhaps without even realizing they had used a passphrase), and then every time from then on they attached their Trezor (without the passphrase) the account in question was still displayed but inaccessible. Difficult to test given we don't know what version of software they were using.

No... I mean I haven't seen any cases of someone who had a "greyed out" legacy account that they were unable to send funds from, that disappeared after they updated their firmware and/or reset their device etc.

You are correct that Trezor doesn't "show" the list of Legacy accounts by default... but it shows the "Legacy Account" menu item and if you expand the menu item, it does show any existing "Legacy Accounts" with balance and transaction history. You don't have to explicitly go searching for them.


Unfortunately, what we're left with is that we're essentially "guessing" based on a 2nd hand description of something that happened 3-4 years ago.

That's easy to test: enter the address into Blockchair.com's search field. It will tell you on which chain(s) it has funds.

Are you certain that you've sent Bitcoin (BTC) to your sister and not Bitcoin Cash (BCH)?
Because in 2017, BCH's address is the same as Bitcoin's legacy address; thinking you/she might have remembered it incorrectly and it's Bitcoin Cash all along.

you haven't come across anyone that said they couldn't see their legacy wallet? i think it have to do with segwit and trezor dont like to showing legacy it preferred to using segwit.

You and me both...


I'm still confused as to how the address and/or balance would show up in the Trezor wallet (greyed out or otherwise) without being able to be to used and/or recreated when the wallet is restored.

Trezor, both the web version and the newer Trezor Suite, does NOT allow you to import addresses or private keys etc. You cannot create a wallet without the device. The web version would essentially recreate the wallet every time you started it up and unlocked your device.

It's certainly not something I've seen while using a Trezor... and I don't recall any similar cases either.

OP, have you perhaps overlooked this suggestion?
I also think that this could help you, but to better understand what happened to your transaction. It's official Trezor app https://suite.trezor.io/

He knows the bitcoin address lol. i the question is, did his sister or whoever she was how did she get that address into her trezor?? i doubt she would know how to create a watch only wallet and even if she did know how, why would she do that and where would she get the particular bitcoin address from to do that? the mystery deepens...

Wait a minute. You said that the coins were visible in an address when you imported it into a watch-only Electrum wallet. So why don't you try playing around with the derivation path on both seeds to change it to ones that could be probable Trezor paths? It's basically the first 3 numbers you need to manipulate. It goes down to the second and third numbers if you know the address prefix which you seem to know: Paths start with 44, 49 and 84 (I believe they are all hardened) for 1, 3 and bc1 addresses respectively.

i'm not sure I agree with our logic there but I get the general gist of it.

the main question that comes to my mind is before the firmware reset why was the thing "greyed out" and unable to be used?? that doesn't make any sense. maybe trezor would know since they are the ones that designed it. if i was the OP I would have contacted them right there and then and demanded to know why before doing anything else. but unfortunately they reset the firmware and when they did that it really messed things up. probably forever.

another mistake they made is losing their PIN and thus causing them to feel the need to reset the device. that was a big mistake.

Because the issue here is likely user error.

There are millions of users of Trezor devices, and issues such as this one are very rare. This is not the same as blockchain.com wallets, where issues are incredibly frequent and are far more likely due to bug or flaws in the code.

Using the wrong Trezor device. Using a different seed phrase. Using a passphrase. Using a different derivation path. There are multiple possibilities, and it sounds like OP's sister doesn't know what she did or how she did it, so user error is the most likely issue here.

If you base your decision on the experience of one user with a problem (who doesn't even share the story first-hand) instead of the millions of users who don't have problems, then indeed you shouldn't buy a Trezor.
By the same logic you should probably not use Windows. Or any software for that matter, because there's always someone who's had a problem with it somewhere.

I prefer this approach: before funding a wallet, I use iancoleman.io on an offline system running from memory to verify the addresses created by the hardware wallet can be recreated from the same seed without the device.
So far, I've never encountered any inconsistencies.

No it's not a dumb conclusion at all. Why would I want to use something that makes someone's bitcoin disappear??
From what the user said so far, it doesn't sound like they did ANYTHING wrong. If the money showed up in their trezor but then it disappeared how do you explain that?

You initially said the 24 word seed phrase did not recover anything:

But now you are saying the 24 word seed phrase does recover their accounts:

Is this the same 24 word seed phrase? Have you use any additional passphrases? Did you recover it differently on both these occasions?

It won't. Private keys are not transferable between addresses like that.

Have you had a chance to put this seed phrase in to Ian Coleman and cycle through multiple derivation paths?

Good luck with that

That's a dumb conclusion, it's much more likely the user did something wrong.

that's probably not going to work. how exactly would you go about picking this particular private key? interesting situation but remind me to never use a trezor.

I appreciate all the feedback.

I have entered the 24 word seed into a Trezor One I had on hand.  It does recover the account showing all their tx history including where they sent the 3 Bitcoin out on December 19, 2017.  But it does not show 3 bitcoin being received.  I also had it display the "Legacy" accounts over on the left of the screen as HCP was showing.  They are all empty. 

I am beginning to think that they acquired the address from some other source and not their Trezor One.  They are quite certain this is not the case.  They assure me they had no other wallets or accounts other then Coinbase and they are not there.

So I am left scratching my head.  The 3 bitcoin are in the address they sent me in their email back in 2017. They say it came from the Trezor One.  They say they saw the 3 bitcoin I sent back to them show up in the "Legacy Account" on the Trezor One but that they were greyed out.  They were unable to send them any where.  Then after they updated the firmware they claim the bitcoins quit showing up in the legacy account even as greyed out ones.  It is not clear to me whether the actual firmware update caused them to disappear or whether the cookies on their computer that had knowledge of the bitcoin expired.  But if the Ledger software was showing the coins as greyed out coins in a legacy account then surely the address came from the ledger?  I have both seed phrases they claimed to have used with the Trezor One.  They are adamant that there were no other seed phrases ever used.  The 12 word phrase first then later they re-set the trezor and used the 24 word phrase it gave them.  For what it's worth the 24 word seed phrase shows the history of them sending me the 3 Bitcoin.  So I feel when I returned it to them a few weeks later they would have given me an address out of the trezor using the 24 word seed.  But even if the address came from the 12 seed phrase it should show up when I recover it.  And the 3 bitcoins do not show up on the Trezor One in any of the accounts including the legacy account for either seed phrase.

So I am stumped.

At this point I am simply going to try crafting a manual bitcoin transaction using a private key derived from the 24-word seed phrase and see if when submitted the bitcoin network will move the coins for me.

I'll keep you posted as to any outcomes I achieve.

Thank you for taking the time to help out.

Yes. It should be as simple as hooking up the correct Trezor device which recovered the segwit wallet, and using either the Trezor software to re-add the legacy account or using Electrum to open a new wallet using P2PKH at m/44'/0'/0'.

It sounds like OP is trying to restore from a seed phrase which is the wrong seed phrase for the Trezor in question.

By "Legacy Account" they're probably referring to this:



The Trezor Suite has a similar section:



Have you been using the Trezor Suite or the wallet.trezor.io website to connect up the Trezor and investigate the available accounts?

If the Trezor is recovering a wallet with transaction history, but the 24 word seed phrase is recovering a different wallet with no transaction history, then you are either recovering at different derivation paths or the 24 word seed phrase is incorrect.

Given that you used the Trezor attached to Electrum to successfully recover their base wallet with a transaction history, I would again attach the same Trezor to Electrum but try cycling through the various derivation paths as I suggested above.

I'm thinking it might not hurt to reach out to Tresor support as well since my sister is telling me that after the firmware update the coins quit showing up...?  I'll let you know what they say if and when I get a reply from them.

Thanks for the heads up.  I won't bother with the experiment then.

I DID find the "Detect Existing Accounts" button mentioned by Neurotic Fish.  So I went back and entered the 12 word seed and clicked on that button.  It found the "account 0" and of course when I loaded the wallet it had my sisters history of her tx's in it and a zero balance.  So then I entered the 24 word seed and clicked on that button.  It found nothing!  No accounts detected.  And when I loaded the wallet there was absolutely NO TX HISTORY and the wallet was empty. So that left me scratching my head because I thought we had seen the tx history in electrum with their 24 word seed.  I went back through the restored electrum wallets I had open and the one that has the history in it for the 24 word seed is the one that I restored as a HARDWARE WALLET using the trezor attached to Electrum.  The trezor of course having been restored with the SAME 24 word seed.  This is a little baffling to me because I clearly remember when I had suggested to my sister that she restore her seed using the Electrum wallet.  Her and her husband did that and I remember them exclaiming that it had all their tx history in it.

Anyway, the Detect Existing Accounts did not detect anything that I haven't already restored.  I'm still not clear on why the trezor has their account tx history and my restoration of the same seed phrase in Electrum does not???  I did choose BIP39 for the seed type.

You can save yourself the time: you can only send Bitcoin when the private key corresponds to the address, not by adding any other private key to the same watch-only wallet. Bitcoin would be worthless if that would be possible.

First of all thank you so much for taking your time to read and respond.  I was out with the family all day Saturday... my apologies for not getting back sooner.

I agree that malware is most likely not involved.  I realize this is always an everpresent concern though...

Yes, the addresses all start with 1.  The address it was sent to starts with 1.  And all the addresses generated by the Electrum Wallet from the seed started with 1 as well.

I did try Derivation paths m/44'/0'/1', m/44'/0'/2', m/44'/0'/3'.  No luck.  All empty.

I'm planning to look at iancoleman.io's website but have not had the time yet.  I understand I would want to download it and use it offline.  No worries there.

I have been telling Electrum that it is a BIP39 seed.  I also connected the trezor to electrum and let it create a hardware wallet with the connected trezor.  I get the same result.  Empty wallet but full of all the previous tx's that it showed in the restored wallet with the trezor's bip39 seed imported.

I could not figure out how to have Electrum "detect existing accounts"?  I am using version 4.1.5.  I googled and read the wallet documentation.  I could not find anything along that line.  If you have any more information on this I would be interested.

So I did text my sister regarding the statement she made about them "seeing" the coins at first on the trezor before they disappeared completely.  This was her response...

When you sent it, we could see the 3 coins in a legacy wallet that was greyed out. We couldn't open it. Recently, when we were collectively trying to get into the trezor without our pin, we reset the firmware. We finally found the pin, but by then the firmware had already been reset. Since then, we have never been able to see it on the trezor. But before we reset the firmware, we could see the coins on the trezor.

This is very interesting to me and gives me hope that the address really does belong to their seed phrase.  They are very certain they acquired the address they sent me FROM the Trezor... They just can't remember if it was before or after they changed their seed phrase.  I do have both seeds from them.  Perhaps I should try all the things I just tried above with the first seed phrase?

I also created a "Watching only wallet" in electrum and put the address in it.  Of course Electrum shows the bitcoin on the address.  I realize this is nothing earth shaking.  But wondered if I did derive the private key from the seed if I could "add" that to the watching only wallet to enable me to send the bitcoin out of it?  I might experiment with a small amount of bitcoin of my own.  Create a wallet.  Move a small amount of bitcoin to it.  Then open a watching only wallet.  Create a private key from the mnemonic that I got from the first wallet and see if I could send coin out of my watching only wallet with that key?  I'll let you know how the experiment goes.

Again thank you so much!  If anyone has any other ideas, I am all ears.  We are talking a significant amount although I suppose that is subjective    But more then the amount I personally am more vested in understanding what/how it happened and how to retrieve it.  I may only check this once a day but don't take that as me not being interested.  I just have a lot going on in my life as I am sure most of you can relate to.

Cheers.

Kresp

This is my first thought as well. Assuming the address showed up in a separate "legacy wallet" on the Trezor interface as your sister states, then I think the most likely event here is that she has created an additional account at the next derivation path and sent the coins there.

Either try the "Detect Existing Accounts" button, or choose the "legacy (p2pkh)" option but change the derivation path from m/44'/0'/0' to m/44'/0'/1'. Don't include the trailing zero as NeuroticFish has, as this is unnecessary in Electrum.

As a first step, I would make sure that Electrum has generated addresses with the same starting character (1,3,bc1) as the address that has received those funds.

As another attempt, I would try to play with an offline copy of https://iancoleman.io/bip39/ (actually https://github.com/iancoleman/bip39/releases/tag/0.5.3 ) and try to play with changing the accout number in the derivation path (and see if you find that address).


With some luck maybe the coins are at m/44'/0'/1'/0.

Also keep in mind that in Electrum you probably need to set in options that it's BIP 39 seed.
Also you can try your luck with Electrum's "detect existing accounts".

Good luck!

I don't own a Trezor so I can't verify this, but can you check: Does the address she sent you start with a "1"? And do the other addresses that were used on the Trezor start with something else?

It could be as dumb as copy paste malware that could have changed the address when creating the email. But given that the funds haven't moved all those years, I don't think that's a likely cause.

If the private key is correct, you can sign the transaction and broadcast it. You can't "negotiate" with "the blockchain" to send your coins in any other way.
You could play around with Ian Coleman's Mnemonic Converter (do this offline, airgapped on a Live Linux boot running from RAM), play around with the derivation path, and see if the addresses it spits out match the original. But even though I don't have a Trezor, I don't think it's very likely to spit out addresses that can't be restored. In fact, that should never happen as long as the address was verified on the device's screen.

Well, she shouldn't: as long as your payment arrived on the address she provided, you did your part.

I'd start the interrogation with this:

---

---

Don't forget to check if there are any Forkcoins left on the addresses.

My sister has come to me with a bizarre story.

1. She tells me the bitcoin I owed her and sent to her in December of 2017 is somehow unaccessible to them.  She's not asking me to replace it but was hoping I could help her recover it.
2. At the time they generated an address out of their trezor and emailed it to me.
3. I sent them the bitcoin.
4. I guess they confirmed receipt by checking the address on chain rather then going back to the safety deposit box for their trezor???  I can try and get more details from her regarding this but that is my understanding at the moment.
5. In January 2020 they moved all their bitcoin off the trezor onto Coinbase (temporarily until they could get another custody solution set up, which they have now done and the coin is back in their possession). It was during this move to Coinbase that they noticed the coin I sent to them in December of 2017 was NOT in their trezor balance.  My sister claims they could see it in some separate "legacy wallet" showing up on the trezor interface???  It is not clear to me exactly what she is talking about and I don't think they have any screen shots.  But I can interrogate her further on this if necessary.
6. She reached out to me for help and I suggested they put their seed phrase into an electrum wallet and the coin should show up.
7. She tells me they did this and while it shows all their tx history of their coin... it does not show the missing coin.
8. She and her husband have finally thrown in the towel and have given up.  They have offered me a small monetary reward if I can recover the coin for them.
9. They have given me their old trezor, which I told them wasn't necessary but they gave it to me anyway, along with both sets of seed phrases that they have ever used with it and their pin numbers (Something I also told them was unneccessary but they gave them to me anyway)
10. I took one of my own trezors and factory reset it.  Entered both sets of seed phrases (one at a time of course).  Both sets of seed phrases show ZERO coin in the trezor.
11. I tried going into the "secret wallet" on the trezor by using their pin numbers as a password, thinking maybe they accidentally entered the pin in the password field and created a secret wallet when they sent me the bitcoin address.  But none of the pin numbers used as a password for the secret wallet produce a wallet with anything in it.  I can ask them if they ever used a password with their trezor...
12. They also gave me a copy of the email with the bitcoin address in it. I could post it but don't see any point in doing so at this time.  I mention it only to say I did check the block explorer and the address does indeed contain the coin I sent them in December of 2017.  So it DOES exist and is sitting out there on the blockchain.
13. When questioned where they acquired the address from that they sent me... they are both very certain that they got it from their trezor.  If that is true I would think the coin should show up in the trezor account when restored?

So I am trying to decide what I need to do next?  I wondered if I could build and submit a tx to the blockchain requesting the transfer of the coin from that address to one of my addresses and somehow provide the private key (The mnemonic seed phrase they gave me) as my credentials for having the authority to spend the coin and would the blockchain move the coin if indeed the private key was correct?

But if the private key is correct the coin should show up in the trezor?  So before I spend a lot of time trying that I am open to any other ideas I should try?  Any other questions I should grill my sister on?  I did put the 2nd seed phrase into an electrum wallet of my own and it does indeed show all their tx history and does cover the time frame in which I did send them the coin.  So I believe the 2nd seed is the correct one.  But the electrum wallet is indeed empty.  So I am baffled as to what they might have done?  As in where they got the address from?

Thank you so much for taking the time to read.  I'm open to ideas...