Topic: Twitter dude lost access to his bitcoin using his weird(?) setup (Read 438 times)

Spaces can cause issues, I checked that with https://iancoleman.io/bip39/ script. Leading or trailing spaces or multiple consecutive spaces in optional additional mnemonic passphrase all yield distinct wallets and keys.

Electrum behaves the same with BIP39 mnemonic seed words and with "dangerous" spaces spits out a warning:
It must display an error message because the hardware wallet device can't properly provide the correct secret to unencrypt the wallet. Being quiet and opening the wrong wallet would clearly be the wrong action in such a setup.

---

And better not store it together with the mnemonic seed words as then the optional mnemonic passphrase makes not much sense (to me), you gain no additional security for your wallet if stored together.

Even using a space could create problems.
He is saying that coins are still there and nothing moved, so he is obviously making some mistake with passphrase.
I didn't know that Electrum wallet is displaying error message like that, but this could be better than opening wallet with zero balance  
His mistake was that he didn't wrote and made backup for passphrase he used, and he is trusting in worst possible storage device - his brain and memory.
Brain could be one of the most private secure place to store some information, but it is most unreliable at the same time, just ask Alzheimer's patients and older people.

6. Write down and backup your passphrase, not just your seed words.

The issue this lad is having is all the proof we need that much more attention are needed for proper seed/passphrase testing and backup. When people get a hardware wallet, they might start relaxing and being overconfident that nothing could possibly go wrong. But you should never be in a hurry to fund an address before you are 100% sure of its recovery.

1. Check, double check, and triple check the seed.
2. Do the same with the passphrase.
3. Recover your wallet from seed and enter your passphrase to see if it recovers a wallet with the same addresses.
4. Deposit a few satoshis to your wallet and try spending them before moving the rest of your portfolio to the wallet.
5. Don't try to reinvent the wheel and use tested and recommended methods of generating and storing your private information. 

While my gut feelings also tell me that he might have simply forgotten his passphrase or have never actually known it (because of lack of proper backup testing), we still cannot afford to rule out the possibility that there may have been an issue with the software itself. He used the same software (Electrum wallet) both to decrypt an old wallet and create a new one, and in both cases, he achieved nothing. If he had tried some other wallet, we would have had more information, particularly whether or not he experiences the same error when using wallets from other software providers.

I found an old thread where one of the users successfully replicated an error message by connecting a knowingly working and updated to the latest firmware hardware device to Electrum wallet, which turned out to be using an outdated version of the hardware wallet's plugin. Having had updated the plugin to the latest version, he managed to get everything working.

Maybe this situation is similar and something like...


...will do the trick.

Looks like he already tried this, unlocking the hardware wallet with the "correct" passphrase and using that to create a brand new Electrum wallet: https://nitter.it/TheVladCostea/status/1553245488748630016#m. As expected, it showed zero balance.

Again, this is all in keeping with him using the wrong BIP39 passphrase. Unlocking the wallet with what he thinks is the right passphrase but isn't will result in an error trying to decrypt the existing Electrum wallet file (which he experienced from his first post), and will result in any new Electrum wallet file generating different addresses with zero balance (which is what he has done here).

He has simply forgotten his passphrase or is is making a mistake when entering it (wrong case, forgetting a symbol, something like that). He probably needs to look in to brute forcing it with btcrecover.

Or it could be that some of the wallet files related on his computer somehow got corrupted and that is why it is showing this error.
It could happen when doing transfers to USB drives and vice versa, and maybe he used multiple wallet files and mixed them up.
We can't know what really happens until Vlad explain himself what happened, but he did not mention anything about this issue in last few days  judging by his twitter account.
Simple solution would be to try using hardware wallet with same passphrase in native, for Trezor that would be Trezor Suite, there wont' be any error if different passphrase was used.

Exactly, this. The Mnemonic Words are not what is there in the beginning. OK, what I call "Seed" is the random entropy that comes in first place. See also following flow chart...

In fact it is a slightly different.
First at all, you have entropy, which could be 128... 256 bits.
Entropy could be converted into mnemonic phrase, taking into account that it requires a one extra step - calculation of checksum, which part is appended into bits from entropy. Checksum is needed to "discover" the last word, as each word from dictionary requires 11 bits known. That way for example 128 bits of entropy gives 11 words * 11 bits = 121bits, + 12th word is composed from 7 bits from entropy + 4 bits from checksum build from 128 known bits. 256 bits gives: 23 * 11 = 253 bits, so we have 23 "hard" words + 24th word created from 3 entropy bits + 8 checksum bits.
Then, mnemonic phrase "word1 word2 ... word12" is converted into seed using PBKDF2 (sha512) etc. At this moment extra words are used. Then seed is converted into master priv key, which is used to obtain child keys. That's why having master priv key, you cannot find mnemonic phrase!

You are confusing seed with something else called "a private key", which is an 256 (not  2²⁵⁶) bits long integer used to calculate a corresponding public key (point on an elliptic curve) by multiplying the generator point (G) private key times.  2²⁵⁶ or 1.15*10⁷⁷ is the number of possible (valid) private keys (integers).


If by seed you mean entropy+checksum then yes, mnemonic words represent this number and make it more human-friendly. But usually, the seed is produced from mnemonic words (not the other way around) by means of a key stretching function called PBKDF2. This function produces a 512-bit number - the seed.

I try to be consistent and accurate as follows:
Seed = huge integer, usually 2²⁵⁶ bits, upto ~1.15*10⁷⁷ as decimal, 32 hexadecimal digits
Mnemonic (Seed) Words = BIP39 representation of Seed for better documentation by humans
Mnemonic (Seed) Passphrase = optional passphrase as defined by BIP32

I concur to better not say passphrase in the context of the unlocking secret for a hardware wallet device. Unlocking secrets can be changed without affecting the HD wallet.

I don't like very much to speculate, especially when the affected user is not participating in this thread here but maybe this is what this Twitter "celeb" messes up, the distinction between wallet file encryption password, hardware wallet device PIN/password and Mnemonic Seed Passphrase. The first two don't affect the HD wallet, the latter does!

Slight pet peeve, but I think it's better not to use the word passphrase when discussing the hardware wallet's local unlock mechanism, and keep the word passphrase for reference to the seed phrase extension. Some of the issues that newbies have similar to this one is because they don't understand what a seed phrase passphrase is or does and confuse it with a PIN/password for unlocking their device.

It isn't a recipe for destruction at all. As you point out, the Electrum wallet is simply a watch only wallet. It is encrypted with the hardware wallet only for privacy reasons and to stop other people viewing your addresses, not for any security purposes and not because it contains any critical information. Even if you completely lose the Electrum wallet file, then you can just create a new one with the same addresses by using the same hardware wallet with the same passphrase enabled.

When he creates an Electrum wallet based on a hardware device like Trezor or Bitbox02, then the Electrum wallet is something like a watch-only wallet, except that it allows to sign and transfer funds with the hardware wallet device acting as signing device.

The Electrum wallet stores the Extended Public Key to derive addresses according to the derivation path in use. It should conform to BIP39 and as far as my experience goes, the hardware device communicates relevant details to Electrum. There's not much to tweak here, when you setup such a wallet.

A user needs to understand some basic HD wallet and hardware wallet device details. The hardware wallet device can be unlocked by a PIN or Password/Passphrase. For convenience and ease of entry usually a PIN is used. You're usually allowed to enter only a few tries for PIN entry before the device resets itself. I consider this safe enough as long as you use no stupid PIN (I'd recommend at least 6 digits and no trivial numbers like 123456 or similar brain-dead combos).

The HD wallet is determined by its Seed, represented in safely human readable form as Mnemonic Words, maybe an optional Mnemonic Passphrase (any unique Mnemonic Passphrase derives an unique HD wallet) and Derivation Path. With these details you can usually recover the HD wallet and every user should safely check if this works. This isn't very easy if you care about proper safety but it's no rocket science either.

You can choose to have the Electrum wallet be encrypted by the hardware wallet device. I don't see how this is a recipe for coin destruction unless a user fails to safely and redundantly store the basic HD wallet details needed for proper recovery of the HD wallet, in particular the Mnemonic Words, an optional Mnemonic Passphrase and conveniently the Derivation Path.
This is basic HD wallet 101 or should be...

It's not the hardware wallet device that shows the error this Twitter dude sees, it's Electrum. I have no idea what you mean by "not a standard BIP39 passphrase". How exactly Electrum derives the wallet file encryption key from the hardware wallet device is something which might need to be checked with Electrum devs or by simply inspecting the Electrum wallet code for those capable of reading and understanding the code.

I have such a Testnet Electrum wallet encrypted by my PiTrezor. The Electrum wallet file looks like any fully encrypted Electrum wallet file. The Electrum wallet encryption key was never shown or exposed to me. The PiTrezor "wallet" is BIP39 of course by default and I use a Mnemonic Passphrase for safety reasons as the PiTrezor can't protect secret wallet data due to its data storage concept on unencrypted microSD card.
When I want to open the Electrum wallet, I have to connect the PiTrezor, unlock it with the PIN and then I'm asked to enter the Mnemonic Passphrase and confirm it on the PiTrezor. Provided no input errors have been made which I could've spotted at the confirmation step the Electrum wallet gets unlocked and opened. I'd assume it's the same with a Bitbox02.

As far as I remember, I tested that I can reset the PiTrezor, recover the HD wallet with saved Mnemonic Words and Mnemonic Passphrase and the PiTrezor still be able to unlock my PiTrezor encrypted Electrum wallet. But even if that wouldn't work because some specific serial no. of the particular hardware wallet device is mangled into the Electrum wallet encryption key (which is never exposed to the user in such a setup): no problem, no coins lost as you can create a new Electrum wallet file based on your hardware wallet device and the saved HD wallet details in it. (You might loose transaction comments/labels and active LN channels are an issue, so you may loose some Sats due to LN channel recovery/closing).

Which doesn't really make sense. Something doesn't need to be complex in order to forget it. Simply saying "I've forgotten my PIN and have no seed phrase" is probably more believable than "I've created a needlessly complex system I don't really understand and now can't figure it out".

I think it is still a BIP39 passphrase. If you have already created an Electrum wallet paired to a hardware wallet which has a BIP39 passphrase, and then try to open that Electrum wallet file with the hardware wallet attached but with a different passphrase enabled, then you get this error. You can reproduce this on Ledger and Trezor devices too. It's just Electrum's error message of saying whatever wallet is open on the hardware wallet does not match the Electrum wallet file, and therefore it cannot be decrypted. This would also fit with the fact that he said he tried a different passphrase or no passphrase at all and received the same error when trying to open the existing Electrum wallet file, and also that he could create a new Electrum wallet file paired with his hardware wallet but it was showing a bunch of empty unused addresses.

Thanks for the clarification. He may have created a watch-only wallet (I mean the wallet that doesn't store any private keys) using passphrase X, generated and funded several addresses (he claims he can see balances using a block explorer), and never tried to spend from those addresses. Now he is trying to recover his encrypted Electrum wallet using something different (passphrase Y), and that is why he is seeing an error message in the old wallet and empty addresses in the newly created one. The fact that the hardware wallet shows him there might be something wrong with the passphrase makes me think that it is not a standard BIP39 passphrase (which cannot be "wrong") but some encryption key that scrambles the metadata inside a wallet file. If he is trying to recover a wallet in an incorrect way using this encryption key as a BIP39 passphrase, it is no wonder that he gets a completely different set of keys and addresses.

What is the benefit to such a complex set up anyway? Maybe to tell the Feds: "Sorry, I cannot access these bitcoins" or to confound them during the recovery process?

It certainly looks like a setup optimized for loss-destruction (if you lose any of the pieces of info, access is lost and your wallet is effectively destroyed).

Bad passphrase as not 100% identical passphrase like the one set at the creation of the original wallet.
Better?

Something that has just occurred to me is that electrum may trim non-printable characters (was the original wallet created with electrum?)

I think this twitter dude and youtuber Vlad (from Romania) recently registered account to bitcointalk forum, so you can ask him yourself if you want  what happened
Vlad BTCTKVR: https://bitcointalksearch.org/user/vlad-btctkvr-3493228

Maybe there is some issue with his hardware wallet, but he should have backup of seed words and passphrase offline, so I don't understand why he is in panic mode about this.
I would try using native application in his place, double check everything and try using different hardware wallet with his words/passphrase.

There is no such thing as a bad passphrase.
it would just create new empty unused wallet with that soil.
PIN or password is a different story.

Electrum doesn't ask for you to confirm your wallet when you try to access it so this seems plausible - I don't make new hardware wallets in electrum for this reason, I access them from it but don't do the original making there because of the chance of making a mistake (trezor gets you to confirm the passphrase on the device now, I'm not sure if other hardware wallets do yet).


This is another good competitor for what they've done - "changed" the password and assumed it "worked"/that was all that was needed.

So the guy has made a nice business. Very smart of him.
Unfortunately, as seen even on this very forum, even high ranked people may have no idea about certain basic topics or may be completely wrong. That's why the first thing people have to learn is to cross-check every "information" they get. (Since I have kids I got to the point I need to do this even with medics!).


We know this. And I thought it's already clear that this guy has no idea


Many think that passphrase is an encryption password for the seed. It's a bit confusing, since the word passphrase is also user for multi-word passwords.
And since it's clear that this guy took "shortcuts" instead of reading and understanding what he's doing, ... I'm not that much surprised by the confusion (!).


Yep, I've read about that somewhere. But I find it more a confusing feature than a helpful one.
As must as we hate Ledger for their mistakes, at least they've kept the things simple so the average Joe cannot make mistakes too easy.

Yeah; BitBox does offer an 'easy' backup through an encrypted file on a microSD card, but you absolutely should also do a regular seed word backup.
It does support it and you can even print the seed offline from that microSD card e.g. if you have a printer that is not internet-connected and which has a USB media-in port.

Laminate that paper and you're golden.

That's kind of sad.. Bitcoin Twitter 'celebrity' (?) but no idea about passphrases.. *sigh*

True, but the guy in question here runs a bitcoin podcast and has 11k Twitter followers. He has recently interviewed people like Peter Todd and Pavol Rusnak (co-founder of Trezor). And yet still he seems to have failed in basic bitcoin 101 of making and checking a back up, and has potentially lost his coins. How can we expect newbies to do any better when crypto "influencers" (God I hate that word) who have spent thousands of hours immersed in all things cryptocurrency don't understand the basics and are teaching bad practices. He does seem to be sponsored by a custodial wallet/centralized exchange and an anti-privacy wallet though, so make of that what you will.

He is also making questionable statements like this one:
Your hardware device doesn't encrypt your wallet - it is the wallet. All Electrum is doing is interacting with the keys on the hardware device. The Electrum file only contains addresses, labels, and so on. He doesn't seem to understand this. Also, your hardware wallet is only the single point of failure if you fail to make a basic back up, like every hardware wallet tells you to do before you use it.

And this one:
It sounds like he doesn't understand what a passphrase is or does. You can't just change it or remove it and expect to still access the same wallet.

I guess that we will have to insist more and more in telling people to verify the backups / restore options for their hardware wallets. People don't understand what they're doing and make mistakes. I expect to see problems more often, since most people just start using hardware wallets.

---

My vote goes for bad passphrase. Maybe an enter or space at the end; maybe upper case problem? I hope he can recover his funds.

The wallet he is talking about is a BitBox2.

He also says he can unlock the hardware wallet, but cannot decrypt the Electrum file. When he unlocks the hardware wallet and generates a new Electrum wallet file, he is shown zero balance.

This means he either has the wrong passphrase or the wrong derivation path. And yes, he has failed at the most basic task of ensuring he has a working back up.

I might have exactly the same setup as the Twitter dude. My hardware wallet is a PiTrezor and for safety reasons using a mnemonic seed passphrase is recommended, because all wallet data and secrets are stored on the microSD card of the Raspi Zero.

I'm still evaluating the PiTrezor, therefore I used it only with Testnet Bitcoin wallets so far and I try to replicate a lot of test scenarios. The Electrum Testnet wallet I setup with my PiTrezor is locked by the PiTrezor, so a potential thief should not have access to the funds without the mnemonic seed passphrase and can't open the Electrum wallet either. He wouldn't be able to see my transaction history nor any other details of my wallet.

The error message indicates that the mnemonic seed passphrase has been entered wrongly. As every character counts, even trailing spaces, and UTF-8 is internally used the user needs to be careful.

I'm not going to look into the Twitter thread if and what exactly is screwed up. All I can say is if you use it properly it works as it should.

What I totally don't understand is: doesn't this Twitter dude have the mnemonic seed words and mnemonic seed passphrase as backup. That is all he needs to restore his wallet.

In a safe offline environment (e.g. boot TAILS in offline mode) he could recover his wallet with the mnemonic seed words and mnemonic passphrase and check if his public addresses are correct and the wallet recovery worked properly. Then he knows that his mnemonic data is properly documented and a wallet recovery is no issue.

I have no idea why this Twitter dude writes that there's no "seed phrase". It could be semantics, whatever he means by "seed phrase". I call the seed words as mnemonic seed words to avoid ambiguity. The optional seed passphrase I call mnemonic seed passphrase, not e.g. 25th word or so as it's not necessarily a single word.

This! In the onboarding process when you create a new wallet with your hardware device you usually get the very clear instructions to write down the mnemonic seed words. How and why do people mess this up? Usually you also need to confirm that you documented your mnemonic seed words properly.
OK, I'm no rookie with HD-wallets and I fairly know pretty well how they work and what is important. So I might lack the understanding why rookies screw things up.

It all sounds like his hardware wallet is used to unlock a normal electrum wallet, meaning that it somehow sends a password to Electrum and unlocks an encrypted file. A very bizarre setup, to put it mildly. Normally, a wallet file created by a hardware wallet won't contain any critical information - only metadata like xpub, addresses, transactions, labels, etc. No private keys or seed phrases. All private keys are always held on a hardware device completely offline. So, unencrypting a wallet file with no private keys gives nothing - you still need a working hardware device to sign transactions. I think that the crux of the matter is that he made a rookie mistake, he should have written down his recovery phrase somewhere, but he obviously didn't do it. If he had his recovery words on hand, he could insert them directly into a new Electrum wallet and get access to his funds.

I've experienced something almost similar to Trezor. When connected to Electrum, it asks for a passphrase. But I have never received a notification like the one above. I tried to match the password between Trezor and Electrum, but the wallet is stuck and won't open.



If he's using Trezor, try connecting Trezor to the Trezor Suite.
In the settings, select the Device tab and disable Passphrase.



After that, close Trezor Suite and try to reconnect Trezor to Electrum.

It seems like he's using a hardware wallet, but his backup wasn't a 12-24 word recovery phrase, but an encrypted file? I don't get it. I need someone that has far more braincells than me to please explain this LOL.

Tweet link: https://twitter.com/TheVladCostea/status/1553218817572196356