Bitcoin Forum

I heard of an article about "hackers" trying to crack into a 70,000 BTC wallet, and was wondering if there's any tools out there on how to do it?
I already got a wallet that hasn't been used since 2017, and wanted to know if there are any good tutorials out there to successfully crack a wallet?
I do not know anything about the password of the wallet itself, and it is in the public domain (still has bitcoin on it), and I am aware that this isn't easy money, but it is worth a shot.
I decided to make a thread here because all the information that I've found is very vague on the subject.
If anyone has any suggestions or any help for me, go right ahead and reply to this thread, thanks.

The short version is:

1. extract "password hash" from wallet.dat using the "Bitcoin2John" script (refer here: https://github.com/openwall/john/blob/bleeding-jumbo/doc/README.bitcoin)
2. run some sort of bruteforce tool to generate passwords and test them against the extracted hash

Most common tools used for Step 2. are:
- Hashcat
- John The Ripper

There is also btcrecover, which will create an extract from the wallet.dat and test passwords against it: https://github.com/gurnec/btcrecover/blob/master/docs/Extract_Scripts.md#usage-for-bitcoin-unlimitedclassicxtcore

Anecdotally, the performance of hashcat seems to be the "best"...


This is going to be the largest obstacle... without any sort of knowledge of the number of characters or the types of characters used (lowercase? UPPPERCASE? numb3r5? symbo!s? whole words? etc) then trying to create rules sets to generate passwords to test could be quite difficult... and the possible keyspace is so large, that the whole process will likely be regarded as "impossible".


Not necessarily. While the addresses listed in the wallet might still have BTC assigned to them, it's quite possible the wallet was modified to insert those specific public keys to make it appear that the wallet contains a large amount of BTC, however the encrypted private keys in the wallet do not actually match these addresses. It's impossible to tell until the encryption key is known. :-\


Honestly, it really isn't... you likely have more chance of winning a lottery than cracking one of these "70,000 BTC" type wallets floating around on the internet :P

things you find on the internet telling you there is some money in it if you could do something (like finding a wallet file and being able to brute force it) are always fake and most of them contain malware to steal your coins instead.
if those wallet files contained any amount of bitcoin they would have never been published publicly!

The fact a wallet file was not used/sync-ed for a while it doesn't mean the meaningful private keys were not extracted and the funds spent.
Also there's a good chance the file was edited for misleading, especially to convince you pay for it. See @HCP post:

Suggestion? You should think about legality, ethics and/or morality concern of stealing someone's possession.

You're welcome to try cracking bitcoin wallet, but be careful when:
1. Downloading tools that can be used to crack bitcoin wallet, it's possible it contains malware/ransomware
2. Someone ask you money for wallet file that contains lots of bitcoin
3. Executing command/script that you don't fully understand (e.g. sudo rm -rf /)

Actually all tools which promise to crack private keys or "wallets" are malware.
And i am quite sure that a lot of people download these from those low quality youtube videos showing how to "crack wallets".




This.
It happens so often.

If you bought a wallet file, you got scammed. As easy as that.




Psssst... don't tell him the secret command to crack bitcoin wallets!!1!1!!one!1!eleven!

That's pretty hard to crack if it's not from you and the password is randomly generated.
Forget about craking the wallet if you are going to use an old PC(Which is very slow.).

But if you have a good GPU rig you might have a chance to crack the wallet.

Check this hashcat benchmark for GPUs just to get idea if what build that you can afford.
- https://github.com/siseci/hashcat-benchmark-comparison

high likely that he was deceived in buying a worthless wallet. scammers can "forge a wallet" and that means, if in case he will successfully crack the wallet, the wallet may turned out to be empty after all.

also, has the OP read this article or any related to this? at least give him idea that he may be falling to possible trap by trying to crack the wallet that he has. who knows, right? without any idea of the password itself, will be next to impossible to accomplish what he wants here.

https://news.crypterium.com/10-ways-to-hack-a-bitcoin-wallet-in-2020

How did you determine that? I propose that if you look at the numbers, you will find that it is not worth it.

I see you sound defeated just like other people that mentions this topic. Its actually is worth a shot, its all about strategy. Remember its based on numbers yes the numbers are big but you can make those numbers smaller.

The only chance would be to find a private key that had a very poor randomness when generated.

But it is so unlikely to find a wallet like that in an article publicly shared across the internet.. And even more unlikely to be cracked by someone who doesn't know the basics about that stuff.

There is no easy money in bitcoin. And sadly it is what attracts the most people to bitcoin,

Even if you could make the numbers a billion times smaller, they are still astronomically huge. One billionth of 2²⁵⁶ is 2²²⁶ -- still not worth it.

true but also in the context of "encrypted" wallets, the number can be a lot higher than 2²⁵⁶ and the algorithm is a lot slower than just finding a private key.
and in the context of a "random file found or bought from the internet" the chance is simply absolute zero. there is not even a small chance because nobody sells legitimate wallets online!

Can you please tell if you know - what is the bit security of the password from wallet.dat file? (i mean is it 160bit, 256bit, 512bit or more)

It depends on the chosen password.
To be more specific, it depends on the used charset and length of the password.

"abc" has a different security than "p4zzw0rd!".

I can almost assure you that you do not have said wallet.

As others have mentioned, you have been scammed if you bought this wallet file under the pretense that it contains private keys that can spend valuable coin.

You may have bought an old computer of hard drive from someone who did not realize their old wallet files are still accessible. If this is the case, cracking the wallet is unethical if not outright illegal. The above is also one reason why, since becoming interested in bitcoin, I have never recycled/traded in old phones as I got new/better ones.

Yes, it is clear for me. The same for bitcoin private key - you can use number "1" as the private key.
I mean the maximum bit length security (like for exact bitcoin private key it is 256bit, for final address 160bit only) - what is the maximum possible bit length for wallet.dat file encryption?

The simplest and most convenient program to remember a forgotten password is  BITCOIN PASSWORD RECOVERY
https://www.thegrideon.com/bitcoin-password-recovery.html

A beginner should definitely read this article:
   
There are 2^256 private keys out there: how big is that number?
https://bitcointalk.org/index.php?topic=5147514

OP, it is practically impossible to hack someone else's wallet by brute force if his password is not 123456789

With encryption it doesn't always depend on the length of the password. Most encryption algorithms use a key derivation protocol.
Therefore the max bit security is capped.

For AES with a key length of 256, it is 256 bit. For RSA with a key length of 2048 bit, it is 112 bits.

You wont be able to withdraw funds from such a wallet, its forged.

its a well known scam to generate an empty wallet, change one of the public addresses to an old dormant adress, and then sell it for a "cheap" price.

Ive personally opened two such wallets, and once you have the password, the bitcoin core software will crash as it will be not able to "decrypt" the private key.

If you still want to dig in, try hashcat.org or John The Ripper, you will most probably just waste your time. But Good luck anyways.

/KX

What are some of the wallet addresses that you have funds trapped in?  Unless you're chasing the wind as others have suggested, there's no use searching for a way into a locked box unless you know there's something (other than a dead cat (https://en.wikipedia.org/wiki/Schr%C3%B6dinger%27s_cat)) inside...

It is impossible to bruteforce used private keys / seeds.
But only if there is no flawed random number generator used and the implementation doesn't include any other vulnerability.

Further, theft mostly doesn't occur through cracking/bruteforcing of seeds/private keys/brain wallets, but through bad user habits and compromised personal devices which itself is definitely possible and not as difficult as people may think.
The largest vulnerability is the human sitting in front of the computer. And it is being successfully exploited to steal private data including private keys.

that is only the case when there is a wallet and an actual private key in that wallet and a password that did really encrypt the whole thing. but all of these discussions (while true) become irrelevant when the wallet file is bought with the false promise of money inside.

Another member of the 'Impossible Squad'
This is starting to get ridiculous now.
I have to do something about this because all these lies might put people on the wrong track.

It is very possible to bruteforce used private keys.
In fact, I can prove you wrong in less then 10 seconds.

Here is the used address you can look it up on the block explorer: 19ZewH8Kk1PDbSNdJ97FP4EiCjTRaZMZQA  
Here is the brute forced Private Key:

http://www.youtube.com/watch?v=h5drF7wJgQg

This ends the discussion that it is impossible to brute force a used private key.
I don't want to read or hear it anymore, it's not impossible, it is INEVITABLE.  :)

Not sure why you didn't just go with "1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH", you could have saved yourself 6 iterations and gone with key "1" instead of key "7" :P

You claim that it is "inevitable" and all it requires is "time". That's great... if you happen to have unlimited time. If you don't, then brute-forcing at least some of the search space is essentially "impossible" as you just don't have the "time" available to do it all before you either die, or earth gets hit by a planet-killer, or someone starts WW3 or the sun devours our solar system etc.

The fact that some keys are able to be brute-forced, does not mean that all keys can be brute-forced.

My understanding is that Quantum technology will only be able to calculate the private keys from the public key. This means if you generate an address today, you will need to sign a message or transaction (and make either public) in order to expose your private key.

So now we move from impossible to some keys can be brute forced.
I must have started something because i can see some improvement in the claim.

Let's step it up a notch.

Here is the next step:
If one key can be brute forced, then ALL keys can be brute forced.

Your assumptions on how much time it will take according to the calculations including all known variables seems to be correct, but you have to calculate the time it will actually take in reality with all mod and methods applied.
This is not possible if you do not know these methods yet, so it is understandable that you default to the known equations.
Its a bad idea however, to present and defend them as facts.

There are always the unknown methods, unknown factors and unknown parameters that when correctly applied, can smash your previous beliefs in an instant.
A good example of this is the wright brothers vs all the people who claimed that a flying machine was impossible.
We now have close to 10.000 airplanes in the sky at any given time.
We also have the famous quote by Mark Twain, “They did not know it was impossible so they did it”.

For example you could assume a 256 bits key strength, which takes n milliseconds to compute.
But you have to realize that this only counts for YOU to get to YOUR public point.
This is not so for an attacker, for an attacker ANY point will do.
And the next point is not 256 Bits away.
The next point is 1 Bit away.

You can see that a private key has 255 intermediate public points that are normally just trashed inside of the calculation, but they are valid public points with valid addresses, for all you know you could have passed millions of BTC on some intermediate public point/address you landed on while on your way to bit 256 your own public point/address....

You will never know...
Unless you deliberately looked for it.  ::)


 

Why don't you just dig holes somewhere in this world to find diamonds. At least it would be by far more possible to find one.

Lol 'Impossible Squad', I like that.

But how come you aren't searching for the 64 bit address, you must need the public key to use the program.

All great stuff.... in theory... ::)

But saying there are <unknown things> that might, at <unknown point in the future> allow us to brute-force keys in a "reasonable" amount of time is not useful to people who need to brute-force keys NOW, is it? ::)

You're arguing semantics, trying to look "cleverer" than everyone else in the room... but the fact of the matter is, if I give you "1JHxmgYtTADS7GpRPHbgzWdcDtkTHjj9eQ" which is an address which just received 0.23451412 BTC, the odds of you being able to brute-force the key for that address before <heat death of universe> (or even before the BTC are actually spent) are so close to zero that it may as well be zero. Which is the general meaning of "impossible" that everyone talks about when referring to brute-forcing keys.

When these "unknown methods, unknown factors and unknown parameters" are made public... I'll happily admit that it is completely possible to brute-force all private keys. However, today, it is NOT possible... if it were, BTC would be worth zero as no coins would be safe. The entire system would be rendered useless.

Feel free to maintain your "it's not impossible" stance, but until you can demonstrate the ability to brute-force the key for any given address in something resembling a standard human lifetime... well.... ¯\_(ツ)_/¯

Not so fast.  :)
Im not even trying to to look clever im just running the numbers and if you want to have a decent and meaningful discussion, then i think that you should do the same.
These are not just theory and you can easily go and verify my notations.

I gave you a very good and well put put together example, it's ok for you to ignore it but i can assure you that it will not go unnoticed among the community.
Besides that we are not done yet, far from it, we are only just getting started.
The reduction in key size it is not the only adjustment that you are going to have to face sooner or later.

That oh so large or even 'astronomically large' <heat death of universe> space that you are currently defending, might just be a few hundred lightyears smaller then you had initially assumed.
If you want, we can talk in exact numbers in stead of vague descriptions about how big something really is.
Numbers don't lie unless the calculation is incomplete.

When you look at randomness you can see that a bit had a 50% chance of becoming a 1 or a 0.
Of course the generator can be adjusted in a way that it is biased to either side, but for all intense purposes let's assume a 50% distribution.
In a fixed 50% distribution a private key will have 128 ones and 128 zeros.

Because it's random, distribution will vary, but by how much exactly ?
For example, if we generate 100 256 Bit private key's and analyze the distribution of ones and zeroes we can find something like this:

https://i.ibb.co/qBbfT1c/256bits.png (https://ibb.co/7v75syZ)

As you can see the number of ones versus zeros do not fluctuate all over the place, in fact most keys are contained within a remarkable small bandwidth.

Most of the universe seems to be empty space.  ::)

Ok, you say all that but do you have a example(s) of what you just explain.

now you are just twisting the words and adding a lot of assumption into your claims to make them true by force.
if the key is within a known range like between 1 and 10, if the RNG was broken and were creating non-random keys, if the RNG was broken and had bias, if, if, if,... then it becomes possible to find ways to compute the private key.

otherwise 100% of the keys produced by good wallets that have experts reviewing them (eg. bitcoin core and a lot of others) have always been 100% safe and random and it is impossible to break them.

That graph is a very poor illustration of the search space. For one, you only have 100 keys out of the ("slightly" less than) 2^256 that are actually available as valid keys. The sample size is so small as to be essentially worthless.

To then say that "Most of the universe seems to be empty space" is simply disingenuous, given that you have randomly picked 100 out of ((1.158 * 10⁷⁷) - 1) possible options. Of course your "universe" is going to appear to be "empty" if you simply ignore pretty much all of it contents ::) ::)

That sounds almost like an ethical scam:  Stealing from wannabe wallet thieves!  Maybe I am in the wrong business...

---

No, you are ridiculous.  And you are not even on the wrong track:  You are off the tracks entirely.

---

Wrong.  In a uniform distribution of random bits, from 256 bits, you will see anywhere from 0 zeroes and 256 ones to 256 zeroes and 0 ones.  Usually, of course, the count of bits will fall somewhere in between.  But the expected number of 0s or 1s is not 128.

It is a common fallacy of wannabe cryptographers (and of gamblers!) to expect that from n coin flips, you will get n/2 heads and n/2 tails.  Actually, one of the worst and most common fallacies.  I see the same arrant nonsense being spouted all over the Internet.

Start here:  https://en.wikipedia.org/wiki/Binomial_distribution

From the other direction, before you cut yourself on any sharp edges trying to judge the quality of random number generators, you will want to understand this:  https://en.wikipedia.org/wiki/R%C3%A9nyi_entropy

Then, take a random walk (https://en.wikipedia.org/wiki/Random_walk); and don’t come back until you understand very thoroughly just why, if you flip a fair coin 256 times and take a step forwards for H and backwards for T, you are rather unlikely to wind up exactly back where you started.


Your sample size listed on your graph is absurdly small; and from the shape of that graph, you seem to have empirically discovered evidence that the Central Limit Theorem really works!

Extra credit:  Get acquainted with the Law of the Iterated Logarithm.

---

All of this stuff has been studied by actual mathematicians.  Which I myself am not.

When the “Impossible Squad” tells you that bruteforcing a private key is, for all practical purposes, impossible, that is based on rigorous knowledge of subjects that you are approaching with some erroneous intuition, a sprinkling of New Age omphaloskepsis about the universe being mostly empty space, and very common fallacies that you would not suffer if you had ever taken even an introductory-level class in statistics (which I myself have not—but I like to read, with my brain switched on).

Now, don’t make me sic Kolmogorov on you.  I hear that he is downright brutal.

It's very funny what the creator of the topic was motivated by when he suggested that a wallet with a billion dollars on it can be tried to hack simply by downloading a hacking program somewhere  ::) It sounds a lot like someone is going to carry out a coup d'etat with only a penknife  :D

http://i.piccy.info/i9/213a479440de9c127f754dac194a321e/1604173229/71935/1403261/20520D891F7B4_2DD6_4E2D_93F4_5681F67CAA38_1_201_a_800.jpg (http://piccy.info/view3/14048146/6e8074073f6cbd4b33c0a8baa46d44f4/1200/)http://i.piccy.info/a3/2020-10-31-19-40/i9-14048146/788x541-r/i.gif (http://i.piccy.info/a3c/2020-10-31-19-40/i9-14048146/788x541-r)

I have an electrum wallet and cannot remember the password.  I think I know the words i used though so can narrow it down. Could i use any of these things?

Do you know the seed? If yes - create a new wallet with the known seed.

If not: the procedure is identical like with wallet.dat files from Bitcoin Core.

If you suspect you know what could be the password - you may try to do it yourself.
(be careful with sites like https://www.onlinehashcrack.com/tools-electrum-hash-extractor.php)
Try to extract hash of password using the script from John the Ripper project:
https://github.com/openwall/john/blob/bleeding-jumbo/run/electrum2john.py

You should receive something like "$electrum$4*123456abcd...".
then you may use this hash with hashcat.

If in doubt - the best service seems to be https://www.walletrecoveryservices.com/ Email Dave, he will tell you what to do next.

As PawGo suggested, recovering from the wallet seed mnemonic would be the preferable way, as you do not need to know the wallet file encryption password if you have the 12 word seed mnemonic. You can just restore using the "I already have a seed" option and it will recreate your wallet and allow you to set a new password.

In addition to using JohnTheRipper and hashcat, you can also try btcrecover (https://github.com/gurnec/btcrecover), but I'm not sure if that is working with Electrum wallets used with newer versions of Electrum (ie. version 3 or 4).

This wallet was probably hacked some days ago https://www.blockchain.com/btc/address/1HQ3Go3ggs8pFnXuHVHRytPCq5fGG8Hbhx




1 000 000 000 USD !!!!  ::) ::) ::) ::) ::) ::) ::) ::)

the coins were mot probably moved by the original owner of this key. now the internet is going nuts just because they crave for drama in bitcoin world specially when the price is going up they seek "scary" news so the media gives it to them!

There was a transaction out of the above address, 0d13a52e3b640d05cdf31b41f335b327f126cb79d9eec1e2bc46556ef30a0b57 that sent 1 bitcoin to an address, bc1qa5wkgaew2dkv56kfvj49j0av5nml45x9ek9hz6 with change going to the 'sending address' and several blocks later sent the change to the same address. I think it is a reasonable conclusion that the owner of sent 1 bitcoin to bc1qa5wk, ran some tests to confirm they control the private key to bc1qa5wk, and that the transaction was sent to the correct address, and once confirmed, sent the remaining amount to the bc1qa5wk address. I would be especially surprised if 1HQ3Go3 is compromised.

It wasn't hacked.

I'm getting really tired of the forum being flooded by idiots attempting to crack wallets.

AFAICT whats going on right now is that scammers are selling fake wallets which are just encrypted wallets with other people's addresses listed in them for people to crack if only they can guess the password, but they don't actually contain the private keys so cracking the password would accomplish nothing (and the password is probably just some huge random string so it can never be cracked in any case).  If a fake wallet is well constructed it is impossible to distinguish it from a real encrypted wallet.

This isn't new, but at least one of them has put up a highly polished website now.  They're also going around and claiming that whenever coins were moved that they connected to these wallets (which happens from time to time because they're someone elses coins) that this was a successful hack by one of their customers.

I don't really have a problem with the meta-scammers ripping people off who are stupid enough to pay for other people's wallets to crack--  back when wallet encryption was new I, myself, put up a bunch of fake wallets on edonkey to look like they were accidentally shared so that malicious pieces of shit would waste their time on impossible to crack wallets.  Presumably charging for them makes the crooks all the more convinced that they are real ... but unfortunately this is creating a constant stream of querulous idiots making uninteresting posts, because the people ignorant enough to fall for this stuff also don't actually have anything interesting to say about wallet security.