Bitcoin Core Password recovery Service

[bassride2]

so I was having several faceplant moments recently on discovering I had not recorded my passphrase to a Bitcoin Core wallet.  It had around 2.5 BTC in it.

I had carefully backed up the wallet.dat file several times but not the password.  I tried many variations of a few phrases I thought I could have used but without success.

Bitcoin QT (Bitcoin Core as it is is known now) uses strong encryption for the passphrase.  I envisaged many hours of trying different attempts to get into my wallet, very frustrating.

I came across walletrecoveryservices.com that offers a service to attempt to crack the password and access the wallet.  I was hopeful but also realistic that I may have lost the coins for good.  Within a couple of days Dave reported that he had managed to discover the lost passphrase and access the wallet.  Great news !!!  He took 20% as a commision, and returned the remaining 2.0 to me.

How is this possible?

walletrecoveryservices.com apparently uses algorithms that intelligently tries multiple combinations of passphrases from your best guess, across several PCs, more info on their web site.

You should ideally have an approximate idea(s) of what your passphrase may be. especially if the phrase is long. 

D.

[SebastianJu]

As long as no trusted members claims this website is real everyone should assume that its not a real website and they would run away with coins they could get out of cracking a wallets lost password.

[Lauda]

As long as no trusted members claims this website is real everyone should assume that its not a real website and they would run away with coins they could get out of cracking a wallets lost password.

Exactly. There are 2 reasons:
1) The website might not work at all; you've given someone your wallet.dat.
2) The website works; your coins are now stolen.

Another major issue here is that you have to provide best guesses, which enables them to break into your other accounts. At least some of a users passwords are going to have similarities.

[AtheistAKASaneBrain]

It's pretty weird that he was able to bruteforce the password in such a long time. How long was your password and did it contain special characters?

[S4VV4S]

It's pretty weird that he was able to bruteforce the password in such a long time. How long was your password and did it contain special characters?

What is truly weird is that the OP is advertising a/his (potentially malicious) service/website and some people failed to see that.

[NorrisK]

It's pretty weird that he was able to bruteforce the password in such a long time. How long was your password and did it contain special characters?

He gave information about the possible password.. Such as a large part, total length etc.. This would greatly reduce combinations, and somone can just run a script to change individual characters if the password.

[LiteCoinGuy]

It's pretty weird that he was able to bruteforce the password in such a long time. How long was your password and did it contain special characters?

He gave information about the possible password.. Such as a large part, total length etc.. This would greatly reduce combinations, and somone can just run a script to change individual characters if the password.

some people do this kind of work for some money. but there is always the danger of theft of course.

[achow101]

There are many programs that can brute force things, and when run on a distributed system or a cluster, they can brute force passwords very quickly. Given wordlists of potential password candidates and word mangling rules, it can be relatively easy to brute force a password.

I have actually known about wallet recovery services, and you don't need to send them the full wallet, just parts of it which can be dumped using pywallet. They require the part regarding the password and 1 or 2 addresses from the wallet that can be empty. This safeguards your coins if they should try to steal them. The info about this is here: http://www.walletrecoveryservices.com/information.html

[odolvlobo]

If you do a search in the forums, you will see that this service has been around a while.

You will also see that 90% of the users recommending the service have only one or two posts. Like bassride2, they are obviously just sockpuppet accounts.

With all the deception by walletrecoveryservices, I could never trust him and his sockpuppets, even if it seems legit.

[ticoti]

You can do the recover with btcrecover https://github.com/gurnec/btcrecover


I know to use it if you are interested

[walletrecoveryservices]

Thanks for the review bassride2 - I am glad that I could help you.

I know there are always skeptics out there about my wallet recovery service. I understand that. However, if you are skeptical, then ask around and talk to long-serving members of the bitcoin community - eg Molecular on this forum, or Caucasius, or Stephanie Murphy from 'lets talk bitcoin', or Mike Belshe from bitgo.com, or Mandrik and others from blockchain.info. Or read some of the other testimonials at  http://www.walletrecoveryservices.com/testimonials.html.
I have had over 700 clients, and no bad reviews or suggestions of me being dishonest. No-one in the industry now doubts my honesty.
I am running this as a sustainable business, and my reputation is important to me.

The original (long) posting on this forum about this service is at https://bitcointalk.org/index.php?topic=240779.0;all if you want to read some of the back-history.

Cheers
Dave Bitcoin

[bassride2]

If you do a search in the forums, you will see that this service has been around a while.

You will also see that 90% of the users recommending the service have only one or two posts. Like bassride2, they are obviously just sockpuppet accounts.

With all the deception by walletrecoveryservices, I could never trust him and his sockpuppets, even if it seems legit.

An understandable theory but no I'm not a sockpuppet ), I'm a genuine user who wanted to share the positive experience.  I've just not posted so often, hence the 6 month gap since last post.

[ajareselde]

The only way this could run as legitimate service would be for the owner of the site to escrow funds that are held inside wallets for
each individual case. Otherwise it's just another service that has 99% chance to sucker you up.

[SebastianJu]

The only way this could run as legitimate service would be for the owner of the site to escrow funds that are held inside wallets for
each individual case. Otherwise it's just another service that has 99% chance to sucker you up.

I wonder how that could work. Imagine he receives a wallet containing claimed 100 Bitcoins. He tries to open it, but can't. Then how can he get the escrow funds back? He can claim he deleted the wallet but still, it could be possible that he gets the escrow funds back and then suddenly the 100 bitcoins vanish from the wallet he claimed he couldn't bruteforce.

I would not accept such an escrow. Or at least make the risk clear to the one with the blocked wallet. If he understands and agrees that i can't be held responsible for that risk then i might do it.

[shorena]

The only way this could run as legitimate service would be for the owner of the site to escrow funds that are held inside wallets for
each individual case. Otherwise it's just another service that has 99% chance to sucker you up.

I wonder how that could work. Imagine he receives a wallet containing claimed 100 Bitcoins. He tries to open it, but can't. Then how can he get the escrow funds back? He can claim he deleted the wallet but still, it could be possible that he gets the escrow funds back and then suddenly the 100 bitcoins vanish from the wallet he claimed he couldn't bruteforce.

I would not accept such an escrow. Or at least make the risk clear to the one with the blocked wallet. If he understands and agrees that i can't be held responsible for that risk then i might do it.

Its also not the only way. For some wallets its possible to work on a private key that holds no funds to get the password. The password is the same for the entire wallet, but its useless without the encrypted private key that holds the 100 BTC. The change address you used 1 year ago and now has 10000 satoshi left is perfectly fine.

See e.g. the post by knightdk above.

[SebastianJu]

The only way this could run as legitimate service would be for the owner of the site to escrow funds that are held inside wallets for
each individual case. Otherwise it's just another service that has 99% chance to sucker you up.

I wonder how that could work. Imagine he receives a wallet containing claimed 100 Bitcoins. He tries to open it, but can't. Then how can he get the escrow funds back? He can claim he deleted the wallet but still, it could be possible that he gets the escrow funds back and then suddenly the 100 bitcoins vanish from the wallet he claimed he couldn't bruteforce.

I would not accept such an escrow. Or at least make the risk clear to the one with the blocked wallet. If he understands and agrees that i can't be held responsible for that risk then i might do it.

Its also not the only way. For some wallets its possible to work on a private key that holds no funds to get the password. The password is the same for the entire wallet, but its useless without the encrypted private key that holds the 100 BTC. The change address you used 1 year ago and now has 10000 satoshi left is perfectly fine.

See e.g. the post by knightdk above.

Didn't realize that possibility. Thats a good way then. Unfortunately probably only for experinced users because newbies very rarely will have private keys being stored somewhere. But it might be a good advice for newbies to back up a private key of an unused or empty address when creating a wallet.

Experienced users probably will run rarely into that situation. Making backups is probably something experienced users already had to learn so a lost password might be rarely happening for them.