Lost btc in change address, any help please?

[changeaddressdumbass]

Here's the story of my dumb ass.
Transaction.

To preface, I have a wallet.dat file stored on a USB in a fireproof safe. I also have backups on backups so no way to lose this wallet.dat file.

I had about $45 btc in my wallet at the time. Sent $10 to a friend in a transaction. Since this was not my full btc balance, a change address was created which received the other $35 worth of BTC. I did not notice this.

Then, I simply deleted my wallet.dat, cleared recycle bin anticipating I would restore from my backup wallet.dat.

Fast forward to me restoring my wallet.dat and noticing $35 is gone. Now, I don't have the private key to this change address. I ran file recovery software but it did not pick up the (correct) wallet.dat from my emptied recycle bin which contained the private key.

I understand now receiving wallets are generated based off a seed. Cryptographically, I know that's no chance that seed will generate the same change address twice. So, am I fucked? $35 down the drain not so bad price for this lesson.

I used EaseUS for the recovery, found a deleted wallet.dat in my recycle bin, but it was newer then the deleted wallet.dat which occurred at about 11am this morning.

---

Bitcoin core says "HD key generation is enabled", and I ran the application with -rescan but it didn't find any new addresses.
Here's a screenshot of my "Transactions":
https://i.imgur.com/KDmnmYu.png

[Abdussamad]

I understand now receiving wallets are generated based off a seed. Cryptographically, I know that's no chance that seed will generate the same change address twice.

Actually being generated from seed means it will generate the same key pairs and corresponding addresses. So it should be seeing your $35 too.

Is the wallet synced? Maybe it's just catching up with the blockchain. Leave it running until it's synced and maybe then it'll show an accurate balance

[khaled0111]

The main purpose of using a HD wallet is that you don't have to worry about backing up the wallet.dat regularly.
As long as you have the seed or a copy of wallet.dat, you will be able to recover all used addresses.

Wait for the wallet to fully synchronize as abdussamad proposed. If it doesn't work, try generating few new addresses untill your funds shows up.

Meanwhile, you can check that the change address shown in the image you posted belongs to your wallet, type in console:
 ismine "address" not sure about the command syntax

[nc50lc]

Meanwhile, you can check that the change address shown in the image you posted belongs to your wallet, type in console:
 ismine "address" not sure about the command syntax

Yes, Bitcoin core doesn't have "ismine" command use getaddressinfo "your_address" instead.
There's an "ismine" : true/false," somewhere in the middle of the results.

[HCP]

Here's a screenshot of my Transactions:

In case anyone is looking... this is the transaction: https://www.blockchain.com/btc/tx/0ed116c76f1267c13e008b863494f29bbd9ee063be47aa78d66c9c490e3c3a0d

I understand now receiving wallets are generated based off a seed. Cryptographically, I know that's no chance that seed will generate the same change address twice. So, am I fucked? $35 down the drain not so bad price for this lesson.

No, that's the opposite of how HD wallets work... You should be able to recreate the entire wallet from the seed.

Honestly, not sure why it isn't finding the correct change address??!?

This could happen if you added encryption to the original wallet AFTER you made the backups (enabling encryption changes the seed) and your backup has the wrong keypool (which I doubt, because otherwise it is likely that it wouldn't even be showing the transaction nor recognise that the original receive address was yours).

Was the original address (3P2UsEAdCWAKNzLNqxybcELB78ihGsmP5n) an imported address? Did you ever import a private key to this wallet?

[changeaddressdumbass]

Meanwhile, you can check that the change address shown in the image you posted belongs to your wallet, type in console:
 ismine "address" not sure about the command syntax

Yes, Bitcoin core doesn't have "ismine" command use getaddressinfo "your_address" instead.
There's an "ismine" : true/false," somewhere in the middle of the results.

05:17:53

{
  "address": "36PSz3n9gj45GqHNPWEfDsxmZWXcnuFG3y",
  "scriptPubKey": "a91433860f9dbb431e433edb54006563ca5b1b659e7f87",
  "ismine": false,
  "solvable": false,
  "iswatchonly": false,
  "isscript": true,
  "iswitness": false,
  "ischange": false,
  "labels": [
  ]
}

Was the original address (3P2UsEAdCWAKNzLNqxybcELB78ihGsmP5n) an imported address? Huh Did you ever import a private key to this wallet?

3P2UsEAdCWAKNzLNqxybcELB78ihGsmP5n was generated on this exact instance of bitcoin-core v0.18.1. I have never imported any private keys in this wallet.

Wallet finished rescanblockchain and is showing the same. No change.

[khaled0111]

  "ismine": false,

This line means the address doesn't belong to the wallet you are currently using.
How did you restore the wallet? Are you sure it is the same file?
On bitcoin core are you still able to see the transaction under the Transactions tab?

[AdolfinWolf]

I have a feeling you corrupted your wallet.dat somehow? (Or, obviously, derived a different dataset of adresses.)

Can you check if you still have the keys for the adress you originally got your funds on?

https://www.blockchain.com/btc/address/3P2UsEAdCWAKNzLNqxybcELB78ihGsmP5n

This one? (I'm guessing you do- otherwise it wouldn't display the transaction data at all- still, this is very weird. I'd love to see an answer as to what the problem might be here, although i suspect it somehow will be extremely trivial...)

If you do have the keys for this one- there's likely a problem regarding the change adresses(?)- if you also don't have the private key for this adress anymore - you most likely don't have the same seed/(impartial wallet.dat) as you did before(?)

Anyway, this is a really weird story.

On bitcoin core are you still able to see the transaction under the Transactions tab?

I don't think that'd matter much. The wallet could just monitor the adress for transactions.

Was the original address (3P2UsEAdCWAKNzLNqxybcELB78ihGsmP5n) an imported address? Did you ever import a private key to this wallet?

Would that even matter at all as to which change adress is used?

[HCP]

Indeed this is a very curious case... I've been trying to figure out scenarios where it's possible for the system to use a change address that isn't generated by the wallet... the options I have are:

1. The backup is using a different seed to the original wallet. I believe it is still true that the seed will still be changed when you enable encryption on the wallet... but that it doesn't if you simply change the passphrase.

How old was the backup wallet.dat file that you used? When did you create the backup? Did you encrypt the wallet AFTER you created the backups?


2. A "custom" change address was used.

For this, "coin control" functionality needs to be switched on in the settings, and a custom change address needs to be entered into the appropriate textbox on the "send" tab.


3. There is some, as yet reported, bug in Bitcoin Core that is causing it to generate and/or use incorrect change addresses.

[changeaddressdumbass]

Indeed this is a very curious case... I've been trying to figure out scenarios where it's possible for the system to use a change address that isn't generated by the wallet... the options I have are:

1. The backup is using a different seed to the original wallet. I believe it is still true that the seed will still be changed when you enable encryption on the wallet... but that it doesn't if you simply change the passphrase.

How old was the backup wallet.dat file that you used? When did you create the backup? Did you encrypt the wallet AFTER you created the backups?


2. A "custom" change address was used.

For this, "coin control" functionality needs to be switched on in the settings, and a custom change address needs to be entered into the appropriate textbox on the "send" tab.


3. There is some, as yet reported, bug in Bitcoin Core that is causing it to generate and/or use incorrect change addresses.

I created the backup wallet.dat this week and generated the wallets on an air gapped system in bitcoin-cli using the command: getnewaddress. For the record, I've run all commands on this original machine.
Then I shutdown bitcoind and after copied the wallet.dat file onto my USB.
The wallet was never encrypted in bitcoin-cli as I stored the files in an encrypted "file" partition on the drive.
"Coin control" is disabled. I did not specify a change address when sending the $10.


Air gapped system generated the wallet. -> Transferred onto encrypted "file" partition (on usb). -> Backed up the encrypted partition.

Later, on the second, online pc...
Copied encrypted partition from usb. -> Decrypt. -> Copy wallet.dat into its directory. -> Ran "bitcoin-qt.exe -rescan", waited -> Sent $10 to friend.
At that moment would the change address in theory still be pre-determined from wallet.dat or did it generate based off the seed of the second computer?

I have a feeling you corrupted your wallet.dat somehow? (Or, obviously, derived a different dataset of adresses.)

Can you check if you still have the keys for the adress you originally got your funds on?

https://www.blockchain.com/btc/address/3P2UsEAdCWAKNzLNqxybcELB78ihGsmP5n

Yes I have that key.

[Abdussamad]

OP created a reddit thread as well: https://www.reddit.com/r/Bitcoin/comments/dc234j/lost_btc_in_change_address_any_help_please/ .

[BitMaxz]

How about trying to use older version of Bitcoin core? Do you remember if what version of Bitcoin core you use before or do you remember when you install the Bitcoin core Legacy wallet?

If you have an idea to the exact date or near try to find the old version of Bitcoin core from here https://github.com/bitcoin/bitcoin/releases?after=v0.8.5 You can check the date on the left side.

After that install it(Make sure they are separate with the new HD wallet and Bitcoin core legacy) and import the backup again.

Then check the addresses and look for change addresses. You can use blockchain.com to check change addresses if they have a balance.

Let see if you can find the change address where your Bitcoin is saved. If ever you are lucky to find the address where your BTC is saved start export the private key of the change address and import it to your HD wallet.

[HCP]

At that moment would the change address in theory still be pre-determined from wallet.dat or did it generate based off the seed of the second computer?

The seed is stored in the wallet.dat itself... it is wallet specific. Copies of a wallet.dat should contain the same seed.

Thank you. I completed the dump and am doing the console rescanblockchain which is indeed taking hours. I will look into electrum in the meantime, but no rush so I may just wait it out overnight. CHEERS!

Did you look through the "dumpedwallet.txt" for the (change) address in question? Namely, 36PSz3n9gj45GqHNPWEfDsxmZWXcnuFG3y


Did you create and send the transaction from the commandline as well? or did you use the GUI?

[The Cryptovator]

This article would help you, Five Ways to Lose Money with Bitcoin Change Addresses

I am not sure, but likely your wallet had created new change address during transaction and it wasn't updated on your backup file. But it should be recoverable from your seed. Because all address and private keys belongs to seed. Read above article and determine what was the problem, there is also solution how you would get back your balance. They might be different issue and solution should be based on problems. Hope will get back your funds.