recover coinbase multisig wallet to electrum?

[effin_new_guy]

if I have the "user seed" and the "user public key" and the "shared seed" and the "shared public key" and also a "coinbase public key"  can I recover a Coinbase multisig wallet (created in 2016) into electrum using the steps mentioned in this post
https://bitcointalk.org/index.php?topic=2088713.msg20875786#msg20875786

I have pybitcointools working with the sample data from this post
https://bitcoin.stackexchange.com/questions/57207/how-to-derive-the-private-key-associated-with-a-coinbase-multi-sig-vault-address
so I should be able to get my xprv but not sure I understand "child index".  

I've spent hours researching this and want to make sure I have things mostly figured out before I put any of my data in there.  
I am also not sure about the "shared seed" my notes say "shared seed (encrypted)" and I have read references about a vault password being used to encrypt it but I am not sure I have that. 

Thanks in advance for any assistance. 

[1714103460]

1714103460

[1714103460]

1714103460

[1714103460]

1714103460

[Pmalek]

To get the best eyes on this, I suggest you move this thread to one of the sub-boards where technical issues are being discussed.
At the bottom of the page, you will see a button that says "Move Topic". Click on that and select the appropriate board. I am not sure what's the best fit, but it could be either Bitcoin Technical Support or Wallet software > Electrum I think.

[Charles-Tim]

For you to understand, I have to quote from this thread, as I am not a Coinbase user.

Coinbase vault is 2-of-3 multisig wallet. Coinbase solely have one key, you solely has one key while both you ( Coinbase and you) have the third key. Which means you have two keys.

With your two keys you can move the funds.

with your 2 keys you could move funds.
There was also this option: https://coinbase.github.io/multisig-tool/
For you to dig through and get to your funds.

So, Coinbase multisig vaults were a 2-of-3 multisig. One key was held solely by Coinbase. One key was held solely by the user. The third key was held by both Coinbase and the user in an encrypted form, with the password you have being the decryption key. When you logged in to the vault, you used your password to decrypt the shared key, which allowed you to make transactions on Coinbase's website using Coinbase's key and the shared key.

Based on that, a seed phrase and a password alone are not going to be enough to access your coins. You also need the shared key which your password decrypts. If you do not have this backed up as well, then your only hope is going to be to ask Coinbase nicely if they still have it stored and can send it to you.

I also don't think Coinbase provided a seed phrase at all for the user key; I think it was an actual private key. You should therefore have two strings of seemingly random letters and numbers, one which will be your user key and the other which will be your encrypted shared key.

Hope this is helpful.

[Pmalek]

Coinbase solely have one key, you solely has one key while both you ( Coinbase and you) have the third key. Which means you have two keys.

If the "user seed" is his seed phrase or private key and the "shared seed" is the password-encrypted shared private key that o_e_l_e_o mentioned in the post you quoted, I guess you are right and he has the essentials to recover a 2/3 multisig wallet without having to contact Coinbase for further assistance.

[effin_new_guy]

So, Coinbase multisig vaults were a 2-of-3 multisig. One key was held solely by Coinbase. One key was held solely by the user. The third key was held by both Coinbase and the user in an encrypted form, with the password you have being the decryption key. When you logged in to the vault, you used your password to decrypt the shared key, which allowed you to make transactions on Coinbase's website using Coinbase's key and the shared key.

Based on that, a seed phrase and a password alone are not going to be enough to access your coins. You also need the shared key which your password decrypts. If you do not have this backed up as well, then your only hope is going to be to ask Coinbase nicely if they still have it stored and can send it to you.

I also don't think Coinbase provided a seed phrase at all for the user key; I think it was an actual private key. You should therefore have two strings of seemingly random letters and numbers, one which will be your user key and the other which will be your encrypted shared key.

You are absolutely correct, end users were not provided a seed phrase.  
Upon the creation of a (multisig) vault, Coinbase provided the following:
(these are just random numbers formatted to look real, they are not valid)

• # User seed:  L3XCYcQ2pwY3YTuwyPXzWsvVtGnCp4zL2ajP3XQt2pVhPuKiVM7r
• # User public key: xpub661MyMwAqRbcEzdGMFKZXuVwbyHY2zKhiw6YFTrULfNBF53QVfXyoAiKMZKWkQA5444NXtLj9HP mgyN1xLCiJJ9dKAy4nLZJ87trHRnwUDb
• # Shared seed (encrypted): z3PCl3Goz8yXxYt9mx6I9B2YXNX7ulTU0O2a6T43OfjP23A2ahmwx72iJ
• # Shared public key: xpub661MyMwAqRbcEzdGMFKZXuVwbyHY2zKhiw6YFTrULfNBF53QVfXyoAiKMZKWkQA5444NXtLj9HP mgyN1xLCiJJ9dKAy4nLZJ87trHRnwUDb
• # Coinbase public key: xpub661MyMwAqRbcEzdGMFKZXuVwbyHY2zKhiw6YFTrULfNBF53QVfXyoAiKMZKWkQA5444NXtLj9HP mgyN1xLCiJJ9dKAy4nLZJ87trHRnwUDb

The lack of a seed phrase is what makes recovering a coinbase multisig vault as difficult as it is.  
I am no python coder (not coder at all) but was able to get the code from this post on stack exchange https://bitcoin.stackexchange.com/questions/57207/how-to-derive-the-private-key-associated-with-a-coinbase-multi-sig-vault-address to produce something similar to the following:
(these are just random numbers formatted to look real, they are not valid)

• Master Private Key corresponding to seed: xprvz3PCl3Goz8yXxYt9mx6I9B2YXNX7ulTU0O2a6T43OfjP23A2ahmwx72iJVkmTWy0ZmBZMZcIkVv bZteiiHkucAZFdK1m1kjfMB6542qggKO
• Master Public Key corresponding to seed: xpub661MyMwAqRbcEzdGMFKZXuVwbyHY2zKhiw6YFTrULfNBF53QVfXyoAiKMZKWkQA5444NXtLj9HP mgyN1xLCiJJ9dKAy4nLZJ87trHRnwUDb
• Extended Private key at index 14: xprvz3PCl3Goz8yXxYt9mx6I9B2YXNX7ulTU0O2a6T43OfjP23A2ahmwx72iJVkmTWy0ZmBZMZcIkVv bZteiiHkucAZFdK1m1kjfMB6542qggKO
• WIF format of that key: 3OfjP23A2ahmwx72iJVkmTWy0ZmBZMZcIkVvbZteiiHkucADVDA

Not sure what exactly to do with the values produced from the user seed as that is only 1 of the signatures for a 2 of 3 vault but I will ask in Electrum.  

[o_e_l_e_o]

The lack of a seed phrase is what makes recovering a coinbase multisig vault as difficult as it is.

The lack of a seed phrase isn't the most pressing issue right now. You can worry about how to turn the private keys (rather than seed phrases) in to a wallet later. The first thing you need to obtain is 2 of the 3 private keys.

You have the user seed private key. You will never obtain the Coinbase seed private key, since that was only ever held on Coinbase's servers. You have the shared seed private key, but it is encrypted. If you cannot decrypt it, then you will never be able to recover your wallet?

Do you remember the decryption password? If not, then the first thing you are going to have to do is to try to brute force it.

[effin_new_guy]

The lack of a seed phrase isn't the most pressing issue right now. You can worry about how to turn the private keys (rather than seed phrases) in to a wallet later. The first thing you need to obtain is 2 of the 3 private keys.

You have the user seed private key. You will never obtain the Coinbase seed private key, since that was only ever held on Coinbase's servers. You have the shared seed private key, but it is encrypted. If you cannot decrypt it, then you will never be able to recover your wallet?

Do you remember the decryption password? If not, then the first thing you are going to have to do is to try to brute force it.

Agreed, not the most pressing issue.  But the possession of a seed phrase as opposed to a "user seed" and a "user public key" and a "shared seed" and a "shared public key" and a "coinbase public key" and a password would simplify things incredibly and that is the frustration. 
Not at any of you, obviously...   In fact, I really appreciate all the responses I am getting. 

I do not have the decryption password recorded so that may be an issue but the good news is I have the user seed and according to Coinbase's email, (refereced in this post) https://bitcointalk.org/index.php?topic=5316286.msg59002082#msg59002082

Code:

What if I don’t know my vault password?
If you don’t know your vault password, you can instead copy/paste the user seed into the password field. This will allow you to approve your withdrawal. The user seed was provided to you when you created your multisig vault.

So I should be good, right?     
I am sure there is a catch...   

[DaveF]

Pulling in from the other thread. If you take a look at constants.js you see:

Code:

"use strict";

var constants = {
  M: 2,
  MINIMUM_MINER_FEE: 20000,
  BITCOIN_SATOSHIS: 100000000,
  INSIGHT_API_URL_ROOT: "https://insight.bitpay.com/api/",
  DEBUG: false,
  REQUEST_PIPELINE_SIZE: 2,
  REQUEST_BACKOFF: 250,
  REQUEST_BACKOFF_CEILING: 3000,
  REQUEST_BACKOFF_MULTIPLIER: 1.25,
  REQUEST_RETRY_ATTEMPTS: 5
}

module.exports = constants;

So you my be able to download and tweak the .js files a bit to find what you need and change it.
I don't know enough about js and the app itself to be sure what would need to be changed. You would also have to find were the /addr is located and change it to /address and a few other things, but I don't see it as an impossible task. Just a long and annoying one.

-Dave

[o_e_l_e_o]

I do not have the decryption password recorded so that may be an issue but the good news is I have the user seed and according to Coinbase's email, (refereced in this post)

I was under the impression that Coinbase's multisig vaults have long been discontinued and they removed all support for them, and so this will no longer be an option. But regardless of what I think - have you tried this? It seems like it would solve all your problems if it is possible.

If you do not have the decryption key (and the above is not possible), then your options are limited to either brute forcing the decryption key so you can use the user seed and shared seed, or seeing if Coinbase will give you access to the Coinbase seed linked to your account (which seems highly unlikely).

[Pmalek]

I do not have the decryption password recorded so that may be an issue but the good news is I have the user seed and according to Coinbase's email, (refereced in this post) https://bitcointalk.org/index.php?topic=5316286.msg59002082#msg59002082

Code:

What if I don’t know my vault password?
If you don’t know your vault password, you can instead copy/paste the user seed into the password field. This will allow you to approve your withdrawal. The user seed was provided to you when you created your multisig vault.

If that ends up working, you will be the first person I know who gained access to a 2/3 multisig wallet by having only one of the private keys with two of them missing.
At this point, it can't even be considered a multisig solution. If it's possible for you to recover it with just your "user seed", I wonder if Coinbase could have done it on their end with just their "Coinbase seed" as well?!

[effin_new_guy]

So you my be able to download and tweak the .js files a bit to find what you need and change it.
I don't know enough about js and the app itself to be sure what would need to be changed. You would also have to find were the /addr is located and change it to /address and a few other things, but I don't see it as an impossible task. Just a long and annoying one.

-Dave

I could potentially make the change you are suggesting to the js file and I am not necessarily opposed to long and annoying (you have no idea how much work I have put into this already).  Unfortunately I am a terrible programmer and cannot read or write code well at all and I don't trust myself not to screw it up.   On top of that, this is only step 1 and I don't even comprehend steps 2 or step 3-a or step 3-b

I was under the impression that Coinbase's multisig vaults have long been discontinued and they removed all support for them, and so this will no longer be an option. But regardless of what I think - have you tried this? It seems like it would solve all your problems if it is possible.

If you do not have the decryption key (and the above is not possible), then your options are limited to either brute forcing the decryption key so you can use the user seed and shared seed, or seeing if Coinbase will give you access to the Coinbase seed linked to your account (which seems highly unlikely).

I can see my vault on coinbase and when I click "withdraw from vault" nothing happens. 
I am not certain that I do not know the decryption key for the shared seed.  Unfortunately, there isn't any way to "test" it.   

[effin_new_guy]

 
I am not certain that I do not know the decryption key for the shared seed.  Unfortunately, there isn't any way to "test" it.   

So essentially what I need is to find someone that understands the decryption process discussed in the ReadMe on the coinbase multisig github https://github.com/coinbase/multisig-tool#bip38 since that is how coinbase decided to do it. and once I verify the password or verify I do not know the password, I could determine next steps...   does that sound accurate? 

[o_e_l_e_o]

If that ends up working, you will be the first person I know who gained access to a 2/3 multisig wallet by having only one of the private keys with two of them missing.
At this point, it can't even be considered a multisig solution. If it's possible for you to recover it with just your "user seed", I wonder if Coinbase could have done it on their end with just their "Coinbase seed" as well?!

That's not what is happening. Coinbase have the Coinbase seed and the encrypted shared seed. Usually the user would enter the decryption key (the "vault password"), allowing their browser to decrypt the shared seed giving them the necessary two out of three seeds in which to sign a transaction. Should the user have forgotten the decryption key, then they can instead just enter the user seed. At this point, they have access to the Coinbase seed and the user seed, again meeting the two out of three requirement.

I can see my vault on coinbase and when I click "withdraw from vault" nothing happens.

I believe that the current vaults on Coinbase are completely different to the old multi-sig vaults, which is what you are dealing with here.

Have you tried entering your information in to their multisig vault recovery tool? Best to download this and go offline after it has scanned for balances for safety reasons. You should also be able to test your decryption key using it. https://github.com/coinbase/multisig-tool/blob/master/README.md

[Pmalek]

That's not what is happening. Coinbase have the Coinbase seed and the encrypted shared seed. Usually the user would enter the decryption key (the "vault password"), allowing their browser to decrypt the shared seed giving them the necessary two out of three seeds in which to sign a transaction. Should the user have forgotten the decryption key, then they can instead just enter the user seed. At this point, they have access to the Coinbase seed and the user seed, again meeting the two out of three requirement.

I understand that. However, OP doesn't have the shared seed or the decryption key that gets him the shared seed. He only has the user seed. He owns 1 element to make a successful recovery. The 2nd element to get the shared seed is the decryption password. He doesn't have it. Therefore, he doesn't possess 2/3 necessary requirements for recovery. If there is a way around all that by inserting the user seed in place where the decryption key goes, it defeats the whole security model of the vault. I would be glad for the user's sake if that works because it would give him access to his coins. But I am criticizing the set up and find it pointless.

Imagine having a passphrase-protected wallet and losing the passphrase. But instead of the passphrase, you can just insert your seed a 2nd time and get the same result? What's the point of the passphrase then? In both cases you only have 1 element that gives you access to coins that are supposed to be protected by two different layers of security. The seed + passphrase in the second example. The user seed and the decryption key in the first.  

[o_e_l_e_o]

I understand that. However, OP doesn't have the shared seed or the decryption key that gets him the shared seed. He only has the user seed. He owns 1 element to make a successful recovery. The 2nd element to get the shared seed is the decryption password. He doesn't have it. Therefore, he doesn't possess 2/3 necessary requirements for recovery.

The second key he would use in a such a scenario is the Coinbase seed. This is available to him since he can access his Coinbase account. Usually he would provide the decryption key for the shared seed so he would have the Coinbase seed and the shared seed, but in this alternative situation instead of providing the decryption key he provides the user seed, giving him the Coinbase seed and the user seed. In both scenarios, he has 2 out of the 3 necessary seeds.

If seems, however, that since Coinbase have completely discontinued support for their multisig vaults, he can no longer access the Coinbase seed, so this method is not available to him. He has the user seed, and is going to have to brute force the decryption key for the shared seed to give him the necessary 2 out of 3 seeds.

[effin_new_guy]

Have you tried entering your information in to their multisig vault recovery tool? Best to download this and go offline after it has scanned for balances for safety reasons. You should also be able to test your decryption key using it. https://github.com/coinbase/multisig-tool/blob/master/README.md

Unfortunately, the coinbase multisig github tool is no longer functional (these two threads detail my attempts with it)
https://bitcointalk.org/index.php?topic=5316286.msg59002082#msg59002082

https://bitcointalk.org/index.php?topic=5316286.msg59002577#msg59002577

[Pmalek]

Usually he would provide the decryption key for the shared seed so he would have the Coinbase seed and the shared seed, but in this alternative situation instead of providing the decryption key he provides the user seed, giving him the Coinbase seed and the user seed. In both scenarios, he has 2 out of the 3 necessary seeds.

Instead of the bolded part, I assume you wanted to say 'shared seed'.
I guess we have to agree to disagree. The way I see it is that the security level here is onefold. With the one element he has (the user seed), he is able to unlock and gain access to all the other elements necessary for the recovery. More precisely, he was when the vault was still functional.

The Coinbase 'user seed' is nothing but a master password allowing you complete access to a vault that is supposed to be protected by two factors. It essentially is protected by different keys and multiple factors, but you can use the one key you have to find the other keys in order to have the 2/3 necessary seeds .

Would you be comfortable with the following "secure solution"?
The two of us set up a multisginature wallet. For simplicity, let's forget about the third key and public keys. We will have a 2/2 system. Let's call our keys user seeds. You have one user seed and I have the other. I don't know your key, and you don't know mine. Without the two keys, none of us can spend the coins in that address. Even though I don't know your key, I can just enter my user seed in the system and the wallet will reveal your user seed as well. Thanks to this incredibly secure setup, I now have 2/2 keys. How would you rate this scheme to store Bitcoin?

[effin_new_guy]

I have found a way to test decrypting the shared user seed and none of the passwords that I have work.
As I see it, my only option is to attempt to brute force the password used to (BIP38) encrypt the shared seed since coinbase is no longer signing tx, does that sound correct?  

Looking into BIP38 brute forcing...  the encrypted seed and public address (and dictionaries) are used for the process.   
Another point of confusion for me...   which address?   Allow me to explain...   
I have two transactions going into "My Vault" and each transaction went into a separate bitcoin address. 

[o_e_l_e_o]

Instead of the bolded part, I assume you wanted to say 'shared seed'.

No, I didn't. I meant what I said.

The Coinbase 'user seed' is nothing but a master password allowing you complete access to a vault that is supposed to be protected by two factors. It essentially is protected by different keys and multiple factors, but you can use the one key you have to find the other keys in order to have the 2/3 necessary seeds .

The Coinbase seed is protected by the password and 2FA to his Coinbase account.

Let me try explaining it another way. There are three seeds:

Coinbase seed - stored by Coinbase. The user accesses this seed by logging in to their Coinbase account.
Shared seed - stored by both parties, but encrypted. The user holds the decryption key.
User seed - stored by the user.

Ordinarily the user would log in to the Coinbase account with their email, password, and 2FA, which gives them access to their vault with 1 of the 3 seeds. They would then provide the decryption key for the shared seed, giving them access to 2 of the 3 seeds (Coinbase and shared) and therefore the ability to make a transaction.

If the user had forgotten their decryption key, then instead they could log in to the Coinbase account to access the Coinbase seed, and then provide the user seed, giving them access to 2 of the 3 seeds (Coinbase and user).

Now, as Coinbase have discontinued support for these vaults and removed the Coinbase seed from OP's account, his only solution is to decrypt the shared seed and combine it with his user seed.

You seem to missing the fact that you couldn't just log in to a vault by providing either the decryption key or the user seed - you had to first log in to the associated Coinbase account. This is really no different than, say, TrustedCoin providing a second signature when you provide the necessary 2FA code.

As I see it, my only option is to attempt to brute force the password used to (BIP38) encrypt the shared seed since coinbase is no longer signing tx, does that sound correct?

It would seem so. Is it indeed BIP38 encrypted? It should start with "6P" if it is.

[effin_new_guy]

It would seem so. Is it indeed BIP38 encrypted? It should start with "6P" if it is.

Yes, the encrypted shared seed starts with "6P".

but I am thoroughly confused, there is a single vault password and single encrypted shared seed...    how does that correspond to two different public addresses?