Is it possible to create a fake wallet.dat file?

[casinotester0001]

There is a huge market for wallet.dat files on the web, where people don't know / forgot the password. I wanted to know if they are fake and checked them, asked the sellers what they know about their files. Most didn't know anything, but they bought it, let's say for 0.01 BTC with a 50 BTC balance and are trying to find the password. After a while sell it to someone else and so on.

My question:

Is it possible to create an encrypted wallet.dat file, that shows a balance and the corresponding address (you don't have the private key) after a rescan with Bitcoin Core, but that is fake?

EDIT:

The answer is: YES

Found the thread: (was created back in 2019)

Fake walle.dat can trick bitcoin core client?
https://bitcointalk.org/index.php?topic=5130929.0

The wallet file isn't fake per se, nor are the transactions it shows. What's fake about it is that it doesn't contain the private keys it claims it does.

The method of identification is to look at the corresponding version of the wallet code, check the data consistency, time, field, type, structure, It looks very complicated.

It actually is not that complicated. You don't need to check any data consistency, time, etc. You don't need to check any of the things you mentioned. You also don't really need to look at the wallet code because the data that they are manipulating doesn't change frequently, if ever. In fact, the specific database fields that are being modified will likely never change in order to maintain backwards compatibility with older wallet versions.

What the authors have done here is simply add fields which represent encrypted keys. These fields contain the pubkey and the encrypted private key which will typically just look like random data (because that's the point of encryption). What the authors have done is just create a field that contains the pubkey and random data (or in this case, a string) as the private key.

It is impossible for anyone (technical or not, professional or not) to identify that the wallet is "fake" by simply looking at it (besides the fact that common sense tells you its a scam). If done correctly, the supposed encrypted key will be garbage data and its veracity cannot be determined without knowing the decryption key. Of course, if it's just zeroes or some other obvious non-random data, then it can be easily determined. You can inspect the data of a wallet.dat file using BDB 4.6's db_dump tool.

Yes, it's possible. In fact, there are many people who fell for such scam tactics.

But what they actually they do are modifying unencrypted part of the wallet.dat to show address which doesn't have it's private key pair.

recently someone is selling fake bitcoin wallet.dat file containing 3050 BTC (https://www.blockchain.com/en/btc/address/1Lg5pJRaWKw6n2J4CBjoEJY5ZdLwBu21U2)
that wallet is my friend wallet and he immediately moved all bitcoin to different address.

scammer send small amount of btc in all such cold wallet and check if wallet is active or not,
 if wallet is inactive then they create fake wallet.dat file and fool other

example wallet.dat:
https://bitcointalk.org/index.php?topic=5240701.0

[jackg]

Is it possible to create an encrypted wallet.dat file, that shows a balance and the corresponding address after a rescan with Bitcoin Core, but that is fake?

Yes. It's been discussed quite a lot here before that it's possible to do due to how encryption is done with core.

[casinotester0001]

Yes. It's been discussed quite a lot here before that it's possible to do due to how encryption is done with core.

Thanks.

Do you have some links to threads where I can check it? Or someone else 

[casinotester0001]

Found the thread: (was created back in 2019)

Fake walle.dat can trick bitcoin core client?
https://bitcointalk.org/index.php?topic=5130929.0

[The Cryptovator]

Have you ever think how big scams and hacks happen in crypto spaces? Because hackers or scammers use some special tools to hack. So it's not impossible to create a fake wallet file by importing some wallet address without private keys. That's how they could make you a fool. So it's better always stay away from a such deals to save your funds. Don't be greedy.

[coupable]

From what I think it is not possible to produce these files without having private keys.
The problem is not in the ability of scammers to produce these files, because even if this is not technically possible at the present time, it may become possible in the future with the development in the creation of more sophisticated tools.
The real problem is the greed that leads the victims to fall into the traps of scammers. The scammers will spend their energies on the premise that greed will bring more victims.

[Lucius]

From what I think it is not possible to produce these files without having private keys.

It is quite possible and you have a link where everything is explained. You don't need private keys, just a little knowledge and the desire to deal with such things, which apparently many do. Fortunately for all of them, there are a lot of people who still believe that they bought some kind of file that contains hundreds or thousands of Bitcoins protected by a password that one day they will unlock with the help of quantum computers or maybe some kind of magic

[lucates]

Have you ever think how big scams and hacks happen in crypto spaces? Because hackers or scammers use some special tools to hack. So it's not impossible to create a fake wallet file by importing some wallet address without private keys. That's how they could make you a fool. So it's better always stay away from a such deals to save your funds. Don't be greedy.

People create fake trust wallet balances to scam others. Every scam happens unexpectedly and we fail to predict the loopholes of the technology. So I am not sure if it's possible or not. Once it happens, then only everyone will be aware. So be careful and don't be greedy.

[Leviathan.007]

Yes, that's possible to create a fake wallet.dat ad that's a known trick done by many scammers, usually dark web you can find many of these wallets where they sell the wallets for half price of the bitcoin. you should ask yourself why they are selling these wallets so cheap, the reason is clear that's a way to scam people and milk money from them however some of these wallets can be real but the coins are dirty and usually you can get trapped by the police after exchanging these bitcoins, but this case is pretty much rare and I guess these wallets are mostly fake.

[OgNasty]

Even if the wallet.dat file was real, it’s a fool’s errand to buy one to try and decrypt. The password on the encryption could be longer than the private key itself. Anyone spending time on this sort of thing is being scammed, not just for their money in buying the wallet from a scammer, but also their time and electricity as they attempt the (nearly) impossible.

[casinotester0001]

How will the number of rounds (iteration) for the wallet.dat hash be generated?

I am asking, because lots of different wallet.dat hashes have the same rounds (iteration):

$bitcoin$64$9de529051d808b5d34c679c43020a233e6b5161de2e85070127009d61e4c24c8$16$09792b4786f368cb$49019$2$00$2$00


EDIT: I found this:
.. a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change)

source: https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README

Still not knowing why so many wallet.dat files that are being sold have the same 'rounds'.

[Dzwaafu11]

It will be when but the main problem will be how Can the code on dashboard show and if someone forget is password how can you generate new password for that person without another person having the same password I think it is a very difficult thing to do.
Some people can forget their password and when they ask them to say much about their account they don't know.