Need help recovering my 2010 wallet.dat with 8.5 BTC

11 replies 341 views
keyMember
Posts: 20 · Reputation: 215
#1Jan 4, 2025, 03:09 PM
Hey all, I’m reaching out to see if anyone can help me with recovering a legacy wallet. I’ve got a wallet.dat file from late 2010 that has 8.5 BTC in it. I’ve already pulled the hash from the file, and I've been trying to recover it for the last couple of days using John the Ripper and Hashcat. I kicked things off with the RockYou dictionary, thinking maybe it had a common password from back then, but no luck so far. I’ve got my memory dumps and various pools ready, but honestly, I feel stuck with the wordlists I’m using. Since this is an old Satoshi-era file, I'm a bit worried I might miss some unique encryption details or paths that were around in 2010. Here are my questions: Do you have any recommended open-source scripts or tools for handling 2010 wallet headers besides what I’ve tried? Should I create custom wordlists based on my personal info, or is there a better way to brute-force these old wallets? Are there any good technical docs on early Bitcoin Core wallet encryption you could point me to? Just a heads up: I’m not looking for anyone to do the cracking for me. I won’t respond to DMs. I just want public advice, methods, or any useful documentation to help me push ahead on my own. I’d really appreciate any help from the pros here.
6 Reply Quote Share
dr_atlasMember
Posts: 419 · Reputation: 65
#2Jan 7, 2025, 02:21 AM
To judge whether it's a waste of time or not, I want to ask you a simple question: is this your own genuine wallet.dat or did you get it from anywhere? Be honest! I don't need to know where you got it from or if you paid for it or not, if it's not your very own wallet.dat file. Apparently the wallet file is encrypted (to be expected) and you don't have the encryption passphrase. Can I ask why you didn't backup the wallet encryption secret? Do you have any clues about the encryption secret, length, of what parts it might be composed?
3 Reply Quote Share
delta_neonFull Member
Posts: 27 · Reputation: 707
#3Jan 7, 2025, 05:10 AM
My advice use this wordlists.  Use hashcat the newest version. John the Ripper is very slow. And use this rules. I think it is the most powerful rules out there on public. If you know part of the password it is more faster to bruteforce it than using wordlists. Or you can make passwords from your known passwords.
4 Reply Quote Share
keyMember
Posts: 20 · Reputation: 215
#4Jan 7, 2025, 05:55 AM
It's mine. I don't remember the passwords from that time; I change them regularly. They're less than 12 characters. I don't know why I didn't think to make a backup at the time. I had it on a hard drive from an old laptop. I already have the hash. The dumps show keys, but they're encrypted. It makes me wonder if a password leak might help me. My head feels foggy from thinking about this so much, so I'm here to see what you recommend.
2 Reply Quote Share
titanx539Member
Posts: 804 · Reputation: 117
#5Jan 7, 2025, 06:15 AM
Is the wallet actually from 2010 or do you mean that the wallet was created in 2010 but you had been using it a few more years? Because wallet encryption is introduced in v0.4.0 which was released in Q4 2011. If it's not used after v0.4.0 and encrypted with that version, then it may be clue that it's somehow encrypted using an experimental/development version. Or it's just another fuzzy memory of its origin.
1 Reply Quote Share
blockhub968Full Member
Posts: 978 · Reputation: 317
#6Jan 7, 2025, 07:28 AM
BTCRecover (https://github.com/3rdIteration/btcrecover) should work and it's probably most recommended recovery software on this forum. It has --data-extract-string parameter, so you can attach hash you already extract. Have you checked page https://en.bitcoin.it/wiki/Wallet_encryption or https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README? But both of them refer to encryption on older version and i don't know what changed since then.
4 Reply Quote Share
Posts: 342 · Reputation: 30
#7Jan 7, 2025, 09:20 AM
Try this. The FinderOuter, a bitcoin recovery tool (v0.20.0 2024-11-13) It's just my introduction to FinderOuter that if you want to try, try it offline. Coding Enthusiast was no longer active in the forum since August 2025 but you can try to post in his FinderOuter thread, and see whether he comes back to support you.
3 Reply Quote Share
dr_atlasMember
Posts: 419 · Reputation: 65
#8Jan 9, 2025, 07:30 PM
OK, the basics: You should have enough backup copies of your original wallet file, so that you won't ever loose the original. You never work with the original, you work on copies of a copy of your original wallet file. Key is to never ever modify the original. You work in a safe environment which in most cases won't need a network connection. You don't want to foolishly loose your wallet file to some hacker, even when it is still encrypted. Your wallet file copies have to stay away from online devices of which you're not sure how safe they are. Temporarily turning off the network doesn't make a device persistently safe. A compromised device can still leak data later once a network connection is re-established. Document every step and recovery attempt so you don't loose track what you already tried. I would very highly recommend to test your recovery tools with a self-created encrypted wallet which encryption passphrase you know. Just pretend you don't know it and give the passphrase generator better hints so you don't spend too much time to test. Evaluate your toolchain from start to finish with your sample wallet as if it were the real wallet to crack (begin with hash extraction, because if you mess up already here, nothing will work later). If you can't find the solution for the sample wallet, it's not likely you would find it with your real target wallet. Write down anything you remember how you created your passwords. Many people stick to a certain composition scheme. Relax and don't try too hard, this blocks your head. You're not in a hurry, I assume, so take your time. Less than 12 characters sounds like doable, if you have some reasonable hints for rules for the password/wordlist generator. Of course it depends on how you composed your passwords in that time. Human memory is fragile, especially if you don't refresh it regularly by repetition and use. What I menat with my question was, why didn't you write down your password? What made you think you could remember it indefinitely? Your and numerous other cases proved, people will forget their secrets, it's almost inevitable. I have very own experience with forgetting passwords and passphrases which I thought I won't forget. I even had written down some hints, but seem to have introduced something new which I couldn't remember, foolish me... That wasn't a nice experience, rather embarrassing. Now I document and write down anything or store it in password managers with enough backups so a total loss is quite unlikely. I have no idea what you mean by that. Frome where should or could your wallet encryption secret leak?
4 Reply Quote Share
Posts: 7 · Reputation: 31
#9Jan 11, 2025, 09:29 AM
As long as the wallet isn't this 1KDUcZh5Z6H1of4Pwoy5ojJtkQxcQBHhnH and remembering that password is less than 12 characters, the best option to try is BTCRecover. Better yet if you remember some of the password characters or order. Coding can help sort this out.
4 Reply Quote Share
keyMember
Posts: 20 · Reputation: 215
#10Jan 11, 2025, 11:00 AM
What's in that 1KDU wallet...? I'll try everything else you've suggested, thanks.
3 Reply Quote Share
titanx539Member
Posts: 804 · Reputation: 117
#11Jan 11, 2025, 11:34 AM
It has the same balance and approximate date that you've described in the OP. (but the UTXO is actually a P2PK output linked to its pubKey) Also, it is a famous address that's claimed to be included to some "for sale" fake wallet.dat files online.
4 Reply Quote Share
the_orbitNewbie
Posts: 232 · Reputation: 30
#12Jan 13, 2025, 10:06 PM
What size your file? For example, in my collection I have a file with a balance of 8.5 bitcoins and the size of this file 81920 bytes. Your "wallet.dat" file may be fake, given that this address is offered as a solution to the puzzle, which you can read about here: https://bitcointalk.org/index.php?topic=5573629.msg66377133#msg66377133
3 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics