
How I recovered cryptocurrency from a broken laptop - 11thEarlOfMar
https://www.engadget.com/2017/12/05/how-not-to-store-your-bitcoins/
======
siculars
I'd call myself a developer and a "computer" expert, especially relative to
99% of the people I know in real life. I've also been in the bitcoin game a
long time. I run full bitcoin and monero nodes. Absolutely none of this is
easy and frankly, at times it can be absolutely terrifying considering the
sums of real dollars you may be transferring. To think that the market cap of
Bitcoin and Crypto in general is where it is is actually shocking considering
how absolutely _UN_ friendly the entire endeavor is from step 0 to actually
buying, selling, transferring coins or buying goods and services.

When using cryptocurrency becomes as easy as pumping gas or sending an email
or depositing a check - watch out, because it inevitably will become that
simple. It will make the run up we've seen in 2017 seem absolutely darling.
I'm certain the usability will come. Personally, I'm waiting for Square Cash
to figure it out and then integrate with Twitter.

~~~
cstejerean
I don’t know, for buying and selling Coinbase seems to be pretty user
friendly. You can sign up for an account, link it to your bank account and
start trading in minutes. Not sure how much easier it could get.

~~~
siculars
Right, I was gonna say that Coinbase is currently the best way to buy and sell
coins today. I can say that as I have accounts on a number of exchanges.
Still, Coinbase does not let you know that they also operate GDAX.com, where
you can "make a market" and buy/sell for _no fee_. A buy/sell on Coinbase is
basically a market order on GDAX.

~~~
syntheticcdo
Navigate to coinbase.com, scroll to bottom: Products - GDAX. Hardly a secret.

~~~
netsharc
Sigh... "You just had to go the basement bathroom past the sign that says
beware of the leopard!" (To misquote Douglas Adams). I had to have a friend
tell me that there's seamless transfer between yhr 2 systems, if they really
wanted to let you know they would've had this trading capability as no. 4 in
their "Getting Started"..

------
jakewins
Someone else might find this tool I wrote useful, it finds BTC wallets by
scanning raw block devices:

[https://github.com/jakewins/findbtc](https://github.com/jakewins/findbtc)

I deleted 26BTC a while back when reinstalling a laptop, because they were
effectively worthless. A few years later, they weren't anymore, so I wrote
this to get them back. As long as the file system isn't encrypted, it scans
the raw bytes on the disk to find remnants of wallets. It also unzips
compressed files it finds and does the same scanning in there.

~~~
joshstrange
How do you build this? I see it's go and I have that installed on my laptop
but I'm not familiar with the commands to run to build it and the last 15min
or so of googling around have been fruitless.

~~~
jakewins
If you have Go installed as per
[https://golang.org/doc/install](https://golang.org/doc/install) you can
build/install this project like this:

> go install github.com/jakewins/findbtc

I'll update the readme!

If that's giving you trouble, I can cross compile it here and upload a binary
to github for you if you tell me your OS and processor - although since this
is potentially sensitive software, I'd advice building it from source

------
tlb
Are there good estimates of the amount of bitcoin lost every year due to
carelessness? Based on many anecdotes like this, I fear it's pretty large.

Bitcoin was supposed to be slightly inflationary, due to mining. But if a
sufficient fraction is lost every year due to hardware failures and forgotten
passwords, it will end up being deflationary. Someday (around
log(1e6)/log(1+x) years from now, where x is the fraction lost every year),
there'll be only 21 bitcoins left in the world, trading either at 0 or a
number with 3 or 4 commas.

[edit: fixed in/de-flation mixup]

~~~
kristopolous
First there's no practical way btc can be deflationary given the current
interest. The currency pool hasn't kept up with the amount of fiat in the
markets at all.

Anyway, second part:

[https://bitinfocharts.com/top-100-richest-bitcoin-
addresses....](https://bitinfocharts.com/top-100-richest-bitcoin-
addresses.html) is a good list. What you're looking for are wallets with a
really early first in and no first out (or not one in a really long time).

#4 is a good one!
[https://bitinfocharts.com/bitcoin/address/1FeexV6bAHb8ybZjqQ...](https://bitinfocharts.com/bitcoin/address/1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF)
This wallet was last touched in 2011 and has $1,008,433,581.88 in it (yes, ba-
ba-billion) Either this is the most disciplined investor ever or it's a lost
file.

This person dropped $1,000 in 2010 on a few btc and it's now worth $245million
([https://bitinfocharts.com/bitcoin/address/1PeizMg76Cf96nUQrY...](https://bitinfocharts.com/bitcoin/address/1PeizMg76Cf96nUQrYg8xuoZWLQozU5zGW))
... again, that's either super discipline or just a misplaced file.

The untouched wallets are sadly really really common, especially when you get
a few pages in ... you see things like this:
[https://bitinfocharts.com/bitcoin/address/13DyBwhpDw6152q1dr...](https://bitinfocharts.com/bitcoin/address/13DyBwhpDw6152q1drbK2US5S3CdY1mRnU)
... this person put in $8 (100btc), then $21 (400), then $122 (1700) and that
was their july, 2010. Now it's $26.3 million.

Nobody ever believed the fantasy talk in 2010 that 1 btc was going to be worth
a dollar, yet alone 12,500! Lots of people were really careless.

I'm there somewhere and have millions of dollars of bitcoins in a lost wallet.
Weee, how fun!

~~~
soneca
Layman question: there is no way to brute force access to these accounts?

~~~
flashdance
Yes, maybe, kind of?

With quantum computing it's expected that the ECDSA public-key cryptography
used in bitcoin addresses will be broken. However, the ECDSA public key is
only exposed when your first transaction _out_ of the address is signed. If
you only use addresses once (recommended practice), an attacker would have to
break your private key faster than it takes for your transaction to propagate
to the entire network in order to steal your coins. It would take a long time
between the first cracking of ECDSA to nearly instantly being able to crack
it. For example, the first publicly-disclosed attack on SHA1 took 110 GPU-
years.

If the accounts listed by the OP have sent transactions in the past and reused
addresses (which was common back in 2010/11), it's possible the private keys
can be bruteforced in the future.

If not, we don't know the ECDSA public key for the address. Bruteforcing it
gets a LOT harder--but never say never.

------
cryptodogemoon
>People .. ridicule cryptocurrencies, dismissing bitcoin as a scam, a Ponzi
scheme or a bubble.

>Wealth disparity is at record levels and the ultrarich have cornered the
market on every asset class, but with bitcoin, an entirely new economy has
sprung into existence. That's the pitch for decentralized cryptocurrencies:
They offer hope that there might be another, fairer way of doing things.

The irony here is Bitcoin, like most other cryptocurrencies are structured
similar to a pyramid scheme and highly favor existing capital to control the
supply and exploiting users who join the network past a certain date where
barrier to entry increases.

They tell the story of acquiring this digital asset for a small capital sum,
and simply passing it off to someone else for a greater sum. The intention is
not utility but psychological exploitation of greater fools.

[http://bitcoin.stackexchange.com/questions/86/is-it-
possible...](http://bitcoin.stackexchange.com/questions/86/is-it-possible-to-
estimate-the-gini-coefficient-for-bitcoins-and-if-the-trend-is)

[http://www.businessinsider.com/bitcoin-
inequality-2014-1](http://www.businessinsider.com/bitcoin-inequality-2014-1)

    
    
      Best estimates (2014) are that there are 
      about one million holders of 
      Bitcoin; 47 individuals hold about 
      30 percent, another 900 hold a 
      further 20 percent, the next 
      10,000 about 25% and another 
      million about 20%, with 5% being 
      lost. So 1/10th of one percent 
      represent about half the holdings 
      of Bitcoin and 1 percent close to 
      80 percent

~~~
jeffwass
Part of the irony around bitcoin is that some of the early users of Bitcoin
are from the Occupy Wall Street movement. We all remember hearing them request
donations via btc, people giving thousands of btc for them to buy pizzas.

I think (entirely without proof) it's likely that many of these organisers
were/are holding large quantities of bitcoins themselves and have become
unwitting millionaires.

I haven't heard anybody mention this before, but I'm very curious to know if
this bears any grain of truth. If the people who led rallies against the top
1% suddenly find themselves deep inside that 1% tail.

~~~
yodsanklai
> I think (entirely without proof) it's likely that many of these organisers
> were/are holding large quantities of bitcoins themselves and have become
> unwitting millionaires.

I suspect (no proof either) many early bitcoin adopters sold most of their
bitcoins long ago. They cashed out when their capital reached a significant
amount, long before becoming millionnaire. For instance, I suppose that if
today my BC portfolio were worth $5000, I'd sell them (because I certainly
would _not_ buy $5000 worth of BC today if I had none).

~~~
charlesdm
Maybe, but does it matter? If you made a few million, should you be sad
because you missed out on a few more?

The first (few) million are life changing. But the difference between 20 and
100m is flying private and owning a yacht vs flying first and chartering one
for the week.

~~~
daemin
The question is, can you actually cash out thousands of bitcoins these days?
Would any exchange support that and then would you be able to get your money
into your actual bank account.

Then comes tax.

~~~
pault
You still have to pay your taxes but cashing out a few thousand BTC on one of
the large exchanges can be easily done. 24 hour volume at bitfinex is $781MM
so you would have to dump a lot of coin to move the needle. A multi-thousand
coin sell all at once can cause a brief flash crash though. If you have tens
of thousands of coins you go to the OTC market.

~~~
jeffwass
I mentioned this before, but one of my former colleagues quit to trade BTC and
claimed he could account on some days for 10% of exchange volume.

No idea which exchange.

But his trading activity as far as I understand were on-average neutral (not
net long or short). Though I think he also kept a bunch himself too.

So volume alone does not imply the exchange could absorb a large one-sided
addition of sell orders without significant move in spot.

Also it's unclear if any of this volume is 'churning', by those with
significant quantities of BTC happy to pay transaction fees to create a sense
of false liquidity.

~~~
pault
Definitely. I did see someone dump 1000 BTC on finex the other day though, and
while it did cause a ~$1000 dip they were bought up in a few minutes. Like you
say though, there's no way of knowing if the buyers were third parties or the
seller rigging the order book (although I don't know how one could have much
control over a transaction like that without having control of the exchange
itself, but exchanges faking volume and manipulating the price is par for the
course in bitcoin land).

------
graniter
I can identify with the emotions in the article. I spent the better part of
the day wrangling with an old version of MultiBit to get some bitcoin out of
an old wallet. And I'm currently in process of trying to recover access to an
old Coinbase account that I'm pretty sure has a few bitcoin in it.

Part of the problem with all the security around cryptocurrencies is that it
can be really hard to keep access and not lose them. So many passwords, two-
factor authorizations, Authy tied to phone numbers, etc. I am not using nearly
as much security on my bitcoin stuff now. I think the risk of getting hacked
is lower than the risk of me losing access.

~~~
swah
I actually have no idea how to recover Authy/2FA if my phone is taken away..

~~~
letsgetphysITal
Authy keep the seed so you can recover the 2FA token providing you can still
log in to your Authy account.

That's why I use Google Authenticator. I don't _want_ the seed kept (or even
known) by a third party. I'll keep my own backup far, far away from any device
which also can be used to recover account credentials.

~~~
burger_moon
If you use Gemini exchange I believe they only support Authy, at least that's
what I had to use. Which is a little annoying having to use both Authy and
Google Authenticator depending on which exchange I'm using.

------
Shoothe
Ha, funny, just this Monday I had to recover wallet.dat from a slightly
corrupted HDD drive. What I needed is just the private key bytes (32),
unfortunately the disk was unreadable. What helped was RAW access to data on
disk coupled with this little tool that scans for private key signatures:
[https://www.makomk.com/gitweb/?p=bitcoin-wallet-
recover.git;...](https://www.makomk.com/gitweb/?p=bitcoin-wallet-
recover.git;a=summary)

Then of course the bytes had to be converted to addresses to check which one
had the money (and if I found it) and then to WIF to import in Electrum. After
half a day of stress I did numerous copies now.

------
hatsunearu
Oh man! At least the poor guy got his money back.

UX on cryptocurrency software seems absolutely terrible even today--I've had
countless problems trying to get my ethereum wallet working (still hasn't
worked!)

~~~
maxencecornet
Have you tried exodus wallet ? It's UX/UI is really good, I mean for a crypto
wallet

>UX on cryptocurrency software seems absolutely terrible even today

I still have nightmares about multibit UX, it was horrible

------
bdamm
The cold wallet problem has vexed me. The solutions seem immature given how
widespread this need is. For example, nobody seems to have developed a
Shamir's secret sharing approach to cold wallets, which seems like a natural
fit. Also, there remain these warnings that one must be very careful about how
to transfer funds out of a cold wallet (e.g. in one transaction) which seems
to defeat the entire purpose of having a cold wallet (which is safety of the
funds.)

~~~
dreit1
IMO it should be done like this. You have a hot wallet, probably on your phone
that has a half key. You keep a QR code somewhere else with the other half.
Combine these two and you have the cold storage private key. Additionally you
could have the full private key in a safe or whatever that you never touch.

In this system you can top up your hot wallet by specifying all transaction
details and then scanning the QR with the half code to sign the transaction
and send it off.

This would roughly as secure as some sort of 2FA method. The attacker needs to
have both the phone compromised, and the paper with the half key compromised.

~~~
siculars
I appreciate everything you just said and agree that this could work well for
some people. On the other hand, reading it through the eyes of the 99% of
people I know who can barely check their email, everything you said may as
well be written in Klingon. It is simply too difficult for most people to
understand.

~~~
chairmanwow
Cryptography is a necessary lesson that we need to teach in 2017. Lowest
common denominator is a hard threshold to design security for.

------
Double_a_92
And that's why i never put passwords or other keys on data that I need to keep
safe (as in an archive e.g.).

The chances of me messing something up and losing it forever is bigger then
the chance of somebody actually steeling it.

------
graniter
I wonder, how many of us here actually understand Bitcoin and
cryptocurrencies? I know several of us probably use them, but even amongst the
tech-savy, there seem to be very few who actually understand it, and even
fewer of those who participate in the programming of it. I understand the
descriptions of blockchains and it's advantages, but I've never looked at any
code. And I realize that anyone could in theory look at the code and
participate, but it's out of the reach of most programmers I think, let alone
regular people. So while on the one hand it seems to be a great "power to the
people" currency option, it's really still in the hands of a few.

~~~
nolemurs
> but it's out of the reach of most programmers

It's actually really not all that difficult. There are lots of details, and
understanding it _all_ end to end is definitely a task most people will never
do, but the issue is simply one of effort and motivation, not of fundamental
difficulty.

------
BLanen
People critical of increasing wealth disparity vouching for bitcoin is pretty
ironic and just highly stupid.

~~~
ric2b
Why is that? Simply because of the current distribution? That doesn't matter
much, what matters is what the system incentivizes.

Fiat incentivizes bailouts and devaluing poor people's savings by printing (or
QE'ing) money into gigantic financial middle-men.

~~~
drngdds
>poor people's savings

I've got some bad news about poverty for you, buddy

------
JepZ
Anybody knows a good choice for a long-living bitcoin wallet software nowadays
(cold-storage)?

Currently I am considering Electrum but I have no idead if thats a smart
choice. I do not require a GUI, but it should be maintained for a while (so a
large user base should help).

~~~
StavrosK
The wallet doesn't matter, as long as you have a BIP39-compatible seed (which
you can generate with many utilities), any software (or hardware) wallet can
be used.

------
sireat
This is very similar to what I had to go through to recover a few BTC in my
old Multibit wallets from 2013 this summer.

I had the same problem of underpaying for the transaction because I had to
sweep many small wallets.

There are many old wallets around which contain amounts too small to recover.
Let's say you have 100 addresses each containing $1, it is no longer
economical to sweep them into a single address.

Originally in 2011-2013 it was considered a good practice to create many
different addresses for receiving.

------
hitekker
This was a fun read although as others have pointed out, the end conclusions
are not supported very well by, and maybe are irrelevant to, the article as a
whole.

------
nolemurs
Weird choices all around for how to solve this problem. The author of the post
could have saved himself a lot of trouble by just focusing on the key backup
files and moving the keys to a bitcoin client like electrum that doesn't
require a full blockchain sync.

------
brailsafe
I feel like Engadget could use their screen real-estate a bit more effectively
;)

[https://imgur.com/a/TwXwA](https://imgur.com/a/TwXwA)

~~~
ladberg
That's your adblocker blocking the ad but failing to remove the surrounding
frame.

~~~
brailsafe
Interesting that you point that out. In a sense you're right, but actually
that's the default tracking protection built into Firefox now. No adblocker
required.

I was actually referring — in jest, in case that wasn't clear — to the fact
that the only content above the fold on this ultrawide display is a stretched
image of Hong Kong.

------
llazzaro
Had a similar issue. when I realised that multibit was legacy I though I lost
all. I recover priv. keys modifying the source code of multibit. pain in the
ass with hemorrhoids

------
thisisit
This is a good read. Count me on the same boat, thanks to the shitty Multibit
wallet but I am not in a hurry to open the wallet yet. That said:

> Four years ago, I was living in Hong Kong when a fellow journalist named
> Mike* and I decided to _invest_ in bitcoin. I bought four while Mike went in
> for 40; I spent about $2,000 while he put in $15,000.

Invest? Really? That is called speculation with the amount of money you can
afford to lose. If you were investing you would go all in and track the
progress and protect the password.

~~~
mrgordon
What is the problem with Multibit? Just recovered a 2013 wallet a few days
ago. Got a password on it or something?

~~~
thisisit
It's the issue highlighted in the article.

> Most users only need one wallet, but MultiBit practically demands that you
> set up multiple. On top of this, it allows you to add multiple passwords to
> each wallet, even though these aren't required.

So it gets confusing fast. Then:

> I tracked down an old version of the now discontinued software and
> discovered that there were multiple ways to restore wallets using MultiBit

So you got links for the old version?

~~~
mrgordon
Mine didn't have a password (only worth a few $) but yeah that sucks

I was able to just save the wallet (as a .dat I believe) and then inspect it
with a text editor. The contents were my private key and the date the wallet
was created. I then used my private key and my address to import the wallet
into a modern program.

------
HN15718653
I'm still confused (starting to fill with regret?) about bitcoin. I remember
lively discussions with friends circa 2012. None of us bought. We'd be centi-
millionaires?

Is HN now full of mega-millionaires, since the community is full of tech-savvy
early adopters?

Raise your hand if you made over a million. Raise both hands if you've made
over 10 million.

~~~
Grangar
I sold almost all my over 2000 coins back in 2011. No one who has bought big
back then has held on all this time, the only new crypto millionaires are
those who find old wallets just now.

