1. Introduction

“My relative passed away, and we found this Bitcoin wallet on his computer. Can you help us recover it?”

“My friend is a miner, a really reliable guy. He gave me this wallet. I spent 3.6 million yuan on 20 high-end machines to try to recover it. They've been running for half a year without success. You have experience—can you take a look?”

“My friend owes me money and hasn’t paid it back. He gave me this wallet as repayment. Can it be recovered?”

“I broke up with my boyfriend, and he gave me this wallet as a breakup gift. I forgot the password—can it be recovered?”

“This is my own wallet. I accidentally leaked it, but I have some password clues. Can you help me recover it?”

After doing password recovery for five years, I’ve seen quite a few clients come to me with publicly available wallets for recovery. It happens every year, but especially often this year. I've received at least fifty inquiries about public wallets this year. So today, let's talk about the stories behind these public wallets.

2. The Difficulty of Distinguishing Real and Fake Public Wallets

Public wallets refer to BTC/LTC/Doge wallet.dat files and other similar files that are publicly sold online. They lead people to believe: (1) the files contain encrypted private keys; (2) with the right password, one can decrypt the private keys and transfer coins; (3) anyone might be able to crack the password. Based on these three beliefs, websites selling these wallets can make money, and many crypto enthusiasts try their luck hoping for huge returns from small investments.

In my line of work, I had to understand public wallets, so in 2021 I spent 35,000 yuan to purchase around 60–70 of them. After analyzing their features, I found it extremely difficult to distinguish genuine from fake wallets, which is related to the structure of Wallet.dat files.

A Wallet.dat is a key-value database that stores various data related to private keys, public keys, and addresses. The most important components are the masterkey (the master private key) and the address private keys. The masterkey is used to decrypt address private keys; the address private keys can generate public keys and addresses and are ultimately used to sign and send transactions. Without the correct private key, you cannot transfer coins from the associated address.

The reason it’s impossible to tell whether a wallet is genuine lies in the ease of modification—Wallet.dat files can be altered without leaving any trace:

1. Public keys can be written in arbitrarily, and even if they don’t match the private keys, there’s no way to verify that; this makes a fake Wallet.dat appear identical to a real one—it can sync transactions and update balances, but you won’t be able to send coins.

2. The masterkey ciphertext can be altered or randomly generated, making it impossible to find the corresponding password. Even if you do find one, the decrypted master private key could still be wrong.

3. The address private key ciphertext can also be altered or randomly generated, so even with a correctly decrypted masterkey, the address private keys may still be undecryptable.

3. Password Recovery Technology and Its Difficulty

This starts with how encryption works. The generation process of the masterkey and address private keys is as follows:

1. Masterkey generation: a 32-byte random private key is generated—this is the masterkey.

2. Address private key: a 32-byte random address private key => encrypted with the masterkey => stored together with the public key in the Wallet.dat file;

3. Masterkey encryption: user password => N rounds of SHA512 iteration => generates the encryption key for the masterkey => masterkey is encrypted => stored in the Wallet.dat file;

From the process above, we can derive the decryption steps:

Guess password => N rounds of SHA512 iteration => generate the key used to encrypt the masterkey => decrypt the masterkey => if decryption fails, keep guessing; if successful, use the decrypted key to decrypt the address private key => if successful, coins can be transferred—only then is the recovery successful; if not, continue guessing.

The difficulty of decrypting the masterkey lies in the following:

1. The user-defined password goes through N iterations, with N varying from wallet to wallet—from tens of thousands to hundreds of thousands. The higher the number, the slower the recovery speed, the fewer passwords can be tried, and the harder the recovery becomes.

2. The user's password usually has no hint, and the possible space is enormous. Some public wallets claim to provide password clues, but these are highly unreliable and often fake—you have no way of verifying them.

3. Massive computing power is required to brute-force the password space. The cost of building facilities, equipment, electricity, and management can run into millions or even tens of millions, often with no return. With such an investment, it would make more sense to mine or rent computing power for stable returns.

4. The public wallets’ public keys, address private keys, and masterkeys can easily be forged. With such a high probability of being fake, who would risk real money trying to recover coins from a possibly fake wallet?

4. Conclusions on Public Wallets

In short, public wallets can be summed up in three points:

1. You are very unlikely to decrypt the masterkey;

2. Even if you do, you’re unlikely to decrypt the address private key;

3. Even if you manage to decrypt the address private key, it may not match the public key, and being unable to transfer coins would actually be the normal result.

The issues with public wallets have been clearly explained above. Many people will probably give up on the idea of recovering public wallets after reading this.

But if you believe you are the chosen one of destiny, you might still give it a try—maybe you’ll decrypt a big wallet and strike it rich overnight.

Just don’t come to me again with a new story and a public wallet to recover...