- Learn how to use hardware wallet and paper wallet, and how it can fail
- Don't be overly paranoid on wallet security, it would backfire
- Always test spending from a wallet several times over a week before putting large amount of money into it
- Use Dave Bitcoin (walletrecoveryservices.com) as last resort if you get locked out really unluckily
Today I learnt a good lesson by making my BIP38 paper passphrase too complex, too long and making a new password for each new wallet and each new transaction. And finally I was locked out of my own wallet.
Fortunately I just lost access for it for 2 days thanks to Dave Bitcoin and walletrecoveryservices.com. It's been risky on trusting someone with all my bitcoins after reading news and info about him for just 15min on Google. But given I'm been trying my luck on all possible passwords for the last 2 days and write my own bruteforce BIP38 cracking script with my vague memory of password, I surrendered. I turned in my wallet info to Dave, hoping he can find my passphrase and return my coins honestly.
After about 1 day, Dave came back with the right passphrase and took the agreed 20% (of my lifetime btc saving) comission in the wallet. I was actually pretty grateful of him though at the same time jealous of him making a good fortune out of my stupidity. Given BTC's historical increase in value, 20% can be gained back quickly, so I still think it's a fair deal.
A little more tecnhical detail here, I am a programmer myself so I did try bruteforcing the wallet before talking to Dave. I firstly figured out how to "test" if a passphrase is right given an btc address and a BIP38 encrypted private key. After that I implemented a dictionary generator based on my best guess of my passphrase, and I ran my passphrase test script over all the possible passphrase I've generated – just to realize it would take 3 day to 1 month to finish testing a very incomplete list of possible passwords on my laptop. And I don't know how incomplete or complete my dictionary is. I would be very upset if I can't resolve this issue asap and I was kinda already mad. Though I think I know how to build a distributed batch processing system on Amazon to speed up my wallet recovery, I am too upset to sit down and do it.
And fast forward to after Dave found my passphrase, I realized actually my memory wasn't too far off. So it won't take too much compute power to bruteforce my wallet as long as I keep trying slight variations of my wrong passphrase. If I were more deligent scaling up my script on AWS, it could have costed $30-$300 USD compute power to regain access to my wallet (depending on if the implementation is bad or really bad). But there's always a grain of luck and patience and risk in this task of wallet recovery. I may have never been able to recover it.
Well, after all, these are all post-moteum thoughts, just like people being regretful of not buying Bitcoin when the price were still $1 or $1000 or $3000.
I'd like to say thanks to Dave, and I'd like to spread the word about his service. Dave's wallet recovery "business" needs trust to work, so I am writing this post to remind me of my weakness and stupidity and to build up a little trust to Dave's wallet recovery service. Dave works with almost all cryptocurrencies and all kinds of wallet format.
I hope nobody ever have to use Dave's service, it's still a very stressful experience to the very least. Yet the fact that there's a trustable cryptocurrency wallet recovery service out there make me feel a little less stressful in using Bitcoin and feel better about the people who actually need to use wallet recovery service.