1 Year Trying to Crack My 2013 Bitcoin Wallet — Need Expert Advice
#1
Hey everyone,

I’m looking for some guidance from those with experience in password recovery/cracking.
For nearly a year, I’ve been trying to recover access to an old Bitcoin wallet (wallet.dat from 2013). I extracted the hash and have been attempting to crack it using an RTX 3060, but haven’t had any success so far.
Recently, I discovered Vast.ai and was able to run jobs on more powerful GPUs (including an RTX 5090). I was hopeful this would make a difference, but unfortunately, I still haven’t had any luck.

So far, I’ve tried:
  • Variations of old passwords I may have used
  • Brute force with numeric ranges (0–10 digits)
  • Short brute-force masks (1–5 characters, all character sets)
  • Large wordlists (including weakpass and similar sources)

At this point, I’m considering expanding brute-force attempts to longer character lengths, but I’m concerned about cost vs. benefit.
I’d really appreciate advice on:
  • The most efficient GPU(s) for this type of workload
  • Cost-effective strategies (especially when using rented compute like Vast.ai)
  • Smarter approaches beyond pure brute force (mask strategies, rule-based attacks, etc.)

Any tips or insights would be greatly appreciated.

Thanks in advance!
Reply
#2
Have a look at comboleetor, available at https://www.jimby.name/techbits/recent/comboleetor/

It's useful for generating passwords that are combinations of words, numbers, punctuation.  It's particularly good if you used to use a password "system" like "lastname+randomnumer+punctuation+otherword" or something like that.

The basic idea is that you use word blocks, number, punctuation, and leetspeak in any order and comboleetor generates a password file that you can then use with hashcat or john.

Best of luck!
Reply
#3
I have some experience in that field.

First of, I want to warn you about falling for the trap of investing in more hardware, physical or rented. In particular when using cloud computing, you can easily burn money while not significantly increasing your chances to find the password. A RTX 3060 should have enough computation power for most cracking jobs. Recovering a wallet is more about knowing what you are searching for and limiting the search space intelligently.

For example, you might end your password with three consecutive numbers or shift variants of those numbers leading to special characters. Using a rather stupid mask for this -1 ?d?s ?1?1?1 would result in (33+10)^3= 80,000. combinations. Using smart rules or a generated wordlist would result in only 8*3=24 combinations assuming only the ending numbers are shift and always consecutive which matches most peoples password behavior.
In other words, being intelligent about attacks matters much more than computing power which scales linearly with costs. Your concern about the cost vs. benefit is warranted. The solution is in intelligent attacks, mostly using rules which I read you have not yet explored properly.


In your case it sounds like you might have deviated from your regular password pattern. Think of using rules to double or tripling characters in positions using rules, using rules to delete characters or doubling them, using a leet speak rules, consecutive shift rules etc. Also try if you might have used a mirror or sandwich pattern (123Bitcoin123 ,321Bitcoin123) using rules. Last resort, try rules like prince_optimized.rule or prince_generated.rule that try all combinations of your password fragments in different order.
Think back about the time you created the wallet, you might have used cues from your surrounding, e.g. name of a person, street, music, favorite beer, old-girlfriend etc.

If you can still not find it, search for a recovery specialist in your neighborhood, preferable the ones that you meet on physical meetups or that are recommended to you by people you physically know or see on crypto meetups. Never go for companies that ask upfront payment, they are scammers. A good recovery specialist never asks for upfront payment.
Reply