Categories
Cryptography Talk

Attention: Don’t buy wallet.dat files (Here’s why)

Today I had someone contact me asking me for help in recovering a wallet he had purchased. Long story short, he was scammed out of a lot of money, to buy this wallet.

He actually had the private key, but he was unable to spend from it. He got the following error when trying to spend from this key. Note that other wallet software might show this error in a slightly different format.

Code: -26, Error: mandatory-script-verify-flag-failed (Public key is neither compressed or uncompressed) 

Naturally, I set about on my expedition to see exactly what is was that was preventing this guy from spending the bitcoins. After all, all keys have to be compressed or uncompressed, right?

He showed me the private key, which was 5Km2kuu7vtFDPpxywn4u3NLpbr5jKpTB3jsuDU2KYEqetwr388P, so it looked like an uncompressed private key. Given that he couldn’t spend from it, I went to private key to hex conversion websites to convert it, but all of them gave me an error such as: “private key must be between [1, n]”. N obviously revers to the group order of the private key.

At this point, it was clear that I was dealing with an out-of-range private key. So I went straight to my Python console and typed the following commands:

import bit
import base58
import binascii
a = base58.b58decode_check(
"5Km2kuu7vtFDPpxywn4u3NLpbr5jKpTB3jsuDU2KYEqetwr388P")
b = a[1:] # Strip the mainnet version bit
# No trailing "\x01" because this is not a compressed private key.
c = binascii.hexlify(b)
d = bytes(hex(bit.curve.GROUP_ORDER)[2:]) # Get rid of the leading 0x

c # prints b'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'
d # prints b'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'

I could not believe it! I was dealing with the zero private key.

The zero private key

The private key at zero is very special. It can take many forms, but any key that results in zero when you modulo it by the group order is the zero private key. That means the above private key, which is equal to the group order, is also zero, even though it doesn’t look like zero at a first glance.

The bitcoin network does not allow you to spend from the zero private key – it is disabled because it breaks the point multiplication on elliptic curves. As a result, funds sent to the address corresponding to this key are lost forever. For some reason, many people keep sending it money to the point where it has almost 1 BTC.

If you try to broadcast a transaction spending from this address to a Bitcoin Core node, it will give you the above error. So it is not possible to spend money that is inside the zero public key.

A new technique by scammers

Scammers who are trying to sell you a fake wallet.dat file intentionally give you the zero private key, and an unlocked wallet.dat, to make you think that the wallet is legitimate. Of course, never trust an offer if it is too good to be true.

I strongly advise against buying any kind of wallet.dat file as 99% of them are fake or doctored to make it appear that there is a balance inside them when there is no such balance on the network.

Always stay vigilant, and never fall prey to any scammer.

By Ali Sherief

Editor-in-chief and serial coder & blogger.