What is the recovery success rate? : Interview with Dave Bitcoin Wallet Recovery Services (All Interviews)

Called a savior by many, the man who goes by the pseudonym “Dave Bitcoin”, is the creator of Wallet Recovery Services. Dave has been recovering many wallets for people who had lost their keys. Since its start in 2013, the inquiries have created a massive opportunity for this new part of the crypto world to expand, and Dave’s endeavors of creating a trusted platform for desperate people to recover their long-lost wallets have been fruitful. In this interview, Dave talks us through, the process of recovering a wallet, fraudulent attempts by frauds, etc. Please take a look.

Interview Date : 25th February 2021

Dave Bitcoin (All Interviews)

Why was Wallet Recovery Services created?

It started back around 2013 when I got interested in Bitcoin and blockchain technology. A lot of the conversations were happening on the forums, especially BitcoinTalk. I noticed people posting about losing their passwords and getting locked out of their wallets. Back then, Bitcoin wasn’t so valuable, so losing access to a wallet was not usually a huge financial loss. But I thought I could help people unlock their wallets and at the same time learn a bit more about wallet encryption. I had a background in software development before I came into this field so I put together some code to search for passwords. To begin with, it was just a hobby and a learning experience, I didn’t set out to build a business around it. Only later after I had some success, people would post feedback on the forums, and I would get more inquiries. That is how it evolved into a business. It was born out of a need from the people in the space.  Every now and then the work gets very busy, so I have a partner who helps out equally with the business.

Have you done paid advertising?

I have never taken out paid advertising, and it can be quite difficult to do in the mainstream channels. Google for example has limited who can advertise crypto services, because they are a bit wary about scams, etc. However, you can still find on the BitcoinTalk forum the original thread where I announced the availability of the service. That was when I decided to give the service its name and start operating as a business.  In those days, it got known just through word of mouth and people posting about it on forums. That’s how people usually discover the service.

Have you lost your keys?

I have never lost the keys to my wallets and have not had to crack my own password. I’ve thought about it when I’m writing my passwords down. I think “will I be able to find that if I lose it?”, but still choose passwords that would be quite difficult for me to recreate.

Is it hard to do recoveries?

There are a number of factors. Early on, there was primarily one type of wallet called the Bitcoin Core wallet and that is all I worked on at first. But nowadays, there are so many different types of wallets, and I try to implement support for as many as I can. So, step one is to figure out if I support the type of wallet and have enough information from the customer to proceed further. The next step is setting up a search for the password, and that really comes down to getting good ideas about potential passwords from the customer. For example, what sort of patterns they repeat, what kind of words they commonly use, etc. And then, by doing a very intelligent search, you try to figure out what the correct password is. So, that really is the key. It is all about how smart you can be when you’re searching for a password as opposed to just trying every possible character combination through brute force.

Do you use brute force to find passwords?

There’s this misconception that I brute-force passwords. People assume that one can try every possible password and I’ll eventually find the right one. If somebody used a very short password containing say 6 or fewer characters, then possibly you could brute force that for some wallets. However, anything more than that is impossible for most wallets.

Have there been customers inquiring and suddenly remembered through the process?  

Yes, there have been a few times where somebody will send a list of possible passwords, and I’ll fail to find a solution. So, I’ll go back to them and say “can you think of more ideas, such as names you use or dates, for example?”. That sometimes jogs their memory and they get their wallets back.

Are there people who have tried to hack other people’s wallets?

I have always had a policy not to work on wallets where the customer does not have good ideas about the password. Quite a few people write in and say “here’s a wallet and I have absolutely no idea what the password is”. Generally, I will not work on those inquiries because there’s a possibility it may be a stolen wallet. If I do work on it and find the password is very different from their suggestions, I will ask “do you have proof of the wallet being yours?”. Through this, I can try to establish ownership or some deeper knowledge of the wallet’s history.

What is the most common suspicious request?

A common request I get is from customers who purchase a wallet then contact me saying they’ve located their wallet from many years ago.  So not exactly fraudulent but a little bit of an untruth. There are services who acquire wallets and make them available for sale, so they repeatedly sell the same wallet to others. Such wallet buyers will contact me and say “I just found this wallet file from 8 years ago, and I’ve forgotten the password”. Customers with stolen wallets do use the same story, but I can very easily tell whether I have seen a wallet before or not, and tell them apart. To avoid most cases of fraud I compare the wallet to the ones I’ve seen before and try to get really good password information from the customers.

Are the customers a part of the recovery process?

The customer is involved mostly in the initial stages of the recovery, providing me the wallet information and their password ideas.  There are some wallets where only the owner can approve certain actions, so I need the cooperation of the customer. That is a nice feature of wallets such as blockchain.com and others with 2FA, where users will receive an email or text asking them “do you approve of this recent activity?”.  For the password ideas, some customers have made their own lists of attempts they’ve made, and this can be a very helpful starting point.  For some more esoteric wallet formats I’ve had customers do their own research into how I can add support for that wallet type, which has been quite helpful in more than a few cases.

What is the recovery success rate?

I have a 35% success rate, which is possibly not as high as people assume. However, I do continue working on the wallets I am not able to recover now. If I don’t succeed at first, I’ll put them back in the queue and keep coming back to them. What that means is that as my software gets smarter over the years, I will go back and retest older wallets. I’ve succeeded in recovering wallets 3+ years after somebody has sent them to me. People were very surprised when I finally emailed them back with good news. So, my success rate is gradually increasing as the software gets better. I don’t think I’ll ever be able to solve all inquiries, but a success rate of 50% may eventually be possible if the system gets good enough.

What are some concerns you have about the business?

Certainly, opening wallets that don’t belong to the customer is the number one concern. I’m also wary of opening wallets that have shady origins, such as online trading in illicit products, or thefts from compromised exchanges.  But it’s becoming easier to trace the origins of funds or at least look for warning signs, as blockchain search tools get smarter.

How can I know what is a good wallet?

You’re looking for a wallet that has a good team behind it and a solid track record for stability and security.  Having said that though, it’s tricky for someone to try figuring out on their own whether a wallet has had a lot of person-hours put into building a great secure wallet or if it is something somebody just threw together. Often if you’re investing on the cutting edge of new coins and new blockchains you won’t have too much of a wallet choice, but I would recommend entering those waters carefully and being aware of the risks.  If you’re investing in more mainstream coins read some reviews and choose a wallet that has been around for a while and is used by many.

Should I hold my keys or give them to my custodian?

This is the subject of an ongoing debate – custodial vs non-custodial wallets.  Custodial wallets being those where a 3rd party, often a website, holds the keys to the wallet, and non-custodial being those where the owner is fully responsible for holding the keys. I have unfortunately seen the bad side of both.  I get a lot of queries from customers who had wallet keys held by a provider or a website. Many have lost all their money because of that. They will come to me and say “I’ve got login information for ‘this’ site but it’s gone out of business, so can you do something to unlock it?”. But there’s nothing I can do in such cases because the private keys are locked up in a business that is not running anymore.  On the other hand, I get a lot of queries from customers with custodial wallets who lose their keys and are surprised the wallet provider cannot help them out – which they cannot because they do not store the customer information.

The best compromise is perhaps a custodial wallet where you fully trust the site to hold your keys and restore access if you can prove ownership, but they have also provided a way to access your coins if they go out of business.  An example of that is wallets that hand out standard recovery phrases, which make it possible for users to recover their wallet on any other platform. That’s the best portability you can have.

What if I write down my recovery phrase wrong?

A recovery phrase is a great innovation, as it allows you to restore a wallet without a wallet file or a password.  However, many customers ignore confirmations and skip over risk warnings, and don’t write down their recovery phrases or record them with errors.  The good news is that if they have written it down with only a few errors I can usually help recreate the correct phrase.

Should you pay for a wallet or use a free option?

I don’t think it’s necessary to pay unless you are paying for a custodial service that will securely hold your account behind multiple layers of protection. For example, you get to the point where you are storing hundreds of thousands of dollars’ worth of cryptocurrency, and you are concerned about both long-term storage and the dangers inherent in making each transaction. In that case,  I think it’s fine to look for a custodial service that will absolutely secure it and perform transactions safely. So, I think people should start looking for a custody service that is related to securing a high value.

Apart from that, I think there are enough good free or fairly inexpensive wallets. I personally use a hardware wallet, which secures your keys even if a hacker gets access to your computer, so that is the best option for me currently when I’m performing transactions every day.

Is there a need for wallet recovery services?

There is definitely a need for it and I have some competition in the space nowadays. They vary from pretty solid-looking businesses to people who are trying to pretend to be me by using a very similar name. A customer needs a high level of trust if they’re going to feel comfortable sending in the keys to their wallet and not worry about losing everything.  That’s what I aim to provide, the most trusted service available, and I think I’ve achieved that.

Are there fewer people losing their keys today than before?

I always worried that my business would tail off as Bitcoin would get more valuable and people would take more care of their information and passwords, but that apparently was not the case. Early on, wallets were quite bad at warning you about the risks. Some of them wouldn’t even verify that the user typed their passwords correctly during setup. However, nowadays there are warnings saying “write down your recovery words” or “type your password multiple times”, etc., and people still mess it up.  I think as long as there are wallets where the user holds the keys, people are still going to require help.

Can you tell apart tech-savvy people from non-tech savvy ones?

You can definitely tell when they get in contact. But there is no judgement, I’m happy to help everyone.  I will often need to help customers find their wallet files.  On the other hand, a more tech-savvy customer will know where everything is stored, they will have researched the problem, figured out what version of wallet software they were using, and even tried open-source software. The interesting thing is that for the more tech-savvy, in a way, it is almost harder to help. They usually will have chosen a more difficult password. Usually, they are the ones who will tell others “you need a really long password with complex variations” etc.,  and so they come up with these extremely complicated passwords for themselves too that are very hard to find. However, the least tech-savvy person might say “I always use this password or something similar for everything”. For them, maybe all I need to do is put a “!” sign on the end to find their password. It is a nice outcome for them because they successfully get their Bitcoins back.

What kind of interesting stories do you get?

I get a lot of interesting stories, and sometimes some really sad ones. One time, I received an inquiry from somebody whose family member was really sick and they could really need the money. At this point, you just hope you can help them, and it’s nice when you can. I’ve had some wonderful stories about how I’ve changed people’s lives, however, it is the opposite feeling when you can’t help them.

Interviewer , Editor : Lina Kamada

【Disclaimer】

The Article published on this our Homepage are only for the purpose of providing information. This is not intended as a solicitation for cryptocurrency trading. Also, this article is the author’s personal opinions, and this does not represent opinion for the Company BTCBOX co.,Ltd.