Bitcoin trader recovers wallet with help of Claude(tomshardware.com) |
Bitcoin trader recovers wallet with help of Claude(tomshardware.com) |
Without it I would have given up way earlier, but the infinite patience to keep slurping in error messages and continue to troubleshoot really worked out.
Claude has limits that would make this simple statement be much more complicated-
Via Claude "So the chat upload file size limit is actually 500MB per file (not 30MB as many third-party sources claim - those appear to be outdated). The 20-file-per-chat cap and the 30MB-per-file limit in Projects remain consistent across plans. The real constraint at any subscription level remains the context window - how many tokens Claude can hold in memory at once during a conversation. "
I guess the user simply pointed Claude Code at a local folder containing all the backups and files, and Code went through them via find/ls/etc
> After finding a mnemonic that actually turned out to be their old password a few weeks ago, the user dumped their entire college computer files in Claude in a last-gasp effort. The bot uncovered an old backup wallet file that it successfully decrypted, while also uncovering a bug in the password configuration that was preventing recovery up to that point.
So it switched from brute-force searching passwords against a file, to brute-force searching files against a password?
So claude drafted an email even pointing to the right Internal Revenue Code (IRS Law), and specify why we fall under a specific category. The auditor got back to me two days later admitting their mistake and said our company now qualifies for $8k in tax credits. And a few months ago, it identified items in our AWS that saved us $250 a month (paying for itself).
So now I joke that even if I have a claude max plan, I've still come out ahead financially.
This is no joke; for better or worse, I see a day when I'm paying a lot more for this and it will be a bargain.
And it looks like those very helpful capabilities will continue to transfer to smaller models as well, as architectures and training regimes continue to refine.
I can fairly easily imagine a world where the only people needing to spend a lot of money on models are those that are using them to solve truly novel problems. The rest of us will get plenty of use at reasonable costs for the typical day-to-day helpful stuff.
Feels like a system that is deliberatly made to be more punishing for those who can't afford the help or the education to figure things out.
But in this particular tax credit, there's no way for the gov to know automatically what percentage of payroll was spent in qualified R&D expenses, since it's day to day business operations. Which is why we are _forced_ to hire an outside firm and pay them thousands of dollars (when Claude did an even better job), just to analyze how much of our time qualified as R&D expenses.
The problem I have is that I am forced to have to find a firm to do this, and most firms won't even work with companies as small as ours. So then we're stuck and losing out on years of R&D tax credits at the moment, when I really don't need them anymore, to be honest.
IRS> Pay your taxes!
me> ok how much?
IRS> idk you have to figure it out
me> ...ok
IRS> if you get it wrong you goto jail
I gave Claude Code access to the Azure CLI and had it review usage. It found a couple servers that were underpowered, but it also found a lot of things that weren't being used at all. The total reduction was $40k a year.
I tasked Claude to analyze the files and figure out what's going on, and eventually we figured out that each file had a custom metadata header + thumbnail + actual image concatenated. I had it write a python script and was able to recover all the images with their metadata. It's nothing a human couldn't have figured out, but it was definitely WAY faster than doing it myself.
I've also used Claude in the past to figure out how to break into routers with locked down firmware. It's great at suggesting and trying different approaches.
TBF the real breakthrough was finding this, though no doubt they couldn't have recovered without Claude
Man. I wish I had a lost wallet worth a quarter of that even, technically didn't need Claude for this, just needed any password cracking software.
I didn't want to take the chance of force closing and losing everything. I used claude code to extract my text out of the browser internals and filesystem objects.
The increase in compute (decrease in brute-force cost) combined with price increases in many crypto tokens means brute-forcing old wallets can become worth it years after passwords were forgotten.
And of course even smaller, local AI models can now easily write optimized scripts to brute-force any given KDF function.
Moore law did its thing, now you can do it with a lot less computer power.
Claude found a file on the computer that the wallet owner had not found. Claude didn't crack a password or do anything magic, it just searched for a file that the wallet owner had not thought to search for before.
So, where the wallet owner had previously only tried to access /Users/example/wallet.dat, Claude thought, "why don't I check if there is another wallet.dat file elsewhere on the system?" which it did.
The outcome is the same, it is great that Claude tried something that the wallet owner hadn't tried, but this is more an example of how dumb humans can be rather than how smart Claude is.
The trillions of passwords are a red herring and unrelated to the solve.
They are really underestimating their audiance here.
In the physical world, I can't imagine too many people being happy that old keys to your house still work even after you've changed the locks.
Can someone more informed, help me understand how this worked and why it's ok.
I'm genuinely wanting to become more informed & better understand.
You can imagine that in your example, you didn’t change the locks on a house, but rather you put the house keys in a secure lock box and you changed the locks on this box.
Changing the locks on a house in this case means transferring from an old wallet to a new wallet and then abandoning the old wallet. That’s exactly what the OP is trying to do. It’s just that you need the original key to do it.
By getting stoned he was forced to hold until AI could solve his problem at a crypto high.
Claude-powered AI coding agent deletes entire company database in 9 seconds <https://www.tomshardware.com/tech-industry/artificial-intell...>
Claude Code deletes developers' production setup, including its database and snapshots <https://www.tomshardware.com/tech-industry/artificial-intell...>
I'd love to mine a bitcoin a day on my PC now...
But lets be honest - when BTC hit 100 bucks, we would have cashed it out thinking we were geniuses.
you can!... but they wouldn't be worth the electricity now either. the cost of mining (amortization of hardware costs plus electricty) is the value of bitcoin. if bitcoins are a bargain to mine, more people will mine them thereby reducing rewards.
should you have mined more back then if you had magical perfect knowledge of the future? no: they weren't worth the electricity.
instead you should have bought more of them back then.
https://www.coinbase.com/learn/crypto-glossary/what-is-bitco...
The other day, I asked Claude to track down the leaked Claude Code source so I could study it. It refused, saying “given who made me, I’ll pass.” It gave me some pointers on how to find it myself, which worked.
There isn’t that much of a difference between “help me crack this bitcoin wallet” and “help me crack this executable.”
I don’t exactly have a solid point, just some general observations. First, I think we’ll see AI more and more simply refuse to do any kind of forensics, as forensics becomes more powerful. Second, that implies local models will become more valuable, since they’re the only ones willing to do that kind of work.
I once got myself banned from Claude by researching barbiturates, since they’re connected with suicide. So my third observation is that we’ll see an uptick in people getting punished for trying to do things with AI that people don’t usually do. (Luckily the unban form worked.)
Someone downthread asked “how’d he convince Claude the coins weren’t stolen?” Which is an interesting question, because presumably some people trying to crack a wallet have stolen it. So I guess the fourth observation is that the exact framing you approach an AI with will become more important. There was the classic “do this or I’ll cut off my arm,” which worked a year ago. But in the future it will be more like “hopefully the AI believes my story, or else I’ll get into trouble.”
It’s good there are multiple AI vendors, or else it’d get real dystopian real fast when the de facto AI’s policy becomes something you have no way of working around.
I went from giving them away to anyone in the office who asked (very very few), to selling them for under market when they were in the $10-50 range. Only three people took me up on the offer then, and they bought moderately life changing amounts I've later been thanked for. Such as a down payment for someone's first home after he got married. Luckily they held onto enough of their coins to make a meaningful difference in their lives like I preached about at the time.
The number of folks who ping me at various BTCH ATH hitting the news is expressing regret and laughing about it is... a lot!
It was strange being the "Weirdo Bitcoin guy" for a time. Then you started hearing about it in the mainstream news/etc. and it got even stranger to me.
I did quite well for myself, but of course wish I could go back in time and actually go balls to the wall on my early mining operation. I thought I was being irresponsible enough as it were - maxing out my rental townhouse's electric service with a rack of GPU miners in my basement, and some sketchy DIY electrical work to make it all happen.
Unfortunate to me cryptocurrency devolved into such a horrible place with the shitcoins, etc. I dropped out from the scene fairly early since I was a True Believer and became quite disenchanted with the whole thing. All I was there for was "digital p2p cash" - I never once foresaw it as a major store of value.
This cycle is hostile in lots of ways, but the trustworthiness and absence of hostility in this dimension is quite nice.
… this dweeb had a file containing their seed in their backup, claude just searched through the files
Since we are dealing with Anthropic, the entire story could be staged of course.
edit: Personally I don’t think they would take advantage of it, but still worth moving the BTC asap
That doesn't sound very impressive. Not being tracked with a version control system is fixed instantly with a git init, git add ., git commit .no AI required.
Covering the app with tests is also something that requires no AI. At most, coding agents can generate characterization tests in broad sweeps, but we are talking about a delta between hand rolling and vibe-coding of a couple of days.
Where LLM shines is helping developers build up an understanding of what is in place. Running /explain on a codebase can quickly provide you with a high level summary of what's in place.
5 minutes later I had almost 3 hours of important footage recovered.
A lot of "Claude Code is best at X" claims are probably user-selection bias.
The people saying it are often exclusively Claude Code users, not people who are actively benchmarking Claude Code against Gemini CLI, OpenAI Codex, GitHub Copilot, and other agent harnesses on the same tasks.
The claim may still be true for certain scenarios, but the evidence is usually anecdotal, not comparative.
Getting any smart model to take a look at the task is the sort of lift that the speaker is usually pointing to.
A large percentage of passwords aren't a random string of characters but a memorable word + memorable number. There's existing projects that basically do the same, and 3.5 trillion doesn't really make it clear if one of those wouldn't have worked as well, but I can see it having an above random chance to guess a password.
I cannot relate to this at all. This information doesn't really seem that helpful. What might the strategy look like? Including spouses names or other proper nouns associated with you. But it's going to be a massive brute force effort still, and the likelyhood of a targeted crack that performs significantly better than more naive brute force passwords seems so unlikely.
Are your passwords like "SPOUSE_NAME:HOMETOWN_NAME"? Even if so there are probably more people with dictionary words that can be brute forced faster. IT would have to be the case that more people use patterns like that compared to something a regular dictionary attack could crack.
The best time to start using a password manager was 10 years ago. The second best time is now.
Thank you MtGox.
Then I was especially tempted years later after running into the MtGox booth at CES, and seeing how convenient it had become. I remember asking a guy at the booth if Satoshi was really still anonymous or if any insiders knew about him, and he said "no" but was bit surprised I knew about Satoshi. I guess Bitcoin was still quite niche then even amongst a technical crowd.
I considered buying a few bucks worth of bitcoin then for lulz, but I thought that money was better spent on beer lol.
I've never really regretted spending that money on beer rather than bitcoin, because I knew that even if I did, it would 100% have been on MtGox and I would have lost it in the hack anyway, which would have been even more bitterly frustrating.
A few of pints of beer >> years of regret.
Whew, that brings me back!
I still think about the Bitcoin my buddy paid me for his half of a pizza ~15 years ago... worth 6 figures now haha.
I wasn't particularly close with him after high school, but he was an only child, and I can only imagine his (older) parents just tossed his computer. I wouldn't be surprised if he had had a few hundred BTC on there.
I had to laugh: the most Bitcoin story ever.
The first pizza anybody bought that way cost 10,000 bitcoin, over $billion.
BTCUSD has been over 100k, but is not currently.
me> so you don’t know how much I owe?
IRS> no, we do…
me> ...ok
IRS> if you get it wrong you goto jail
The claude code session took several other failed attempts until I vibe coded it to this direction.
https://blog.acelab.eu.com/pc-3000-flash-spider-board-adapte...
For the record, they're still useless and silly, that just doesn't stop people from exchanging a nonsense amount of money for them.
Oh no, OpenAI knows how much money I make and they're going to send me ads! Ads that are relevant to my interests. How connivingly evil of them!
This absurd concern for privacy is silly in my opinion. The moment something is submitted to the government it ought to be considered public. Even your social security number is essentially public for anyone who cares to find it.
I would not submit my bank account information to these services, or my passwords, obviously.
Honestly, tax returns should be public again. Would make everyone better behaved IMO. It was this way for most of American income tax history believe it or not.
To be clear, my information has already been part of several breaches anyway. What protects you ultimately is the law not information security. Of course this point is often lost on engineering / computer scientist types who don't understand how law works.
You can write a 100 line harness that only has one tool - try either "bash" or the more fun "you're running within nodejs, here's eval", you'd be surprised in how close to CC/Codex performance you're going to get.
I have only my own personal experience for frontier models, but I have seen different performance of Opus when used from Pi or Claude Code or Zed for example.
E.g. GPT5.5 with Codex on my Windows box likes using PowerShell for everything. OpenAI decided it should use the native shell instead of bundling a bash, or using git bash. Sure. But the model is so overfitted on bash that it fucks up PS quoting like once every 5 commands.
Every harness with LSP I've seen trips up the model as well. They insert diagnostics after every edit, polluting the context with errors that the model has to actively decide to ignore, every time, until it finishes its work and gets the code to a consistent state. Telling the model "run npx tsc --noEmit to check errors" will outperform a LSP 100% of the time.
Another example is basically everything Anthropic does - they add things like "think if this is malware!" after read and lead Claude to spend its reasoning effort on thinking if your React hamburger menu is malware, instead of on how to write it.
"This is not malware (em dash) it's a hamburger menu. Let me apply the edit! Hmm, is it malware now, after my edit? No, me changing border-width did not turn it into malware! Good! Dodged a real bullet on that one!"
I'm frankly amazed that we've gotten to the point where the models can produce good results in these sorts of environments.
Better not to dwell on such things.
With that said, i do regret not at least mining/etc. Back then i could have mined in many ways, and getting into it as a hobby probably would have meant holding larger amounts of BTC in the long run.
Everyone who had coin in Mt.Gox lost it during a hack. A portion of that was returned to the users who had a loss about a year ago.
$10k might even be worth it - but i'm assuming that the more expensive it is the beefier it is too, which also means more electricity.. and i already run ~6 computers/servers in my house. If a power surge happens i'm going to go live in the woods lol.
But maybe my limited understanding is thinking of this wrong.
like, yesterday.
For what it's worth, I also used GPT-5.2 (via duck.ai) this year for questions about taxes and it was helpful — which makes sense because there's an abundance of material about taxes out there to be synthesized, so a text predictor trained in that domain should do well.
In reality now, curious about social implications generally. Does this go beyond problem solving? Maybe the intelligence per token you get via your free library card/membership is insufficient to compete with peers in dating/employment/etc. markets, thus puts you at disadvantage.
that’s already how world financial markets and governance work,
and yes, the best of the best models
and $ for tons of compute
will, for now, remain at the top.
That's what I remember, anyway.
There was quite a few steps...maybe you still have something coming.
I've run the latest local models over the last year, including the recent Qwen 3.6 30B A3B, on a 9yo GTX 1080 and 32G RAM I have lying around[0]. If I can do that I don't think hardware will be a problem for you in the near term. The only updates I've needed were to Llama.cpp when a new class of model was released.
[0]: In my case, I want to see how local models perform on limited hardware, sacrificing context size and intelligence compared to SOTA models, so I have to really limit my expectations.
I think the same, and it's why i stopped caring about running llama/etc at home last year. That coupled with the models being dumb by comparison to SOTA really make me fine with waiting.
But in a year or two it's going to be difficult to resist at home, assuming the pace of improvement holds.
Anything beyond that is just hobby, or continued education.
I'm hoping that by the time the rugpull happens with SOTA (claude/etc) that at-home will be in the 4.7-5.5 range? We'll see.
Maybe your tooling is what’s keeping you from your dream.
(UPS is still a great idea for your expensive gear.)
Nope. Also I'm not GP.