Two quick notes to counter some of the replies here:

• Google Drive / iCloud backup is an opt-in service -- your recovery seed won't be stored in the cloud unless you choose to store it in the cloud.
• TrustWallet encrypts your recovery seed: it is not stored in plaintext. As long as you choose a long randomly-generated password, your recovery seed is safe even if someone recovers the encrypted version of the seed.

I would argue that storing an encrypted version of a recovery seed to the cloud is far superior to many of the common techniques that people use, such as taking a screenshot, writing the recovery seed in a draft email, or the worst: not recording their recovery seed at all!

>Only problem is that when she entered the email address in the login page, she didn't get any verification email
This is a real problem, and one that we have seen repeatedly with our clients.

One of the potential issues (that Blockchain.com mentions here: https://support.blockchain.com/hc/en-us/articles/4417092364180-I-am-not-receiving-email-notifications-What-do-I-do-) is that email addresses are stored in a case-sensitive format in Blockchain.com's database. So, if you try to login to your Blockchain defi wallet with the email address "abc@example.com" and you initially configured your email address as "Abc@example.com" then you will not receive an authorization email.

It doesn't sound like this is the OP's problem as they also tried to log in with their Wallet ID.

The last ditch solution is to change the email address associated with your wallet. This article covers troubleshooting the problem, as well as how to change your email: https://cryptoassetrecovery.com/posts/not-receiving-blockchain-authorization-emails

>I'll give a try using some typical passwords I have been using, but I'm not that optimistic :/
Last I checked, you can test 5-6 password variations / second on a BIP38 wallet using btcrecover (https://github.com/3rdIteration/btcrecover) on a late model Macbook Pro. You're not going to brute force any serious passwords with that -- but, if you have 5-10 passwords that you've used regularly in the past, you could try a pretty good range of variations of those passwords in a few hours of testing.  (Figure 3600 seconds / hour x 5 variations / second = 18,000 variations / hour).

>i tried btcrecover but it's not for paper wallets.
That's incorrect -- btcrecover.py supports the --bip38-enc-privkey option.  Make sure to use the 3rd iteration of btcrecover.py (https://github.com/3rdIteration/btcrecover).

If you have other questions about recovering lost passwords to bip38 encrypted private keys, check out this article: https://cryptoassetrecovery.com/posts/how-to-recover-your-paper-wallet

These clipboard hijackers are nasty -- you can read about them here: https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/

Any time you paste a crypto address, you need to check that the first few and last few characters of the address that you paste matches the address that you copied. 

(Ideally you'd check every last character of the address.  It's theoretically possible, but computationally expensive, for this malware to create a public address ahead of time for each of the addresses that they are watching that matches on the first few and last few characters).

BTW, it really is worth reporting this to the police.  You never know when a criminal will be caught, and they could sitting on a private key that generated the address where your funds are.  It's certainly possible -- though unlikely -- that you could get your money back.  It has happened before (at least in the case of crypto scams -- there are a couple of examples at the end of this article: https://cryptoassetrecovery.com/2021/07/15/best-practices-recover-funds-from-crypto-scams/)

Thank you for the reply -- I'm not ready to say that they're scams, but I do think they're walking a very thin line. 

Still, I'm curious to hear from anyone that has worked with them directly.

>if they find that funds have ended up on some crypto exchange they can try to block those funds and initiate a return process.

I agree in theory -- although I think this is quite difficult in practice, for a couple of reasons:

• While it's easy to track Bitcoin from wallet to wallet (assuming the scammer isn't using mixers) it's hard to figure out which addresses are owned by an exchange. You'd need to work with a company like Chainalysis, and I don't have a sense of how expensive that is.
• The exchanges themselves get a lot of support requests, and it isn't clear to me that a civilian would get a timely and serious response if they reported that someone had stolen their funds and cashed them out an an exchange. In fact, I imagine that in most countries exchanges are forbidden from releasing identifiable information on a customer without law enforcement involvement.
• The (only?) way to track down the scammer is once they have moved funds out of an exchange.  That's literally the first time that you might be able to connect an address to an identity.  And, at that point the scammer has removed the funds.  To retrieve some portion of the funds at that point requires an arrest, a court finding, that there be funds left to distribute to victims, potentially a search for other victims -- it's a long-term process.

Am I thinking about this the wrong way?  Are there any exchanges that have gone on public record saying that they will initiate a return of funds without law enforcement involvement?

I wonder if there's an opportunity for a tool that lets people report a crime and pay a bounty for the conviction of the criminal.  The bounty might be broken down into several standardized steps:

• Verify the story of the person reporting the crime
• Report to law enforcement
• Notify other victims*
• Track the funds on the blockchain
• Figure out whether funds have reached an exchange / which exchange
• Distribute balance of bounty on arrest, conviction, etc

*There's a fascinating trick for this in this Youtube video about cracking brain wallets at the 8:34 mark: https://www.youtube.com/watch?v=foil0hzl4Pg&ab_channel=DEFCONConference

Essentially, you send a very small deposit to the public address from which the funds originated using a vanity address.  (For example, the vanity address could be: 1SCAM4SLRHtKNngkdXEeobR76b53LETtpyT). It's not a perfect solution -- although it might help in some cases.

Scams in the crypto space are up -- way up -- this year.  Here's a recent graph from the US Federal Trade Commission:
https://www.ftc.gov/sites/default/files/u52513/cryptocurrency-may-2021.png

We've been researching best practices for people caught up in scams -- which boil down to:

• Don't make it worse
• Write down the details while it's fresh in your mind
• Report it to the relevant regulatory agencies

Does anyone have first-hand experience with the for-profit companies that claim to be able to help recover funds?

• MyChargeback claims to attempt to track wallet (presumably at an exchange) then work with law enforcement to retrieve funds
• Claim-Justice essentially says "ask the scammer to refund your money"

I'm very skeptical of these companies -- as I understand they all require payment up-front, and they all require law enforcement involvement to actually recover funds.  Which means that you could potentially have just as high a probability of recovering funds without the for-profit company in the middle.

Anyone have actual experience with them?

Here are a couple of companies mentioned in this article (https://www.forbes.com/sites/zinnialee/2021/06/23/bitcoin-mining-companies-exiting-china-as-authorities-crackdown-on-cryptocurrencies/):

• BIT Mining: https://ir.btc.com/
• Canaan: https://canaan.io/

Basically, I think this is just going to be a manual research task -- search for articles on BTC mining companies in China, and you can be confident they're looking to relocate.

Swipe.io is still up and running, but the page that's listed in the list (https://swipe.io/cards) is now a broken page.  Here's an archived version of the old page: https://web.archive.org/web/20201126114828/https://swipe.io/cards

Coinbot.club is down.  The last time Archive.org has a snapshot is from Sep 2020.  (https://web.archive.org/web/20200919120222/http://coinbot.club/)

Some of the information in this thread is correct, and I want to highlight that:

>Do you have an email you received from blockchain.com? (Maybe it was blockchain.info back then, I forget when they switched). Your account #, a hyphenated series of numbers and letters, should be somewhere in the email.

This part of nutildah's information is correct. 

Here's an example of a wallet id posted on Blockchain.com's site, here: https://support.blockchain.com/hc/en-us/articles/207449986-General
https://support.blockchain.com/hc/en-us/article_attachments/203941213/WalletID.png

You can generally search for your wallet id by looking for an email with the string: "YOUR WALLET ID".  (That works at least for wallets created between 2017 and 2021.  I didn't create my first Blockchain.info wallet until 2017, so I can't verify this for wallets created in prior years).  If you created a Blockchain.info wallet prior to 2017, please comment and let us know whether the "YOUR WALLET ID" string will allow you find your wallet id in an email.

Unless you know your password, Blockchain.com won't tell you your password or allow you to reset it.  (They can't, short of brute-forcing it, because they don't actually store your password.  They only store the encrypted version of your private key.  They authenticate you during login by attempting to decrypt your private key with the password that you give them.  If it decrypts successfully, then they authenticate you.  And -- someone please correct me if I'm wrong -- that decryption actually happens locally in your browser -- it doesn't happen on their servers).

So, if you've lost your password, the only option open to you is to test password guesses until you find the correct password.  To do that, you need an encrypted copy of your private key.  (This is also called your "wallet backup").  For Blockchain.com, that wallet backup is available in the wallet.aes.json file.

>See if you have the wallet file as a .json file somewhere. It may have been emailed to you when you first created your wallet.
I don't believe that Blockchain.info / .com ever emailed people their wallet.aes.json files.  It _could_ have happened prior to 2017, but it hasn't happened since.  Again, if anyone has better information on this, I'd love to know the details.

If you never confirmed your email address in your Blockchain.com account (which is likely only for older wallets), you can get a copy of your wallet.aes.json file from this URL: https://blockchain.info/wallet/WALLET_ID?format=json (hat tip to BitMarx and nc50lc for that)

If you did confirm your email address (on any version since at least 2017 Blockchain will try hard to get you to confirm it), then you'll need to install the 3rd iteration of btcrecover (https://github.com/3rdIteration/btcrecover), and use the extract-scripts/download-blockchain-wallet.py script to get your wallet.aes.json file.  (Actually, you can use the same script in the original version of btcrecover -- but, don't use that version to try to brute force your wallet.  It gives false negatives for some versions of Blockchain's wallets).

Since you confirmed your email address, you're going to need to still have access to that email address.  Because when you try to download the wallet backup / wallet.aes.json file, Blockchain is going to force you to authorize this "login" attempt by clicking a link in your email address.

Once you have successfully downloaded your wallet.aes.json file the fun starts, because now you actually have to brute force the password.

>https://blockchain.info/wallet/WALLET_ID?format=json
BitMarx, that's a great suggestion!  I've never seen that before.

I tested it with one of my Blockchain accounts that has 2FA enabled, and I got an error that said: "initial_error":"Authorization Required. Please check your email."

I then promptly received an authorization email and approved the "login" attempt -- but, still was not able to access a text version of the wallet.aes.json file.  (I just got the same error message repeatedly).

Then, I created a new Blockchain.com account, did not confirm my email address and did not set 2FA.  When I used the URL you mentioned, I was able to get a text version of the wallet.aes.json file!  Wheewho!

However, I then confirmed my email, and once I did that (even though I hadn't set 2FA) I was no longer able to get the wallet.aes.json file.

My guess is that this is pretty old functionality, and that it perhaps predates Blockchain.info requesting that people confirm their email addresses?  (That's just a guess).

 >This one should work: https://github.com/blockchain/my-wallet-backup-decryption-tool/releases
I haven't used this tool or looked at the source code -- but, this is not a common suggestion for cracking blockchain wallets.  The two most common tools are the 3rd iteration of btcrecover (definitely don't use the first version, it gives false negatives on some wallet versions) and hashcat.

This thread has several suggestions to contact Blockchain's customer support -- we've worked with a lot of folks that have lost their Blockchain passwords, and I've never had a client that managed to get a useful response from these support folks. Patience is not a virtue in this case.

Plus -- you can get your wallet.aes.json file without going through support.  Install the 3rd iteration of btcrecover (https://github.com/3rdIteration/btcrecover).  Among other things, that will install a script called:

extract-scripts/download-blockchain-wallet.py

When you execute that script it will prompt you for your wallet id. 

Enter your wallet id

If you have confirmed your email address on Blockchain.info / Blockchain.com, you'll get a message that says: "Authorization Required. Please check your email."

(If you didn't confirm your email address then you won't need to jump through this hoop)

Check your email, approve the authorization request.  (You won't need your password for this step -- they're just verifying that you have control of the email address)

Now you'll see a message that says: "Wallet file saved as wallet.aes.json"

That's your wallet backup -- it's an encrypted version of your private key.  It can only be decrypted with the correct password.  Now, you can start testing password variations using btcrecover or hashcat.

MyEtherWallet.com (MEW) is just an interface to interact with the Ethereum protocol.  When you create a new Ethereum wallet, MEW asks you for a password and then prompts you to save your "UTC / Json" file.  This file contains your private key, but the key is encrypted with your password.  If you have this file and the password, you can recover all the funds in your wallet with 100% certainty.

If you have this file and you have one or more guesses as to what your password might be, then you can attempt to brute force decrypt your password. 

So, you need to do three things:
1. You need to search your computer for your Json file.  If you find it, move on to step #2.
2. You need to develop a list of the passwords you might have used.
3. You need to test variations of those passwords against the Json file.

This article (https://cryptoassetrecovery.com/2018/02/09/how-to-recover-your-lost-myetherwallet-mew-password/) will walk you through each of those three items, step-by-step, including screenshots from MEW and a systematic method for identifying potential password guesses.

Thanks,
Chris

Not sure if you ever got this resolved.

My first thought was that it wasn't possible to change the secondary password on your account.  (It isn't possible, for example, to change your main password on a Blockchain.info account).  That would be comforting (in a sense) because it would mean that a hacker had not changed your secondary password.  Instead, you likely forgot your secondary password.

To be honest, I still think that's the most likely scenario.  Here's why: to change your secondary password the hacker would have to know both your main password AND your (old) secondary password.

Here's the process they would have to follow:

• They would first login with your Wallet ID and main password
• Then, they would have to REMOVE your secondary password.  (There is no "change password" option).  Before you can remove a secondary password you have to enter the secondary password.
• Then, they could create a new secondary password that you don't know

If the hacker knew both your main password and your secondary password why not just send all of your Bitcoin to an address that they control?  (You could imagine scenarios wherein a hacker might do this -- perhaps they are asking you to send 1/2 your balance in return for the secondary password, thinking that this breaks fewer laws.  However, they presumably have contacted you if that's the case.)

That doesn't really solve your problem: you still need to crack your secondary password.

Now, let's talk about the best way to crack your secondary password.  Since it is unlikely that a hacker has changed your secondary password, the likelihood is that the actual secondary password is very similar to what you expected that it was.  (Does that make sense?)  Let's imagine that when you created the secondary password you created it as: s3cret.  However, when you went in to send Bitcoin and were prompted for your secondary password, you actually typed: secr3t

Your password guess is very close, you just need to run a bunch of variations on it.  Here's an article that provides a systematic approach to finding and testing those password guesses: https://cryptoassetrecovery.com/blog/recover-lost-blockchain-password/

Hope it helps!

Take care,
Chris

When you have forgotten your password -- whether it be the account's main password or the (optional) secondary password that controls whether you can send Bitcoin from your account -- you only have one option.  You need to recover the password.  Blockchain.info can't help you because they don't know the password.

There are several different password recovery strategies, but they all boil down to identifying likely passwords and then testing those passwords, one after the other until you find the right one.  We recently published a "how to" article that walks you through how to choose the passwords that are most likely to work, and then how to test them.  The article is here: https://cryptoassetrecovery.com/blog/recover-lost-blockchain-password/

The only wrinkle in your case is that you need to test the secondary password rather than the main password.  (You would probably figure this out on your own, but) all you need to do is login with the main password and then attempt to send your Bitcoin to a new account.  Blockchain will then prompt you for your secondary password, and you can begin to test the most likely options.

Good luck!

The Blockchain.info staff can't help you get your password back -- it isn't stored on their servers.  And, because Bitcoin is distributed, Blockchain isn't able to simply put your BTC in a new account on your behalf (even if they wanted to).

Your only solution is to recover your password.  We published an article to help walk you through the process of finding reasonable password guesses and manually testing them: https://cryptoassetrecovery.com/blog/recover-lost-blockchain-password/

Hope it helps!

Take care,
Chris

I'm going to assume that the double encryption password that you've mentioned is Blockchain.info's secondary password that prevents you from sending Bitcoin out of your account unless you know the secondary password.

This secondary password can be decrypted using the same brute-force techniques that you might use to recover your main password.  If you're doing it by hand, you simply have to login to your Blockchain account with your Wallet ID and main password, then attempt to send Bitcoin to a new wallet.  This will bring up the prompt for the secondary password.

I typically encourage people to spend a couple of hours meticulously trying to brute force their passwords by hand.  This has a higher success rate than you might guess if you take the time to pull together a list of probable passwords.  We have documented this process here: https://cryptoassetrecovery.com/blog/recover-lost-blockchain-password/

Take care,
Chris

>you can only recover your password by entering the 12 word recovery passphrase, otherwise it is not possible.

I think this can be stated more optimistically.  If you have the correct 12 word recovery passphrase, then you can recover your coins with 100% certainty.  If you don't have the 12 word recovery passphrase, but you have some good guesses as to what the password is, then it is still very possible to recover your account -- but you will need to brute force your password.  (This basically means trying and re-trying your password many times until you strike the right combination).

>2) what about private key
If you have your Wallet ID then you can retrieve  a copy of your encrypted private key.  (You will probably need access to the email address associated with your account too, as your ip address has probably changed and Blockchain will likely not release the encrypted private key until you click a link in the "Do you recognize this ip address" email).

However, you will still need your password to decrypt your private key and access your funds.

This article walks you through a step-by-step process to research likely passwords and then test them until you find the right one: https://cryptoassetrecovery.com/blog/recover-lost-blockchain-password/

Thanks,
Chris