How to check wallet.dat is real or fake?

Wallet.dat files from Bitcoin core, Litecoin core not infrequently have hints to find the password. With luck, knowledge and power, you can recover lost passwords or try to find the password to a wallet with a forgotten password and withdraw bitcoins. But some files are fake and you can verify their authenticity yourself.

How to recognize if the wallet.dat file is fake?

  1. Use the hex editor and try to find the word “xingfeng” (these are wallets made long ago by craftsmen from China). If you find this word in the code, it’s a fake.

2. Then go to the folder “wallets” insert the wallet.dat file (the one you want to check) and run the Bircoin core or Litecoin core and synchronize. If you see “watch-only”, it means that these balances are only for viewing and there are no private keys.

They can also change only the wallet address. In this case, old transactions and balances appear. Creates the appearance of a real wallet. If you send any transaction to this address, you won’t see it in your wallet, because the real address is different.

3. Also, the transactions in the blockchain and in the wallet must match. You can find addresses for sending and receiving by searching for the word “name” in the hex editor or simply by viewing all transactions in the Bitcoin core or Litecoin core. If the transactions do not match, then the wallet is also fake.

4. In old versions of Bitcoin core and Litecoin core wallets, when creating a new address, several addresses are created, all these addresses are stored in the wallet.dat file and the file size changes.

5.After introducing BIP32 (HD Wallet) a new address is created for each send and the keys are stored in xpriv, and the wallet.dat file size does not change regardless of the number of addresses. You can also check the address types (segwit or p2pkh) depending on the wallet version they are different.

6. In Bitcoin core or Litecoin core enter the following command in the console: “dumpprivkey 1LfV1tSt3KNyHpFJnAzrqsLFdeD2EvU1MK”,e Code 10 (or 13), which means you must enter a passphrase (password).
“Error: Please enter the wallet passphrase first with the wallet passphrase. (code -13).”
Private key if password is entered or not set
“Private key for address 1LfV1tSt3KNyHpFJnAzrqsLFdeD2EvU1MK unknown (code -4)” error, which means that the file is fake.

Fake wallet.dat files:

11.26827053 1NibfhHfgA857dtG6pB25Y5hDcxpDo2J47

70.01000000 17w8w8ZHdqkSYFkhAMfHJaEqCHgHm9egKv

25.00011094 12BycRrxPivnhnwfD5qfKaE7ccAc1qhrCb

5.03448336 1JWXHwtBuVGDDjrVDQNFaBHhw7AhuuPeV9

28.12063817 1ELCrM2FMXePtsGLRbcqAdhj61EUGmUtK9

14.09013974 1GDcVTrZNhVFt7pEnwvHfepoth6mqHVVvq

11.26828169 1NibfhHfgA857dtG6pB25Y5hDcxpDo2J47

51.99952188 12DE6ff6gxLA1JfV7eaGG4ehUUUpZMo8Bo

These are some basic ways to recognize fake wallet.dat files. Be careful.