PSA: Guide on how to recover your lost Segwit coins using Electron Cash

How to get your recovered SegWit funds using Electron Cash

Background

Thousands of BCH on thousands of coins that were accidentally send to Segwit 3xxx addresses were recovered by BTC.TOP in block 582705.

This was a wonderful service to the community. This had to be done quickly as the coins were anyone can spend and needed to be sent somewhere. This all had to be done before thieves could get their dirty paws on them.

So.. How were they recovered? Did BTC.TOP just take the coins for themselves? NO: They were not taken by BTC.TOP. This would be wrong (morally), and would open them up to liability and other shenanigans (legally).

Instead --BTC.TOP acted quickly and did the legally responsible thing with minimal liability. They were sent on to the intended destination address of the SegWit transaction (if translated to BCH normal address).

This means BTC.TOP did not steal your coins and/or does not have custody of your funds!

But this does mean you now need to figure out how to get the private key associated with where they were sent -- in order to unlock the funds. (Which will be covered below).

Discussions on why this was the most responsible thing to do and why it was done this way are available upon request. Or you can search this subreddit to get to them.

Ok, so BTC.TOP doesn't have them -- who does?

You do (if they were sent to you)! Or -- the person / address they were sent to does!

HUH?

The Segwit transactions have a bad/crazy/messed-up format which contains an output (destination) which contains a hash of a public key inside. So they "sort of" contain a regular bitcoin address inside of them, with other Segwit garbage around them. This hash was decoded and translated to a regular BCH address, and the funds were sent there.

Again: The funds were forwarded on to a regular BCH address where they are safe. They are now guarded by a private key -- where they were not before (before they were "anyone can spend"). It can be argued this is the only reasonable thing to have done with them (legally and morally) -- continue to send them to their intended destination. This standard, if it's good enough for the US Post Office and Federal Mail, is good enough here. It's better than them being stolen.

Ok, I get it... they are on a regular BCH address now. The address of the destination of the Tx, is it?

Yes. So now a regular BCH private key (rather than anyone can spend) is needed to spend them further. Thus the Segwit destination address you sent them to initially was effectively translated to a BCH regular address. It's as if you posted a parcel with the wrong ZIP code on it -- but the USPS was nice enough to figure that out and send it to where you intended it to go.

Why do it this way and not return to sender?

Because of the ambiguity present-- it's not entirely clear which sender to return them to. There is too much ambiguity there, and would have led to many inputs not being recovered in a proper manner. More discussion on this is available upon request.

Purpose of this guide

This document explains how to:

• Identify if your coins were part of the recovery
• Get private key / seed / xprv for the addresses they were sent on to.
• Import said addresses and private keys into Electron Cash

Complications to watch out for:

• Hardware wallets
• Derivation paths
• Passwords on BIP39 seeds
• Multisignature addresses & wallets.

Step 1: Checking where your coins went

To verify if this recovery touched one of your lost coins: look for the transaction that spent your coins and open it on bch.btc.com explorer.

Normal aka "P2PKH"

Let’s take this one for example.

Observe the input says:

P2SH 160014d376cf1baff9eeed943d58551d53c48377adb98c 

And the output says:

P2PKH OP_DUP OP_HASH160 d376cf1baff9eeed943d58551d53c48377adb98c OP_EQUALVERIFY OP_CHECKSIG 

Notice a pattern?

• P2SH 160014d376cf1baff9eeed943d58551d53c48377adb98c
  
• P2PKH OP_DUP OP_HASH160 d376cf1baff9eeed943d58551d53c48377adb98c OP_EQUALVERIFY OP_CHECKSIG

The fact that these two highlighted hexadecimal strings are the same means that the funds were forwarded to the identical public key, and can be spent by the private key (corresponding to that public key) if it is imported into a Bitcoin Cash wallet.

Multisig aka "P2SH"

If the input starts with “P2SH 220020…”, as in this example, then your segwit address is a script -- probably a multisignature. While the input says “P2SH 22002019aa2610492ee2c18605597136294596d4f0f9bc6ce0974ed3a975d65da4ca1e”, the output says “P2SH OP_HASH160 21bdc73fb15b3bb7bd1be365e92447dc2a44e662 OP_EQUAL”. These two strings actually correspond to the same script, but they are different in content and length due to segwit’s design. However, you just need to RIPEMD160 hash the first string and compare to the second -- you can check this by entering the input string (after the 220020 part) into this website’s Binary Hash field and checking the resulting RIPEMD160 hash. The resulting hash is 21bdc73fb15b3bb7bd1be365e92447dc2a44e662, which corresponds to the output hex above, and this means the coins were forwarded to the same spending script but in "non-segwit form". You will need to re-assemble the same multi-signature setup and enough private keys on a Bitcoin Cash wallet. (Sorry for the succinct explanation here. Ask in the comments for more details perhaps.)

No match -- what?!

If the string does not match (identically in the Normal case above, or after properly hashing in the Multisig case above), then your coins were sent elsewhere, possibly even taken by an anonymous miner. :'(

Step 2: How To Do the Recovery

Recover "Normal" address transactions (P2PKH above)

This is for recoveries where the input string started with “160014”.

Option 1 (BIP39 seed):

• Import your BIP39 seed into Electron Cash. In the seed dialog select Options -> BIP39 and if you used an extra password, also select Options -> Custom words.
• On the next page you will need to enter a derivation path:
  • m/49'/0'/0' is typically used for single-address P2SH-segwit wallets
• If the wallet was well used and the address has a high index, you will need to use Wallet -> Scan Beyond the Gap.

Option 2 (single key):

• Get your private key. If you are using Electrum on BTC, you can obtain this by right-clicking on the address, selecting ‘private key’, and you will see something like: p2wpkh-p2sh:Kwt2QPi4GYoDSdtLuQJaqiPt7aP9aMA2vpSaeECsXFkzdfLDDTvr. Remove the prefix p2wpkh-p2sh: and copy just the Kwt2...DDTvr part.
• In Electron Cash, you can use Wallet -> Private Keys -> Sweep to spend these funds into a fresh Electron Cash wallet.
• Alternatively, make a new wallet but select “Import Bitcoin addresses or private keys” instead of “Standard wallet”, and enter the private key there.

Option 3 (xprv -- many keys):

• Your wallet may provide access to the “xprv” master private key. In Electrum you can access this by opening the Console tab (View | Console) and running getmasterprivate()
  • Warning: Keep this confidential as you would your wallet seed!

• If the string starts with “yprv” or something else instead of “xprv”, you will need to convert it. From the Electron Cash console:

  mkey = "yprvAJ48Yvx71CKa6a6P8Sk78nkSF7iqqaRob1FN7Jxsqm3L52K8XmZ7EtEzPzTUWXAaHNfN4DFAuP4cdM38yrE6j3YifV8i954hyD5rhPyUNVP" from electroncash.bitcoin import DecodeBase58Check, EncodeBase58Check EncodeBase58Check(b'\x04\x88\xad\xe4'+DecodeBase58Check(mkey)[4:])

• The result will start with ‘xprv’ and have the correct checksum on the end. You can import this xprv using File -> New -> Next -> Standard Wallet -> Use public or private keys.

• If the wallet was well used and the address has a high index, you will need to use Wallet -> Scan Beyond the Gap.

Option 4 (hardware wallet):

• Connect your hardware wallet to Electron Cash, and consult with the hardware wallet’s documentation to find which derivation path you need to use. Note that some wallets may complain about signing transactions on unusual derivation paths.
• In the worst case, you may need to import the seed you have written down, into Electron Cash. Remember though that this compromises the security of the seed, so it should only be done as a last resort.

How to Recover Multisignature wallets (P2WSH-in-P2SH in segwit parlance)

This is for recoveries where the input string started with "220020.

Please read the above instructions for how to import single keys. You will need to do similar but taking care to reproduce the same set of multisignature keys as you had in the BTC wallet. Note that Electron Cash does not support single-key multisignature, so you need to use the BIP39 / xprv approach.

If you don’t observe the correct address in Electron Cash, then check the list of public keys by right clicking on an address, and compare it to the list seen in your BTC wallet. Also ensure that the number of required signers is identical.