I have around 115 ZEC that disappeared after I transfer them into a ZS address. I’d like to ask for some help to infer what has happened and if there’s still anything I can do to recover it.
What I did
I had ~115 ZEC on June 25, 2019, in the t-address t1bcBn34fXFJZHcmi2pfMkhdt3g487dkDAv and I transferred it into a z-address using the zcash-swing-wallet-ui. Then after 20 minutes of the transfer, I confirmed that the transaction went through (IIRC) and I dumped the key into a file. This transaction is available here.
A few days ago I tried to recover the fund, but all the Z addresses from that key file showed 0 balance and no historical transactions. I doubled checked with both the same GUI software and the zcash-cli command-line tool. I can confirm that this is the file I dumped as the last modification date from Google drive is 14:45, Jun 25, 2019. Results pasted below.
Hm, looks like you had a super low payout threshold for your miner 0.0008 which resulted in over 1,000 small transactions. For next time set your threshold higher to something like 0.01 to avoid having to combine many transactions.
That being said, I’m still not sure where your ZEC is. When you sent it back in June was it to a Sprout or Sapling address?
Have you tried doing a -rescan or a -reindex to try to have the node re-search the chain for your funds?
If those don’t work then you may have a corrupt chainstate and could try setting up a fresh full node and transferring your wallet.dat file to it, and then performing a -rescan.
Yes when it approached the end of my mining I turned the payoff threshold to very low.
I can’t confirm if I sent it to a ZC or ZS address and as it’s a Z address anyway I have no way to check it. What I know is that it was transferred on 14:20 and my key file was backed up on 14:45 so the 4 Z keys have a good chance to include the target address.
Is there any chance say a new address was generated by the GUI wallet but was not included in the backup in June 2019? The GUI has not been updated since 2017 (I downloaded the source and compiled it myself).
I don’t think the keys are compromised but even if they do, I should see the transaction from z_listreceivedbyaddress. Am I understanding things correctly?
I refreshed and rescanned for a few times before I post this thread.
That’s not likely, the swingwallet GUI or CLI shouldn’t generate a new Z-address unless you want it to via z_getnewaddress
It doesn’t sound like your keys are compromised, just that the Zcashd is having some problem seeing the funds, as I mentioned before it could be a corrupted copy of the chain. Since you said you did a -rescan you can try a -reindex which will take much longer.
If that doesn’t work then I would suggest transferring your wallet.dat backup to a brand new node you set up on a different sandbox machine that you know is clean. Let it sync 100%. Stop it. Swap the wallet.dat. Restart with -rescan.
I don’t think you could have sent it to Sprout address, as adding to the Sprout value pool was disabled in the Canopy upgrade. It looks like it was sent to a Sapling address: here’s a block explorer that shows the raw transaction – vjoinsplit (Sprout transaction list) is empty, and vShieldedOutput contains a Sapling shielded output. (you could also get this via zcash-cli getrawtransaction 5e74e0bf3ad143b59a40e8eefa4efb4007ea73d3bed216850243ed5d8d8a3b31 1).
If you have your .zcash directory from when you sent it you could look at the debug.log if it contains the address that you sent it to.