In this article
- TL;DR
- The Question Everyone Gets Wrong
- Scenario A Seed Lost Wallet File Present Forgotten Password
- Scenario B Seed Lost Hardware Bricked No Backup
- Scenario C 23 of 24 Seed Words Known
- Scenario D Passphrase Forgotten Seed Remembered
- Scenario E Hardware Wallet PIN Locked
- Scenario F Forgotten BIP Standard 44 49 84 86
- Scenario G ETH-Style Mnemonic Not on BIP-39 Word List
- Scenario H Heir Has Hardware Wallet No Seed
- Professional Recovery Services in 2026
- Recovery Scenario Decision Matrix
- What to Do After Recovery
- Preventing the Next Loss
- Recovery Services Are Legitimate but Verify Everything
- Disclaimer
TL;DR
Bitcoin wallet recovery in 2026 is not one problem. It is eight distinct scenarios, each with a different answer, a different tool, and a different probability of success. The section below that matches your situation is the only one you need. Read it, assess the probability honestly, then decide whether DIY or a vetted professional service is the right call. If you are in the heir scenario, stop here and read the Bitcoin estate planning guide first.
The Question Everyone Gets Wrong
I work in the crypto self-custody space. The call I get most often is not "how do I recover my wallet." It is "is there any way to recover my wallet," asked by someone who already suspects the answer is no and is hoping to be told otherwise.
The honest framing is harder: some of these problems are solved in minutes. Some are solved in hours with the right tool. And some are physically impossible, not because the tools are inadequate, but because the cryptographic guarantees that make Bitcoin secure are the same guarantees that make certain loss scenarios permanent.
A 256-bit private key occupies a keyspace of 2^256 possible values. That is approximately 10^77 possibilities. The observable universe contains roughly 10^80 atoms. Exhaustive search of that space would require more energy than exists in any physical system. This is not a software limitation. This is physics. Any service that promises to recover Bitcoin from an address alone, without a seed or wallet file, is lying to you (Wikipedia on security levels).
The eight scenarios below map to the eight real recovery paths. Find yours.
Scenario A Seed Lost Wallet File Present Forgotten Password
This is the most recoverable scenario. You have the encrypted wallet file (a Bitcoin Core wallet.dat, an Electrum wallet JSON, a Blockchain.info backup, a MetaMask keystore, or a MultiBit .wallet) and you remember fragments of the password. You do not need the seed phrase to recover access, because the seed is stored inside the encrypted file.
The tool is btcrecover. Specifically the 3rdIteration fork, not the abandoned gurnec original. Write a token list of every fragment you remember and let btcrecover permute them with typos and capitalisation variants until one combination decrypts the file.
Bitcoin Core wallet.dat files use AES-256-CBC encryption with OpenSSL's EVP_BytesToKey key derivation, running a minimum of 25,000 SHA-512 iterations (Bitcoin Core source, crypter.cpp). This makes brute force slow but not intractable when you have partial knowledge. The full setup and execution procedure is in the btcrecover tutorial.
Run everything on an offline machine. Three backup copies of the wallet file before any command runs. Autosave enabled throughout.
Scenario B Seed Lost Hardware Bricked No Backup
Stop. There is no recovery path here.
The private key material lives in the 24-word seed (or 12-word seed) generated at device setup. If that seed was never written down, or the paper was destroyed, or the backup is gone, and the device itself is bricked or lost, the private keys are gone. There is no encrypted file to attack, no partial information to brute-force from.
Some recovery services will take your money anyway. They will cite "forensic extraction" or "chip-level analysis" and charge upfront fees for nothing. The mathematical reality is unchanged: without the seed, the private key cannot be derived by any process that respects the laws of physics. A 2^256 keyspace is not a software problem. It is a physical one.
The lesson from this scenario, applicable before the loss happens, is covered in Bitcoin self-custody: seed phrases go on steel, in duplicate, in separate physical locations, the day the wallet is set up. Not the following week. That day.
Scenario C 23 of 24 Seed Words Known
This is highly recoverable and faster than most people expect.
BIP-39 encodes a checksum into the final word of a mnemonic. For a 24-word seed, the last word carries 8 bits of checksum derived from the first 23 words. This means that, for any given 23 words with one unknown slot, only a fraction of the 2048-word BIP-39 list produces a valid checksum. The BIP-39 specification at github.com/bitcoin/bips/blob/master/bip-0039/bip-0039.mediawiki defines the checksum construction. In practice, for one missing word from a 24-word seed, approximately 2048 candidates pass the checksum filter, and seedrecover.py tests all of them against a known address in under 10 minutes on a standard laptop.
You need two things: the 23 words you do have, and at least one public Bitcoin address that was derived from that seed. Any historical receive address from your wallet's transaction history works. If you have nothing on hand, an AddressDB file (a pre-computed set of known on-chain addresses) covers most cases without requiring a specific address.
python seedrecover.py \
--mnemonic "word1 word2 ... word22 word23 ?" \
--addresses bc1q... \
--autosave seed-session.dat
Two missing words expands the search to roughly 4.2 million candidates. Slower, but still feasible. Three missing words from a 24-word seed is approximately 8.5 billion combinations, which exceeds practical consumer hardware limits without an AddressDB-backed search cluster.
Scenario D Passphrase Forgotten Seed Remembered
BIP-39 passphrases (sometimes called the 25th word) are a separate secret layered on top of the mnemonic. The mnemonic alone derives one wallet. The mnemonic plus any passphrase derives a completely different wallet. If you used a passphrase and forgot it, your funds are in the passphrase-derived wallet, not the base wallet.
This is recoverable if you remember fragments. Use btcrecover in passphrase mode:
python btcrecover.py \
--wallet-type bip39 \
--mnemonic "your 24 words here" \
--passphrase-list tokens.txt \
--addr-limit 10 \
--addresses bc1q...
The token list works the same way as for password recovery: list every fragment, capitalisation variant, number pattern, and symbol combination you might have used. The search space is bounded by your memory, not by the full 2^256 keyspace.
If you remember nothing about the passphrase, it is unrecoverable. The passphrase transforms the seed mathematically and there is no inverse operation that recovers it from the output addresses. The BIP-39 brute force attack post covers the math in depth.
Scenario E Hardware Wallet PIN Locked
A PIN lock triggers a wipe of the device's secure element. The keys stored on the device are erased. This sounds catastrophic. It is not, provided you have the seed phrase backup.
The seed phrase is the wallet. The hardware device is the interface to that wallet. Any BIP-39-compatible device can restore from the same 12 or 24 words and derive the same addresses and private keys. Buy a replacement device (Trezor, Ledger, BitBox02, Coldcard, Foundation Passport), select "Restore from seed phrase" on first boot, enter the 24 words in order, and your wallet is back.
If you also set a BIP-39 passphrase on the original device, you must enter that too during restoration. Without it, the restored wallet will show a different (empty) balance, because the passphrase derives a different address set.
PIN-lock recovery is the zero-tool scenario. The seed phrase is sufficient. The only complication is if the seed backup itself was lost (see Scenario B).
Scenario F Forgotten BIP Standard 44 49 84 86
BIP-44, BIP-49, BIP-84, and BIP-86 define different derivation paths and address formats from the same seed phrase. They produce different addresses.
- BIP-44: Legacy P2PKH addresses starting with
1 - BIP-49: Nested SegWit P2SH-P2WPKH addresses starting with
3 - BIP-84: Native SegWit P2WPKH addresses starting with
bc1q - BIP-86: Taproot P2TR addresses starting with
bc1p
If you funded an address under one standard and are restoring under a different one, the balance appears as zero. Your Bitcoin is not lost. It is at a different derivation path from the same seed.
The fix requires no special tool. In Sparrow Wallet, import your seed and set the script type to "Legacy", check for balance. If zero, switch to "Nested SegWit", check again. Continue through Native SegWit and Taproot. Electrum has similar multi-type restore options. You are not recovering lost data; you are finding which branch of the derivation tree holds your funds.
Note that some wallets use non-standard account indices or change-path depths. If the standard four paths all return zero, the wallet may have used a custom derivation path. Check the original wallet software's documentation for its default derivation path.
Scenario G ETH-Style Mnemonic Not on BIP-39 Word List
This scenario has no good outcome if the original wallet software is unknown.
Some early Ethereum wallets, MetaMask legacy versions, and certain exchange-generated backups used word lists or encoding schemes incompatible with BIP-39. The BIP-39 English word list is the 2048-word set defined at github.com/bitcoin/bips/blob/master/bip-0039/english.txt. If your mnemonic contains words not on that list, it was generated by a different system.
Common non-BIP-39 systems that created Bitcoin-or-ETH wallets with custom mnemonics:
- Electrum 1.x and early 2.x (used its own 1626-word list, now labelled "Electrum seed" in modern Electrum)
- MyEtherWallet legacy (used a seed format tied to ETH keystore derivation)
- Jaxx (proprietary 12-word encoding in some versions)
If you know which software generated the seed, install that software and use its native restore flow. If you do not know the software, there is no general-purpose tool that covers all proprietary word lists. The seed cannot be decoded without knowing the encoding.
Verify whether your words appear in the BIP-39 list before spending time on BIP-39 tools. Grep the list:
curl -s https://raw.githubusercontent.com/bitcoin/bips/master/bip-0039/english.txt | grep -Fx "yourword"
If the word is absent, stop the BIP-39 toolchain immediately.
Scenario H Heir Has Hardware Wallet No Seed
This is not a recovery problem. It is an estate-planning failure.
A hardware wallet device without the seed phrase is an empty enclosure. The private keys live in the seed mnemonic generated at setup. Silicon alone holds no recoverable key material after a device reset or death of the PIN holder. Even forensic chip extraction cannot recover keys from a hardware wallet that has never been compromised, because the keys are stored in the secure element precisely to resist physical extraction.
If this is your situation as an heir, you are not facing a technical problem with a technical solution. You are facing the outcome of a self-custody setup that did not include an access plan.
For Bitcoin holders who want to prevent this outcome for their own heirs, the Bitcoin estate planning Switzerland guide covers the full operational structure: sealed executor envelopes, SLIP-39 Shamir share distribution, notary deposits, and annual recovery drills.
Professional Recovery Services in 2026
Three operators with documented public track records take on cases where DIY tooling is insufficient or the case complexity exceeds what a user can manage alone.
- Wallet Recovery Services (walletrecoveryservices.com): one of the oldest services in the space, founded 2013, percentage-on-success model
- KeychainX (keychainx.com): covers a wide range of wallet formats including legacy Bitcoin Core, Ethereum keystores, and Multibit
- Crypto Asset Recovery (cryptoassetrecovery.com): specialises in password recovery across Bitcoin Core, Blockchain.com, and Electrum formats
Vet each operator independently before engaging. The space contains more scammers than legitimate firms. Specific due-diligence checks before any engagement:
- The service must operate on your hardware or provide a signed binary you run locally on an air-gapped machine. It does not take your seed phrase.
- The fee structure is a percentage on recovered funds, not an upfront retainer.
- The firm has a verifiable public history: actual contact information, not a Telegram username.
- You found them by searching, not because they found you via DM on any platform.
For Ordinals-bearing UTXOs, recovery follows the same path as regular Bitcoin: recover the seed or private key, then use the ord client to identify and transfer inscribed sats. The ord wallet documentation at docs.ordinals.com covers restoring an ord wallet from a BIP-39 seed.
Recovery Scenario Decision Matrix
| Scenario | You Have | Recovery Probability | Tool |
|---|---|---|---|
| A | Wallet file + partial password | High | btcrecover password mode |
| B | Neither seed nor wallet file | Zero | None (physics) |
| C | 23 of 24 seed words + one address | Very high (minutes) | seedrecover.py |
| D | Seed + partial passphrase fragments | High if fragments exist | btcrecover passphrase mode |
| E | Seed + PIN-locked device | Certain | Any BIP-39 hardware wallet |
| F | Seed + unknown BIP standard | Certain | Sparrow / Electrum multi-path scan |
| G | Non-BIP-39 mnemonic | Depends on knowing software | Original wallet software |
| H | Hardware wallet only, no seed | Zero | Estate planning (prevention) |
What to Do After Recovery
The moment you regain access is not the end. The old wallet lived on hardware and in environments whose security history is unknown. The correct final step is a sweep to a fresh wallet.
Generate a new 24-word seed on a hardware device that has never been online. Write the seed on paper or steel. Verify the first receive address on the device screen, not on the host computer. Send the entire balance from the recovered wallet to the new receive address. Confirm on a block explorer from a separate online device, then wipe all copies of the old wallet file and dispose of the old seed material if it was compromised.
You have converted "access to an uncertain past" into "access under a fresh key with known provenance." That is the only complete recovery.
Preventing the Next Loss
The eight scenarios above are all downstream of one root cause: a self-custody setup that did not include redundant, geographically separated seed backups. The Bitcoin self-custody guide covers the prevention layer in full. Set it up once, test it with a recovery drill before depositing real funds, and these eight scenarios stay hypothetical.
Recovery Services Are Legitimate but Verify Everything
Recovery services are legitimate but the space contains scammers. Verify any operator independently. Never share your seed phrase. A legitimate recovery service operates on your local machine or your own hardware via signed PSBTs, never on theirs.
Disclaimer
This article is educational content for Bitcoin holders and heirs managing self-custody. It is not legal or financial advice. Bitcoin recovery is a high-stakes operation. Make three offline backups of any wallet file before any recovery command runs. Never share your seed phrase with any person or service. For complex multi-wallet estate scenarios, consult a professional with verifiable credentials.
