In this article
- TL;DR
- The Question Everyone Gets Wrong
- Scenario A Seed Lost Wallet File Present Forgotten Password
- Scenario B Seed Lost Hardware Bricked No Backup
- Scenario C 23 of 24 Seed Words Known
- Scenario D Passphrase Forgotten Seed Remembered
- Scenario E Hardware Wallet PIN Locked
- Scenario F Forgotten BIP Standard 44 49 84 86
- Scenario G ETH-Style Mnemonic Not on BIP-39 Word List
- Scenario H Heir Has Hardware Wallet No Seed
- Professional Recovery Services in 2026
- Recovery Scenario Decision Matrix
- What to Do After Recovery
- Preventing the Next Loss
- Recovery Services Are Legitimate but Verify Everything
- Disclaimer
TL;DR
Bitcoin wallet recovery in 2026 is not one problem. Eight distinct scenarios, each with a different tool and a different probability of success. The section below that matches your situation is the only one you need. Read it, assess the probability honestly, then decide between DIY and a vetted professional service. If you are the heir in scenario H, stop here and read the Bitcoin estate planning guide first.
The Question Everyone Gets Wrong
I work in the crypto self-custody space. The call I take most often is not "how do I recover my wallet." It is "is there any way to recover my wallet," asked by someone who already suspects the answer is no and hopes I will say otherwise.
Some of these problems take minutes. Some take hours with the right tool. Some are physically impossible. Not because the tools are weak. Because the cryptographic guarantees that make Bitcoin secure are the same guarantees that make certain loss scenarios permanent.
A 256-bit private key lives in a keyspace of 2^256 possible values. That is roughly 10^77 possibilities. The observable universe holds roughly 10^80 atoms. To exhaust that space you would need more energy than exists in any physical system. Not a software limit. Physics. Any service that promises to recover Bitcoin from an address alone, with no seed and no wallet file, is lying to you (Wikipedia on security levels).
Eight scenarios below map to eight real recovery paths. Find yours.
Scenario A Seed Lost Wallet File Present Forgotten Password
This is the most recoverable scenario. You hold the encrypted wallet file (a Bitcoin Core wallet.dat, an Electrum wallet JSON, a Blockchain.info backup, a MetaMask keystore, or a MultiBit .wallet) and you remember fragments of the password. You do not need the seed phrase, because the seed sits inside the encrypted file.
Use btcrecover. Pick the 3rdIteration fork, not the abandoned gurnec original. Write a token list of every fragment you remember and let btcrecover permute them with typos and capitalisation variants until one combination decrypts the file.
Bitcoin Core wallet.dat files use AES-256-CBC encryption with OpenSSL's EVP_BytesToKey key derivation, running a minimum of 25,000 SHA-512 iterations (Bitcoin Core source, crypter.cpp). Brute force is slow but tractable when you have partial knowledge. The full setup and execution procedure sits in the btcrecover tutorial.
Run everything on an offline machine. Make three backup copies of the wallet file before any command runs. Keep autosave on throughout.
Scenario B Seed Lost Hardware Bricked No Backup
Stop. There is no recovery path here.
The private key material lives in the 24-word seed (or 12-word seed) generated at device setup. If you never wrote the seed down, the paper burned, or the backup is gone, and the device itself is bricked or lost, the private keys are gone. No encrypted file to attack. No partial information to brute-force from.
Some recovery services will take your money anyway. They cite "forensic extraction" or "chip-level analysis" and charge upfront fees for nothing. The math does not move. Without the seed, no process that respects the laws of physics can derive the private key. A 2^256 keyspace is not a software problem. It is a physical one.
The lesson, applicable before the loss happens, lives in Bitcoin self-custody. Seed phrases go on steel, in duplicate, in separate physical locations, the day you set up the wallet. Not the following week. That day.
Scenario C 23 of 24 Seed Words Known
Highly recoverable and faster than most people expect.
BIP-39 encodes a checksum into the final word of a mnemonic. For a 24-word seed, the last word carries 8 bits of checksum derived from the first 23 words. So for any 23 known words with one unknown slot, only a fraction of the 2048-word BIP-39 list produces a valid checksum. The BIP-39 specification at github.com/bitcoin/bips/blob/master/bip-0039/bip-0039.mediawiki defines the checksum construction. In practice, for one missing word from a 24-word seed, roughly 2048 candidates pass the checksum filter, and seedrecover.py tests all of them against a known address in under 10 minutes on a standard laptop.
You need two things. The 23 words you do have, and at least one public Bitcoin address derived from that seed. Any historical receive address from your wallet's transaction history works. If you have nothing on hand, an AddressDB file (a pre-computed set of known on-chain addresses) covers most cases without a specific address.
python seedrecover.py \
--mnemonic "word1 word2 ... word22 word23 ?" \
--addresses bc1q... \
--autosave seed-session.dat
Two missing words expands the search to roughly 4.2 million candidates. Slower, still feasible. Three missing words from a 24-word seed runs to roughly 8.5 billion combinations, which exceeds practical consumer hardware limits without an AddressDB-backed search cluster.
Scenario D Passphrase Forgotten Seed Remembered
BIP-39 passphrases (the so-called 25th word) sit as a separate secret on top of the mnemonic. The mnemonic alone derives one wallet. The mnemonic plus any passphrase derives a completely different wallet. If you used a passphrase and forgot it, your funds sit in the passphrase-derived wallet, not the base wallet.
Recoverable if you remember fragments. Run btcrecover in passphrase mode:
python btcrecover.py \
--wallet-type bip39 \
--mnemonic "your 24 words here" \
--passphrase-list tokens.txt \
--addr-limit 10 \
--addresses bc1q...
The token list works the same way as for password recovery. List every fragment, capitalisation variant, number pattern, and symbol combination you might have used. Your memory bounds the search space, not the full 2^256 keyspace.
If you remember nothing about the passphrase, it is unrecoverable. The passphrase transforms the seed mathematically. No inverse operation recovers it from the output addresses. The BIP-39 brute force attack post covers the math in depth.
Scenario E Hardware Wallet PIN Locked
A PIN lock triggers a wipe of the device's secure element. The keys stored on the device get erased. Sounds catastrophic. It is not, provided you have the seed phrase backup.
The seed phrase is the wallet. The hardware device is the interface to that wallet. Any BIP-39-compatible device restores from the same 12 or 24 words and derives the same addresses and private keys. Buy a replacement device (Trezor, Ledger, BitBox02, Coldcard, Foundation Passport), pick "Restore from seed phrase" on first boot, enter the 24 words in order, and your wallet is back.
If you also set a BIP-39 passphrase on the original device, enter that too during restoration. Without it, the restored wallet will show a different (empty) balance, because the passphrase derives a different address set.
PIN-lock recovery is the zero-tool scenario. The seed phrase is sufficient. The only complication is if the seed backup itself was lost (see Scenario B).
Scenario F Forgotten BIP Standard 44 49 84 86
BIP-44, BIP-49, BIP-84, and BIP-86 define different derivation paths and address formats from the same seed phrase. They produce different addresses.
- BIP-44: Legacy P2PKH addresses starting with
1 - BIP-49: Nested SegWit P2SH-P2WPKH addresses starting with
3 - BIP-84: Native SegWit P2WPKH addresses starting with
bc1q - BIP-86: Taproot P2TR addresses starting with
bc1p
If you funded an address under one standard and you restore under a different one, the balance shows as zero. Your Bitcoin is not lost. It sits at a different derivation path on the same seed.
The fix needs no special tool. In Sparrow Wallet, import your seed and set the script type to "Legacy", check for balance. If zero, switch to "Nested SegWit", check again. Continue through Native SegWit and Taproot. Electrum offers similar multi-type restore options. You are not recovering lost data. You are finding which branch of the derivation tree holds your funds.
Some wallets use non-standard account indices or change-path depths. If the standard four paths all return zero, the wallet may have used a custom derivation path. Check the original wallet software's documentation for its default derivation path.
Scenario G ETH-Style Mnemonic Not on BIP-39 Word List
This scenario has no good outcome if you do not know the original wallet software.
Some early Ethereum wallets, MetaMask legacy versions, and certain exchange-generated backups used word lists or encoding schemes incompatible with BIP-39. The BIP-39 English word list is the 2048-word set defined at github.com/bitcoin/bips/blob/master/bip-0039/english.txt. If your mnemonic contains words not on that list, a different system generated it.
Common non-BIP-39 systems that created Bitcoin-or-ETH wallets with custom mnemonics:
- Electrum 1.x and early 2.x (used its own 1626-word list, now labelled "Electrum seed" in modern Electrum)
- MyEtherWallet legacy (used a seed format tied to ETH keystore derivation)
- Jaxx (proprietary 12-word encoding in some versions)
If you know which software generated the seed, install that software and use its native restore flow. If you do not know the software, no general-purpose tool covers all proprietary word lists. The seed cannot be decoded without knowing the encoding.
Verify whether your words appear in the BIP-39 list before you spend time on BIP-39 tools. Grep the list:
curl -s https://raw.githubusercontent.com/bitcoin/bips/master/bip-0039/english.txt | grep -Fx "yourword"
If the word is absent, stop the BIP-39 toolchain immediately.
Scenario H Heir Has Hardware Wallet No Seed
Not a recovery problem. An estate-planning failure.
A hardware wallet device without the seed phrase is an empty enclosure. The private keys live in the seed mnemonic generated at setup. Silicon alone holds no recoverable key material after a device reset or death of the PIN holder. Even forensic chip extraction cannot recover keys from an uncompromised hardware wallet, because the keys sit in the secure element precisely to resist physical extraction.
If you are the heir in this situation, you are not facing a technical problem with a technical solution. You are facing the outcome of a self-custody setup that did not include an access plan.
Bitcoin holders who want to prevent this outcome for their own heirs should read the Bitcoin estate planning Switzerland guide. It covers the full operational structure: sealed executor envelopes, SLIP-39 Shamir share distribution, notary deposits, and annual recovery drills.
Professional Recovery Services in 2026
Three operators with documented public track records take cases where DIY tooling falls short or case complexity exceeds what a user can manage alone.
- Wallet Recovery Services (walletrecoveryservices.com): one of the oldest services in the space, founded 2013, percentage-on-success model
- KeychainX (keychainx.com): covers a wide range of wallet formats including legacy Bitcoin Core, Ethereum keystores, and Multibit
- Crypto Asset Recovery (cryptoassetrecovery.com): specialises in password recovery across Bitcoin Core, Blockchain.com, and Electrum formats
Vet each operator independently before you engage. The space holds more scammers than legitimate firms. Run these due-diligence checks before any engagement:
- The service operates on your hardware or provides a signed binary you run locally on an air-gapped machine. It never takes your seed phrase.
- The fee structure is a percentage on recovered funds, not an upfront retainer.
- The firm has a verifiable public history: actual contact information, not a Telegram username.
- You found them by searching, not because they found you via DM on any platform.
For Ordinals-bearing UTXOs, recovery follows the same path as regular Bitcoin. Recover the seed or private key, then use the ord client to identify and transfer inscribed sats. The ord wallet documentation at docs.ordinals.com covers restoring an ord wallet from a BIP-39 seed.
Recovery Scenario Decision Matrix
| Scenario | You Have | Recovery Probability | Tool |
|---|---|---|---|
| A | Wallet file + partial password | High | btcrecover password mode |
| B | Neither seed nor wallet file | Zero | None (physics) |
| C | 23 of 24 seed words + one address | Very high (minutes) | seedrecover.py |
| D | Seed + partial passphrase fragments | High if fragments exist | btcrecover passphrase mode |
| E | Seed + PIN-locked device | Certain | Any BIP-39 hardware wallet |
| F | Seed + unknown BIP standard | Certain | Sparrow / Electrum multi-path scan |
| G | Non-BIP-39 mnemonic | Depends on knowing software | Original wallet software |
| H | Hardware wallet only, no seed | Zero | Estate planning (prevention) |
What to Do After Recovery
The moment you regain access is not the end. The old wallet lived on hardware and in environments whose security history you do not know. The correct final step is a sweep to a fresh wallet.
Generate a new 24-word seed on a hardware device that has never been online. Write the seed on paper or steel. Verify the first receive address on the device screen, not on the host computer. Send the entire balance from the recovered wallet to the new receive address. Confirm on a block explorer from a separate online device, then wipe all copies of the old wallet file and dispose of the old seed material if it was compromised.
You have converted "access to an uncertain past" into "access under a fresh key with known provenance." That is the only complete recovery.
Preventing the Next Loss
The eight scenarios above all trace to one root cause: a self-custody setup that did not include redundant, geographically separated seed backups. The Bitcoin self-custody guide covers the prevention layer in full. Set it up once, test it with a recovery drill before you deposit real funds, and these eight scenarios stay hypothetical.
Recovery Services Are Legitimate but Verify Everything
Recovery services are legitimate. The space contains scammers. Verify any operator independently. Never share your seed phrase. A legitimate recovery service operates on your local machine or your own hardware via signed PSBTs, never on theirs.
Disclaimer
This article is educational content for Bitcoin holders and heirs managing self-custody. It is not legal or financial advice. Bitcoin recovery is a high-stakes operation. Make three offline backups of any wallet file before any recovery command runs. Never share your seed phrase with any person or service. For complex multi-wallet estate scenarios, consult a professional with verifiable credentials.
