A MetaMask vault recovered after a lost password

Case study . MetaMask . Vault decrypt

A MetaMask vault recovered after a lost password

No seed phrase, a forgotten password, and a MetaMask that wouldn’t unlock — but the encrypted vault was still sitting in the browser.

Case study · Published July 2026 · KeychainX — Wallet Recovery since 2017

At a glance — Wallet: MetaMask (browser extension) · Problem: forgotten password, no seed · Method: vault extract + hashcat -m 26600 · Outcome: seed recovered · Fee: success-based

The situation

The client had used MetaMask daily, never wrote down the seed phrase, and then forgot the password. Crucially, they had NOT reinstalled the extension — so the encrypted vault, which holds the keys, was still present in the browser profile.

The challenge

MetaMask stores an encrypted vault ({data, iv, salt}) protected by the password via PBKDF2 and AES-GCM. With no seed, the only path was to find the password that decrypts that vault — which first meant safely extracting the vault from the browser’s local storage.

How we recovered it

We located the vault in the extension’s LevelDB data, extracted it, and ran a hint-driven search against it with hashcat’s MetaMask mode (26600), building candidates from what the client remembered. A candidate decrypted the vault cleanly, yielding the seed phrase — and with it, full access.

The outcome

The client restored the recovered seed into a fresh wallet and secured a written backup this time. Success-based fee, nothing upfront.

Have a similar case?

Forgot your MetaMask password but never uninstalled it? The vault may still be recoverable. Related: MetaMask password recovery · All supported wallets

Locked out of MetaMask?

Tell us what you have and what you remember. Honest assessment within 24 hours, and you pay only if we recover your funds.

Contact KeychainX →