Guide . Bitcoin

How to recover a lost Bitcoin wallet password

A practical, do-it-yourself walkthrough for the main Bitcoin wallet types — how to extract the password hash, run hashcat, and where the well-known traps are.

Updated July 2026 · KeychainX — Wallet Recovery since 2017

This is the technical companion to our Bitcoin wallet recovery page. If you’re comfortable on a command line, you can often make real progress yourself; if not, it’ll at least tell you exactly what you have. We’ll cover the common wallet types and the tools that open them yourself.

Know your wallet type

The right method depends entirely on which wallet you used:

  • Bitcoin Core — the encrypted wallet.dat.
  • Blockchain.info / Blockchain.com — the online wallet, with a first and optional second password.
  • MultiBit Classic.key and .wallet files.
  • Electrum — a seed-based wallet with an optional password.
  • Paper wallets — a raw or BIP38-encrypted private key.

Identify yours first, because the extraction step below differs for each.

Extracting the password hash

You don’t attack the wallet directly — you extract a hash the tools can test against. The John the Ripper project ships helper scripts for this: bitcoin2john.py for Bitcoin Core’s wallet.dat, and blockchain2john.py for Blockchain.info wallets. Run the matching script against your file and it outputs a hash string that hashcat can work with. Keep your wallet file read-only and work on a copy throughout.

Running hashcat yourself

Feed the extracted hash to hashcat with the correct mode for your wallet: Bitcoin Core is mode 11300; Blockchain.info v2–v4 is 15200; early Blockchain.info v1 is 12700; MultiBit Classic is 22500; and an Electrum wallet uses one of the 16600/21700/21800 modes depending on version. Rather than a blind brute force, build a mask or wordlist from what you remember — length, fragments, patterns — and let hashcat search that space. Good hints are what make it finish.

The Blockchain v1 hashcat trap

Here’s a trap that wastes a lot of people’s time: early Blockchain.info (v1) wallets used varying encryption iteration counts, and hashcat’s standard mode can silently fail to find the correct password on some of them — it runs, finishes, and reports nothing, even when your password is in the list. If you’re certain of your password on an old Blockchain wallet and mode 12700 finds nothing, this is likely why. These cases need a customised approach that accounts for the iteration variations, which is where DIY typically hands off.

Second passwords and mnemonics

Two extra wrinkles. If your Blockchain.info wallet had a second password (for spending), that’s a separate script and a separate search from the main one. And if your backup is an old 15–21 word Blockchain.info phrase, it won’t import into modern software at all — it’s a legacy, non-BIP39 format that needs the original derivation logic rather than hashcat. Knowing which of these you’re facing tells you whether it’s a password search or a phrase-reconstruction problem.

Setting up the tools

The DIY path has a setup cost worth knowing before you start. The *2john.py extraction scripts need Python installed. Hashcat runs best on a GPU — it will use your CPU, but a decent graphics card is many times faster, which matters when each guess is deliberately slow. You’ll also want a candidate list or mask that reflects real memory rather than a blind character sweep, because even on good hardware an unstructured search of anything but a short password won’t finish in a reasonable time. If installing libraries and writing hashcat masks isn’t your world, that alone is a fair reason to hand the case over.

Do it safely

Two rules while you work: never do this on your only copy of the wallet file — duplicate it and keep the original untouched — and never upload your wallet.dat, key or seed to an online “recovery” site or paste it into a website. Legitimate recovery, whether you do it or we do, happens offline against a copy of your file. Anything that asks you to enter your seed on the web is a trap.

A note on Electrum and paper wallets

Two quick special cases. Electrum stores a seed and, optionally, a password over it; if you have the seed you can restore directly, and if only the password is lost, the wallet file can be searched much like the others (with the version-appropriate hashcat mode). Paper wallets hold a private key directly — if it’s a plain key you can import it into any wallet, and if it’s BIP38-encrypted with a passphrase, that passphrase is the password to recover. Knowing which of these you hold saves a lot of wrong turns.

When to get help

If you’ve extracted the hash, picked the right mode, built a sensible candidate space and still come up empty — especially on a v1 Blockchain wallet, a special-character password, or a legacy phrase — that’s the point to bring it in. We run large structured searches on dedicated hardware, handle the v1 iteration bug and encoding cases, and confirm results against your address, all offline and success-based. Full detail is on the Bitcoin recovery page.

Frequently asked questions

How do I extract a hash from wallet.dat?

Use bitcoin2john.py from the John the Ripper project against your wallet.dat; it outputs a hash string you feed to hashcat (mode 11300 for Bitcoin Core). Work on a copy of the file.

Which hashcat mode do I use?

Bitcoin Core 11300; Blockchain.info v2–v4 15200; Blockchain.info v1 12700; MultiBit Classic 22500; Electrum 16600/21700/21800 by version. Match the mode to your wallet type.

My old Blockchain wallet password is right but hashcat finds nothing — why?

Early Blockchain.info (v1) wallets used varying iteration counts, and standard hashcat can silently miss the password. These need a customised approach that accounts for the variations.

Can I recover a wallet with only the public address?

No. You need the wallet file, an encrypted key, or a seed — the public address alone has nothing to decrypt.

How much does help cost?

Success-based: a percentage of the recovered value only if we open the wallet, and nothing upfront.

Hit a wall on your own?

Send us the wallet file and what you remember of the password. We’ll tell you honestly whether it’s recoverable within 24 hours, success-based fee.

Contact KeychainX →