1000 ETH recovered from a 2014 presale wallet
The owner was certain of their presale password — and it still would not open the wallet. The problem wasn’t the password. It was the bytes.
At a glance — Wallet: 2014 Ethereum presale (encseed) · Problem: “correct” password failed · Method: encoding-fork sweep + hashcat -m 16300 · Outcome: 1000 ETH recovered · Fee: success-based
The situation
The client took part in the 2014 Ethereum presale and kept their ethereum_wallet_backup.json file safe for a decade. When they finally tried to open it, the password they were sure of was rejected every time — by the wallet, and by every standard tool they tried.
The challenge
The presale file protects its encseed with PBKDF2-HMAC-SHA256 and AES-128-CBC, and the key comes from the exact bytes of the password. The client’s password contained a special character, which meant the failure was almost certainly not a wrong password but a wrong encoding — the same characters stored differently than they were now being typed.
How we recovered it
We reproduced the encoding forks that plague presale wallets: UTF-8 versus Latin-1, Unicode normalisation differences (NFC vs NFKD), and keyboard-layout swaps. Each variant of the remembered password was run against the file with hashcat’s presale mode (16300) and checked against the wallet’s known address. One encoding variant decrypted the encseed cleanly — the password had been right all along.
The outcome
The recovered key gave the owner full control of the 1000 ETH, which they moved to a modern wallet. The fee was success-based; nothing was paid upfront.
Have a similar case?
If your presale password ‘can’t be wrong’ but won’t decrypt, this is almost always why. Related: Ethereum presale recovery · Weak-RNG reference
Presale password that won’t work?
Tell us what you have and what you remember. Honest assessment within 24 hours, and you pay only if we recover your funds.
