Geth . Ethereum keystore
Geth wallet recovery
If you ran a Geth node in Ethereum’s early years, your ETH is almost certainly locked inside a keystore file protected by a password you no longer remember. With that file, recovery is usually possible.
Geth — go-ethereum, the official Ethereum client — was how many of the earliest holders stored their ETH before MetaMask and hardware wallets existed. When you created an account, Geth wrote an encrypted keystore file to disk and protected it with a password. Years later, that password is the whole problem: the file is intact, the ETH is visible on-chain, but the wallet won’t open. This is one of the most recoverable situations there is, provided you still have the keystore file.
Your keystore file (UTC / V3)
Geth stores each account as a JSON keystore file with a name like UTC–2015-08-14T…–<address>. Inside is your private key, encrypted to the Ethereum Web3 Secret Storage V3 standard. This is the single most important thing to find and protect — it is what makes recovery possible. Without it, there is nothing to decrypt; with it and a password hint, the odds are good.
Typical locations for the keystore folder:
- Linux: ~/.ethereum/keystore/
- macOS: ~/Library/Ethereum/keystore/
- Windows: %APPDATA%\Ethereum\keystore\
The files have no extension and start with UTC–. If you once ran Geth, Mist or the old Ethereum Wallet app, this is where your key lives.
How the keystore is encrypted
A V3 keystore doesn’t store your password — it uses it to derive a key that decrypts the private key, with a deliberate amount of computational work in between. Geth defaults to the scrypt key-derivation function (with strong N, r and p parameters), though some files use PBKDF2 instead; the actual key is then encrypted with AES-128-CTR, and a MAC verifies whether a candidate password was correct. That heavy KDF is exactly why recovery depends on good hints rather than raw speed: each guess is expensive by design, so narrowing the search is everything.
How we recover a Geth password
Recovery is a targeted, offline search for your password. We read the KDF parameters from your keystore file, build candidate passwords from what you remember — length, fragments, the words and numbers you tend to use, the year and machine you set it up on — and test them on dedicated GPU hardware using hashcat’s Ethereum wallet modes (15700 for scrypt keystores, 15600 for PBKDF2). The moment a candidate satisfies the MAC, the password is confirmed and your private key is yours again. Nothing is entered on any live site, and your key is never handled in the clear until it’s back with you.
Geth, Mist and the presale keystore
It’s worth knowing which format you actually have, because they’re different. The Geth keystore (V3) is what you get from creating an account in the client. It is not the same as the 2014 presale wallet, which uses its own encseed format — if your file dates from the presale, see that page instead. The old Mist / Ethereum Wallet app used the same V3 keystore as Geth under the hood, so those cases are handled here too. Telling us which client you used helps us apply the right method immediately.
Why a Geth password won’t work
Most “I’m certain it’s correct” cases come down to small differences: a capital letter or trailing digit you’ve forgotten, a special or accented character stored in a different encoding than you type today, or a keyboard-layout difference from the machine where you created the account. Command-line users also sometimes had a password captured with trailing whitespace or shell-escaping quirks. We reproduce all of these systematically — the password was usually right, just not in the exact form you’re re-entering.
Finding the keystore on an old machine
Because Geth ran on a computer rather than a phone or a hosted account, the keystore file is often sitting on hardware you haven’t touched in years — an old laptop, a retired desktop, an external drive, or a backup you made when you upgraded. The account address in the filename lets you confirm you’ve found the right one before anything else. If the drive is dead, wiped or the file was deleted, that’s not necessarily the end: we can take a forensic image of the media and carve the keystore out of it, then recover the password from the reconstructed file. If you think the file is gone, don’t reformat or keep using the drive — every write reduces what can be recovered. Preserve the media and let us look first.
Lo que no podemos hacer
If the keystore file is gone, there is nothing to decrypt and no one can recover it — the encrypted key only exists in that file. If you only have the public address, that’s not recoverable. And if you genuinely remember nothing about a long, fully random password, the scrypt cost may make the search infeasible; we’ll tell you that honestly before you commit. We never ask for payment upfront.
Preguntas frecuentes
What file do you need to recover a Geth wallet?
The keystore JSON file — the one named UTC–…–address in your keystore folder. It holds your encrypted private key. Without it there is nothing to decrypt.
Where is my Geth keystore stored?
On Linux, ~/.ethereum/keystore/; on macOS, ~/Library/Ethereum/keystore/; on Windows, %APPDATA%\Ethereum\keystore\. The files start with UTC– and have no extension.
I forgot my Geth password — can it be recovered?
Usually, if you have the keystore file and some memory of the password. We read the file’s scrypt or PBKDF2 settings and run a hint-driven search offline until a candidate matches.
Is a Geth keystore the same as a presale wallet?
No. The Geth keystore uses the V3 format; the 2014 presale wallet uses its own encseed format. They need different methods — tell us which you have and we’ll route it correctly.
My old Mist / Ethereum Wallet file — can you help?
Yes. Mist and the Ethereum Wallet app used the same V3 keystore as Geth, so those are recovered the same way.
How much does Geth recovery cost?
Basado en los resultados: un porcentaje del valor recuperado solo si conseguimos el dinero, y nada por adelantado.
¿No puedes acceder a un almacén de claves de Geth?
Send us your UTC / V3 keystore file and what you remember of the password. Honest assessment within 24 hours, and you pay only on success. Our experienced technical staff will examine your request and suggest next steps.
