Crypto wallet recovery 2.0

Four pitfalls of crypto wallets to protect against: loss, deletion and theft!

Grey background graphic with logos of five well known cryptocurrencies.
Crypto universe

Over the last three months we have received requests to help with crypto wallet recovery where laptops have been lost, wallets deleted or targeted by cyber criminals. In this article we will cover these scenarios, what can be done, if anything, and directing you to sites that may help with recovery.

At IT Security Locksmith we only work with UK prosecution authorities and solicitors (lawyers) registered with the Solicitors Regulation Authority (SRA). Our services are specifically designed to acquire access to crypto wallets where the password has been withheld, lost or is unknown. For more details on what we do see our article on crypto wallet password recovery.

While we do not offer any services regarding crypto wallet data recovery, we have produced this guide to help those affected by these sorts of incidents.

Help I deleted my crypto wallet!

In January 2024, we received an email describing how someone had removed their Metamask wallet from their browser and accidentally deleted their wallet. They advised that they had failed to record the 12-word secret recovery phrase which is required for the standard method of recovery.

Tip #1 – Check the wallet vendor’s website for recovery guidance – you might be lucky!

In such circumstances recovery may still be possible but is not guaranteed and depends greatly on the crypto wallet, the operating system and its configuration. In such circumstances it’s worth looking at the wallet vendor's website to see if they have any recommendations.

In this case Metamask has an excellent support page which can be accessed here:

https://support.metamask.io/hc/en-us/articles/360018766351-How-to-recover-your-Secret-Recovery-Phrase

Note: we have put the full URLs in this article for you to see where all external links go - please only click if you trust the site.

Help I have lost my laptop and my crypto wallet!

In March 2024, we received a message detailing how someone had lost their laptop which contained their only copy of their wallet and they had no secret recovery phrase recorded.

In this instance, if you have Microsoft Onedrive, Google drive or Apple i-cloud it’s worth checking to see if the crypto wallet data has been automatically replicated to the cloud. Unfortunately, for this person it hadn’t, which prevented recovery using this method.

Here is a link to an article on crypto wallet from Ethereum and how to stay safe. https://ethereum.org/en/wallets/

Tip #2 – Always record and keep your 12-word secret recovery phrase secure!

If you want to store the recovery phrase and protect it against fire and water damage you could consider a metal record of it. Here is an interesting solution from Trezor - https://trezor.io/trezor-keep-metal. This is not a recommendation just an example and there are other similar solutions available.

It goes without saying but you need to keep this phrase secure in a locked safe to prevent unauthorised access. Never share your 12-word secret recovery phrase with anyone under any circumstances!

Help my crypto currency has been stolen from my wallet!

In February 2024, we received an email describing how someone had been subject to a cyber attack and that their crypto currency had been stollen. Unfortunately, in these circumstances once the crypto currency has been stolen there is no technical or administrative way of recovery as it’s a one-way process. The only recourse you have is to report it to your crypto exchange if you used one or law enforcement and hope that the cyber criminals are caught at some point and your currency returned.

You should be able to see the fraudulent transaction/s relating to the transfer. Using a suitable reader, or explorer, you can view the open ledger to view other transactions being carried out by the cyber attacker. This might help you identify them as a particular attack group and it's worth keeping an eye on law enforcement successes.

Here is one such example of a site we use for tracing transactions related to ransomware attack groups - https://www.blockchain.com/explorer. Simply paste in the address of the receiving wallet and you will be presented with all their transactions.

Tip #3 – Report crypto currency theft to your crypto exchange or law enforcement and keep your wallet as evidence!

To avoid being a victim of cyber criminals here is a link to an article securing your wallet - https://bitcoin.org/en/secure-your-wallet#online.

Depending on the amount of the crypto currency theft, you may wish to hire a large specialist firm such as Kroll for forensic investigations - https://www.kroll.com/en/services/crypto-risk-investigation-compliance. This is not a recommendation and there are other firms that provide this service.

New phone and now the password to my wallet doesn't work!

In May 2024 we received another request for assistant this time to do with a new phone. The issue seemed to be related to the password no longer being accepted. One recommendation we made was to check the language and keyboard settings on the new phone and check the passcode being typed in is what you expect. The easiest way to do that, is to go to a “text based” app such as Reminders or some sort of Notepad and type in your passphrase. If it doesn't look right you have found your issue. Any incorrect characters should be obvious to you and could be caused by a local language setting or keyboard setting.  The following character in particular are common culprits £, $, €, # and “ but there are more.

Tip #4 – Check you language and keyboard settings!

Conclusion

We hope you have found this article useful. If you have crypto assets double check to ensure you have that 12-word secret recovery phrase recorded and kept somewhere safe! And remember to keep your wallet and its private key secure at all times!

About IT Security Locksmith

IT Security Locksmith is a cybersecurity company that specialises in board level training and consultancy.