Ledger Locked? Trezor Bricked? Hardware Wallet Recovery, Explained
field_notes // hardware_wallet_ops
Hardware wallets are the safest way to hold crypto — right up until they aren't. This guide covers the three failure modes that bring hardware wallet users to us, and what can honestly be done about each.
Failure mode #1: Forgotten PIN, recovery phrase intact
Odds of recovery: near-certain. And you don't need us.
The PIN on a Ledger or Trezor is a device-side lock. It does not control your keys — your recovery phrase does. If you have your 24-word recovery phrase written down somewhere and you've just forgotten the PIN:
- Wipe the device (Ledger: enter wrong PIN 3 times, it resets. Trezor: use Trezor Suite's "wipe device" option).
- Set it up as new, choose "restore from recovery phrase."
- Enter your 24 words. Your accounts and balances reappear.
That's it. If you get stuck at step 1 because the device is dead or bricked, jump to failure mode #2 below.
Failure mode #2: Bricked / dead device, recovery phrase intact
Odds of recovery: near-certain. Still don't need us.
The device is a container. Your keys live in the recovery phrase, not the device. Buy a replacement (any brand — a Trezor phrase works on a Coldcard, a Ledger phrase works on a Trezor, standards are standards), and restore from your phrase.
The one exception: if you used a passphrase (25th word) that you also forgot. That's failure mode #3.
Failure mode #3: Recovery phrase lost or partial
Odds of recovery: this is where it gets interesting.
If you never wrote down the recovery phrase, or you wrote it down and lost the paper, and the device is still working and unlocked, you can often extract the phrase FROM the device using its normal "show recovery phrase" or export flow. Do this immediately — before anything else can go wrong.
If the device is locked AND the phrase is lost — that is a genuine recovery case. It depends on the device generation.
Older devices (Trezor One pre-2020, Ledger HW.1, KeepKey)
These lack a modern secure element. Known research (Kraken Security Labs, Ledger Donjon reports, wallet.fail) has demonstrated fault-injection and glitching attacks that can extract secrets from these devices in specialized labs.
- Feasibility: real but expensive.
- Cost: often $5,000+ in lab time.
- Realistic only if the wallet holds substantial value.
Modern devices (Ledger Nano X / S Plus / Stax, Trezor Safe 3/5, Coldcard, BitBox02)
These use certified secure elements or advanced isolation. Physical key extraction is not currently feasible outside nation-state labs. If both PIN and phrase are lost on a modern device, funds are almost certainly gone.
We tell clients this honestly. There's no point taking a case we can't win.
Failure mode #4: The passphrase problem
Advanced users often add a BIP-39 passphrase — a 25th word of their own choosing. This is a hidden wallet on top of the standard recovery phrase. Great for security. Devastating when forgotten.
Passphrases follow password recovery rules, not BIP-39 rules — they can be any string, any length. That means recovery depends entirely on hints you can supply:
- Approximate length
- Words, patterns, or themes you tend to use
- Character sets (all lowercase? mixed with digits?)
- Old passwords you may have based it on
With good hints, GPU-based recovery finishes in hours. With no hints, it may as well be infinite.
Firmware-update bricks — what actually happens
Users often describe their device as "bricked" after a firmware update. In most cases the device is fine — the firmware got interrupted, entered recovery mode, and needs a re-flash from official tools. Your keys are not lost. Don't panic.
Rare true bricks (hardware failure during flash) still don't lose your keys, provided you have your recovery phrase. See failure mode #2.
The physical device workflow — if we take your case
For lab-based cases we work through:
- Insured, tracked courier from you to us (we cover cost on approved cases).
- Device logged into evidence at intake. Photographed. Sealed.
- Signed chain-of-custody document. You get a copy.
- Work is monitored, and video-logged on request.
- Device returned to you or destroyed on your instruction after case close.
Every step is on the record.
Emergency do-not-do list
If you've just discovered you can't access your hardware wallet, do NOT:
- Guess the PIN more than 3 times (many devices wipe after 3 failed attempts on Trezor One; more on Ledger, but risk grows)
- Update firmware while trying to recover
- Send your recovery phrase to ANYONE — not "Ledger support," not "Trezor support," not us
- Follow YouTube tutorials that ask you to type your phrase into a browser
- Buy a used hardware wallet with a recovery phrase already on it (this is a common scam)
FAQ
My Ledger asks for a PIN I forgot — can I recover it? Yes, if you still have your 24-word recovery phrase. If both are lost, only lab-based recovery on older devices has a real chance.
Can you extract keys from a Ledger Nano X or Trezor Safe? Publicly, no. Modern secure elements resist extraction. We're honest about this.
My Trezor died during firmware update. Are my funds gone? Almost certainly not. Restore from your recovery phrase to a replacement device.
I bought a used Ledger from eBay. Should I use it? Absolutely not. Reset it and re-initialize from scratch, or throw it out. Never trust a pre-loaded device.
Free assessment. Never asks for full recovery phrase. No recovery, no fee.