Trezor, BIP39, and Lost Bitcoin: A Long-Tail Recovery Reference
Trezor, BIP39, and Lost Bitcoin: A Long-Tail Recovery Reference
Most recovery content is written for the top 3 wallets and the top 3 disasters. This piece is for everyone else — the Trezor One from 2017 with a forgotten PIN, the 24-word phrase where the 25th-word passphrase is the actual lock, the cold-storage wallet you haven't touched since Bitcoin was $8,000. Nobody writes about these because search volume is low, but the recovery success rate for these cases is often higher than the mainstream ones. Read it as a diagnostic checklist.
Trezor recovery: PIN, seed, and bricked-device paths
A Trezor One or Model T never sends your seed off the device. That means every "Trezor recovery" story is really one of three problems, and mixing them up is why people waste months.
1. Forgot the PIN, still have the seed phrase
This is the easiest scenario in wallet recovery: wipe the device, restore from the 12- or 24-word phrase, set a new PIN. Nothing is lost. If this is you, do it now and stop reading — you don't need a specialist.
One gotcha: if you used a BIP-39 passphrase (Trezor calls it a "hidden wallet"), the seed phrase alone will restore an empty wallet. Your real funds live behind the passphrase. Skip to the passphrase section below.
2. Forgot the PIN, seed phrase is partial or lost
Don't keep guessing PINs. Trezor doubles the wait between attempts, and 16 wrong PINs wipes the device permanently. If you have fewer than 3 guesses left, stop.
Recovery paths:
- Trezor One (older firmware): In some firmware versions, the PIN storage was extractable via a controlled voltage-glitch attack on the STM32 chip. This is destructive to the device warranty and requires lab equipment. We only attempt it when the estimated wallet value justifies the ~$4,000–$8,000 lab cost.
- Trezor Model T / Safe 3: Newer secure-element or firmware-hardened models are not currently vulnerable to the same class of attack. If you've lost the PIN and the seed on a Model T with no backup, honest answer: the funds are likely permanently inaccessible. We'll tell you that up front.
3. Bricked device (dead screen, dead USB, damaged in transit)
A physically dead Trezor with an intact seed phrase is a solved problem: order a new device (any brand supporting BIP-39) and restore. Success rate: ~100%.
A physically dead Trezor with a lost seed is a device forensics case. We can sometimes read the flash directly, but again — only worth attempting for wallets valued above the lab cost.
BIP-39 passphrase recovery (the "25th word")
This is the most misunderstood lock in crypto. The BIP-39 spec allows an optional passphrase on top of your 12/24 words. It's a completely separate secret, and it dramatically expands the recoverable space — because it's often a human-chosen password.
The three-word test
Before you assume the passphrase is lost:
- Try no passphrase at all. Many people set one, forget they did, and end up in the "empty wallet" panic loop.
- Try known passwords you've used elsewhere in that era of your life.
- Check whether you wrote it in a password manager under a non-obvious name ("crypto", "cold", "vault", the wallet type).
If all three fail, it becomes a cryptographic search problem.
What we can attack
BIP-39 passphrase recovery is a PBKDF2-HMAC-SHA512 brute force with 2,048 iterations per candidate. On a single high-end GPU that's roughly 10,000–30,000 candidates/second. With a targeted wordlist built from your hints — favorite phrases, birthdays, dictionaries in your languages, keyboard patterns you commonly use — a well-scoped search finishes in hours or days, not months.
What we need from you:
- The seed phrase (12 or 24 words) — we handle this via a controlled protocol; no single operative sees all words.
- A wallet address at any derivation path you know belongs to the hidden wallet. This is our stop condition.
- Everything you can remember about the passphrase — approximate length, whether it had numbers/symbols, whether it was English or another language, phrases meaningful to you at the time.
Success rate on well-scoped BIP-39 passphrase cases: ~65% when we have decent hints. Near zero when the passphrase was truly random 20+ characters. We'll tell you which bucket you're in during the free assessment.
Lost Bitcoin: the cold-storage wakeup scenario
A specific case worth calling out: the wallet you set up in 2013–2017 with a small amount that's now worth serious money. Common variants:
- Paper wallet from a printer, never swept. Read the private key with a phone camera into a modern wallet. Watch for degraded print quality; run the key through a checksum verifier before broadcasting.
- Old Bitcoin Core wallet.dat with a forgotten password. Encrypted wallet.dat files use OpenSSL AES-256 with a password-derived key. Fast to attack (~1M candidates/sec on GPU) if the password was a human phrase. Success rate ~70% with decent hints.
- Electrum wallet from an old laptop. Older Electrum versions (pre-2.0) used a different seed format ("Electrum seed") that is not BIP-39 compatible. Restoring into MetaMask will silently show an empty wallet. You need Electrum itself, or a specialist who can convert the seed to a BIP-32 xpriv.
- Multibit / MultiDoge wallets. Long-dead software. The
.walletfile is a protobuf; the keys can be extracted and imported into modern wallets. Multibit HD used scrypt on the password, which is slower to brute-force but still tractable. - Blockchain.info dormant wallet. If you can prove ownership and 2FA/email is intact, standard login works. If the credentials are gone, Blockchain.com's support is limited to a couple of pathways — after that it's an escalation case.
What "recovery" cannot do (still)
Regardless of scenario, these are not recoverable, and anyone claiming otherwise is a scammer:
- Bitcoin you sent to someone else. Public blockchain transactions are final.
- A seed phrase reduced to 4 words or fewer. The BIP-39 search space is 2^128 for a 12-word phrase; below 5 known words the odds are worse than winning several lotteries in a row.
- A seed phrase with no address to check against. Without an address to verify each candidate, brute force has no stop condition.
Related recovery services
- Hardware wallet forensics: Ledger & Trezor recovery
- Partial or damaged seed phrases: Seed phrase reconstruction
- Forgotten passwords and passphrases: Password & vault recovery
- Exchange lockouts including Coinbase: Exchange lockout escalation
FAQ
How much is a Trezor forensic recovery?
Lab work runs $4,000–$8,000 for a Trezor One voltage-glitch attempt. We only recommend it when the estimated recoverable value comfortably clears that cost. Under a no-recovery-no-fee model, the lab cost is folded into our success fee.
Can you recover BIP-39 without the seed phrase?
No. The seed phrase is the entropy — without it, or without a wallet.dat / keystore file, there is nothing to attack. If you have only the passphrase and no seed, the funds cannot be reached by anyone.
Is old Bitcoin Core wallet.dat recovery legal?
Yes, when the wallet is yours. We verify chain of custody during the assessment. If the wallet is not yours, we do not take the case.
How fast is a passphrase attack?
BIP-39 passphrase: 10K–30K candidates/sec per high-end GPU. Old wallet.dat: ~1M/sec. Multibit HD (scrypt): 100–500/sec — slow, but still viable for human-length passwords.
I have a wallet from 2013 and no idea where to start.
Open a free assessment. We'll walk you through identifying the exact software, format, and viable recovery paths in under 10 minutes. No commitment. No plaintext keys ever asked for.