Scoutinternal

Wallet Recovery When Keycard or Wallet Password Is Lost

Wallet Recovery When Keycard or Wallet Password Is Lost

Problem

Customers contact support because they have forgotten their wallet password and/or lost the keycard PDF that was generated when the wallet was created. Without one or both of these, they cannot send funds or reset their wallet password through the standard UI flow. This is one of the most common categories of support request and affects self-managed (hot) wallets across all coins, but is especially prevalent with legacy Bitcoin (V1) wallets created years ago. BitGo cannot unilaterally reset a wallet password — only the wallet creator can do so using the keycard.

Diagnostics

  • Confirm the customer can log in to their BitGo account. Ask whether the issue is with the account login password or the wallet password (wallet passphrase). These are different credentials. The keycard is only relevant to the wallet password.
  • Obtain the wallet ID. Ask the customer for the wallet ID so you can look it up internally.
  • Determine the wallet version. Check whether the wallet is a V1 (legacy Bitcoin) wallet or a V2 wallet. This affects which recovery paths are available.
  • Check if a Key Recovery Service (KRS) was selected at wallet creation. Look up the wallet to see if the backup key is stored with a KRS partner (e.g., Keyternal, Coincover). If a KRS was selected, a KRS-assisted recovery is possible even without the keycard.
  • Ask what materials the customer still has:
    • Can they log in to their account?
    • Do they have the keycard PDF (with Box A, Box B, Box C, Box D)?
    • Do they remember any part of the wallet password?
    • Are they an admin on the wallet?
  • Determine which combination of lost items applies — this determines which scenario below to follow.

Resolution

Scenario: keycard-lost-password-card#forgot-password-has-keycard

Trigger: Customer has forgotten the wallet password but still has the keycard PDF.

Signals: forgot wallet password, have keycard, reset wallet password, Box D

Steps:

  1. Confirm the customer can log in to their BitGo account and is an admin on the wallet.
  2. Direct the customer to navigate to the password reset flow in the UI: Trade > Go Account > Settings > Forgot Wallet Password. If they cannot find this in the current UI, instruct them to switch to the classic view: click the profile icon in the top-right corner, then click Switch to classic.
  3. The password reset flow will prompt for the Box D data from the keycard. The customer must paste the Box D value exactly — ensure there are no extra spaces or gaps when pasting.
  4. Once Box D is entered correctly, the wallet password can be reset through the UI.
  5. If the customer has the keycard but the Box D value does not work, ask them to verify they are using the keycard that corresponds to the correct wallet. A keycard from a different wallet will not work.

Notes: The keycard alone is sufficient to recover the wallet password via the UI, provided the customer can log in and is an admin on the wallet. Box D is the specific field required for password reset.

"The keycard can be used to recover the wallet using UI if you for example forgot the password of the wallet. You will see need to be able to login successfully to your account and be an admin on this wallet, then the keycard alone is sufficient to recover the wallet." (ticket #115883)

"To reset the wallet password, you need the Keycard. To change the wallet password, you need the most used recent wallet password. There is no way for BitGo to change the wallet password." (ticket #322065)

"Can you please try to re paste the BOX D while you retrying to reset wallet password. Further, we can notice a gap while pasting the data in the box. Please ensure there are no gaps and re input the data." (ticket #277839)

Scenario: keycard-lost-password-card#lost-both-password-and-keycard-krs-available

Trigger: Customer has lost both the wallet password and the keycard, but selected a Key Recovery Service (KRS) partner (e.g., Keyternal, Coincover) when the wallet was created.

Signals: lost keycard, forgot password, KRS, Keyternal, Coincover, key recovery service, backup key

Steps:

  1. Confirm the wallet was created with a KRS partner by checking the wallet configuration internally.
  2. Inform the customer that BitGo and the KRS partner can work together to recover the wallet. The KRS will charge a fee of $99 for this service.
  3. Collect the following information from the customer:
    • User ID (the email address used to log into their BitGo account)
    • The wallet Address of the wallet to recover
    • The wallet Name of the wallet to recover
    • The destination address for recovered funds (must be a BitGo wallet)
    • The date the account was created
    • The estimated balance of the account in coin
  4. For V2 wallets, submit the KRS recovery request to the appropriate KRS partner.
  5. Advise the customer that KRS recovery may take time. Per agent notes, KRS partners (particularly Keyternal) may only be settling once a year and response times can be lengthy.
  6. If the KRS partner (e.g., Keyternal) is unresponsive, advise the customer to contact them directly as well. Keyternal recovery contact: https://keyternal.com

Notes: KRS recovery is only available if the customer chose to store the backup key with a KRS partner at the time of wallet creation. BitGo cannot determine or change this after the fact. The $99 fee is charged by the KRS, not BitGo.

"If you chose to store your wallet's backup key with one of our Key Recovery Service partners, then it's possible for BitGo and the KRS to work together to recover your wallet. The KRS will charge a fee of $99 for this service." (ticket #207848)

"Please note that KRS is only settling once an year as per their latest response, So the recovery process may take time." (ticket #275885)

"We should also let you know that keyternal is 3rd party recovery service. They respond to us as much as they respond to you. We would kindly request you to get in touch with them and follow up with them directly." (ticket #317591)

Scenario: keycard-lost-password-card#lost-both-password-and-keycard-no-krs

Trigger: Customer has lost both the wallet password and the keycard, and no KRS partner was selected at wallet creation.

Signals: lost keycard, forgot password, no KRS, no key recovery service, wallet recovery service, brute force, crack password

Steps:

  1. Inform the customer clearly: If you have lost or forgotten the passcode to your wallet and you've lost your Keycard then there is no way for you or for BitGo alone to recover access to your wallet.
  2. The only remaining option is to use a wallet recovery service (WRS) — a third-party service that attempts to brute-force/crack the wallet password. This is feasible if:
    • The customer owns more than $250 worth of Bitcoin (or equivalent).
    • The customer has an idea of what the password may be.
    • The customer is willing to pay a fee, which is usually 20% of the wallet's total funds.
  3. For V1 wallets (Legacy Bitcoin BitGo Wallets), recommend the Wallet Recovery Service (WRS) path specifically.
  4. Collect the following information from the customer to initiate the WRS referral:
    • User ID (the email address used to log into their BitGo account)
    • The wallet ID / wallet Address of the wallet to recover
    • The wallet Name of the wallet to recover
    • The destination address (must be a different BitGo wallet than the one being recovered)
    • The date the account was created
    • The estimated balance of the account in coin
  5. Important: The destination address must be in p2sh format ('3' prefix address). By default, BTC addresses are generated in native segwit format, which is not supported for recovery. Instruct the customer to:
    • Log in to their account
    • Go to wallet settings
    • Set Address type to legacy p2sh, save
    • Then generate an address and share it
    • Alternatively: go to Deposit > Legacy > Generate New Address
  6. The WRS fee (typically 20%) is deducted from the recovery amount. Neither BitGo nor the WRS can guarantee successful recovery.

Notes: BitGo has no power to reset a wallet password. Only the wallet creator can do this via the keycard. The keycard is a PDF saved to the computer at wallet creation time containing four entries for encrypted private keys. It cannot be regenerated. Do not promise recovery success — it depends on whether the password can be cracked.

"We have no power to reset your wallet password. Only the creator of the wallet can do this." (ticket #227955)

"The keycard is a pdf saved to your computer which has four entries for your encrypted private keys. These can be used to recover your wallet funds. If you have lost it, there is no way to regenerate it." (ticket #252145)

"Please send the destination address in p2sh format ('3' prefix address). By default BTC addresses are getting generated in a native segwit address type but recovery is not supported." (ticket #280515)

Scenario: keycard-lost-password-card#has-keycard-self-managed-hot-wallet-wrw

Trigger: Customer has the keycard and wallet password, and wants to use the Wallet Recovery Wizard (WRW) to sweep funds from a self-managed hot wallet (e.g., non-BitGo recovery).

Signals: wallet recovery wizard, WRW, sweep funds, non bitgo recovery, self-managed hot wallet, all keys

Steps:

  1. Direct the customer to download the Wallet Recovery Wizard from: https://github.com/BitGo/wallet-recovery-wizard/releases
  2. For a non-BitGo recovery of self-managed hot wallets, the customer will need all the keys from the keycard and the wallet password.
  3. The WRW provides multiple recovery options depending on the data available. The customer should review the available options within the tool to match their situation.

Notes: The WRW non-BitGo recovery path requires both the keycard (all keys) and the wallet password. This differs from the UI-based keycard recovery, which only requires the keycard and account login.

"In case of WRW, self-managed hot wallets, you can do a non bitgo recovery, in that case you need all the keys (keycard) and the wallet password" (ticket #115883)

Scenario: keycard-lost-password-card#box-d-not-working-wrong-keycard

Trigger: Customer has a keycard but the Box D data is rejected when attempting to reset the wallet password.

Signals: Box D, data does not fit, wrong keycard, different wallet, paste error, gaps

Steps:

  1. Ask the customer to re-paste the Box D data carefully, ensuring there are no extra spaces, line breaks, or gaps in the pasted value.
  2. If the data still does not work, ask the customer whether they have multiple wallets. The keycard they are using may belong to a different wallet — each wallet has its own keycard with unique Box D data.
  3. If the customer confirms the Box D is from another wallet and they cannot locate the correct keycard, treat this as a "lost keycard" scenario and follow the appropriate path above (KRS or WRS).

Notes: Box D is wallet-specific. A keycard from wallet A will not work to reset the password on wallet B.

"Can you please try to re paste the BOX D while you retrying to reset wallet password. Further, we can notice a gap while pasting the data in the box. Please ensure there are no gaps and re input the data." (ticket #277839)

"The Box D information is located on the Keycard that was generated for this wallet at the time of its creation. This is the only way to recover this." (ticket #317990)

Related

  • passcodes — Covers wallet passcode management, including what happens when passcode and keycard are lost
  • keycards-and-private-keys — Security best practices for keycard storage and laptop security
  • managing-wallet-users — Relevant for confirming admin role on a wallet, which is required for keycard-based password reset