Scoutinternal

Wallet Password Reset and Account Recovery on BitGo

Wallet Password Reset and Account Recovery on BitGo

Problem

Customers frequently contact support because they cannot remember their wallet password, cannot reset their login password, or cannot see their wallets after logging in. The wallet password (used to authorize transactions) is distinct from the login password (used to access the BitGo platform), and customers often confuse the two. Common symptoms include "incorrect password" errors during withdrawal attempts, not receiving password-reset emails, wallets disappearing from the UI (especially older v1 BTC wallets during UI migration), and errors when attempting to use the "Forgot wallet password" or 2FA-based recovery flows.

Diagnostics

  • Determine which password the customer is asking about. The login password and the wallet password are different. Ask explicitly: "Which password — login or wallet?" (See Ticket #230535 where agent asked this first.)
  • Verify the customer's account exists. Look up the user by the email they are contacting from. If no account is found, the customer may be emailing from a different address than the one registered on BitGo. (See Ticket #32532.)
  • Check wallet type and version. Use the admin tool (bga) to determine if the wallet is a v1 (legacy) BTC wallet (v1btc, type safe or safehd) or a v2 wallet. Legacy wallets may have indexing/display issues and behave differently during password recovery.
  • Check wallet creator. Only the creator of a Self-Managed Hot wallet can reset the wallet password using the keycard. Other users invited with Admin or Spender rights authenticate wallet actions with their own BitGo login password. Identify the wallet creator via bga w <wallet_id> → Users list.
  • Check Key Recovery Service (KRS). Determine whether the customer selected a KRS provider (e.g., CoinCover) when creating the wallet. If so, recovery must be coordinated with that provider.
  • Check if wallets are missing from the UI. If the customer reports wallets disappeared, check whether the wallet needs to be added to an enterprise for visibility in the new UI (bga ent addwallet). This was common during the migration from the old UI to the new UI.
  • Check for platform-wide issues. Review https://status.bitgo.com/ for any ongoing incidents affecting password reset email delivery or the password reset flow itself.
  • Check KYC status. In some cases, incomplete KYC can block the password reset process. Verify KYC state via the admin tool (KYC State field on the enterprise or user record).

Resolution

Scenario: password-wallet-recovery-recover#forgot-wallet-password-has-keycard

Trigger: Customer forgot their wallet password but still has their wallet keycard (the PDF downloaded when the wallet was created).

Signals: forgot wallet password, wallet password, keycard, Box D, transaction password, incorrect password, withdrawal error

Steps:

  1. Confirm the customer is the wallet creator. Only the wallet creator can use the keycard to reset the wallet password.
  2. Instruct the customer to log in to the BitGo platform.
  3. Navigate to the wallet, then go to Settings.
  4. Click on "Forgot wallet password?" in the Password section.
  5. Enter the 2FA code when prompted.
  6. Follow the on-screen instructions: "Enter recovery info from the keycard for this wallet. Using the backup keycard downloaded when you created this wallet, copy and paste the text from Box D into the input below."
  7. If the customer has a printed copy of the keycard, they should use a QR code reader to load the data from the Box D QR code.
  8. After entering the keycard data, the customer can set a new wallet passcode.
  9. Note: If the "Forgot wallet password?" option is not visible in the new UI, the customer may need to switch to the classic view first. Click on the profile icon in the top right corner → click on "Switch to classic view". Then navigate to Trade > Wallet Details > Settings > Forgot Wallet Password.

Notes: This flow applies only to Self-Managed Hot wallets. The wallet creator is the only user who can perform this reset. Any other user with Admin or Spender rights should use their own BitGo platform login password to authorize wallet transactions — they do not need the wallet password set by the creator.

"First, go to your wallet and click on 'Settings'. Scroll to the 'Password' section and click on 'Forgot wallet password?' ... Enter recovery info from the keycard for this wallet. Using the backup keycard downloaded when you created this wallet, copy and paste the text from Box D into the input below. If you have a printed copy of the keycard, please use a QR code reader to load the data from the Box D QR code." "Only the creator of a wallet can reset the password. As such, they will need to use the wallet keycard within the settings of the wallet in order to reset the password. We are unable to affect the passwords as these are Self-Managed Hot wallets." "Step 1 :- Click on the profile icon in the top right corner Step 2:- Click on Switch to classic view ... If you have forgotten your wallet password, you can follow this path: Trade > Wallet Details > Settings > Forgot Wallet Password"

Scenario: password-wallet-recovery-recover#forgot-wallet-password-no-keycard-krs

Trigger: Customer forgot their wallet password and does not have their keycard, but selected a Key Recovery Service (KRS) such as CoinCover when creating the wallet.

Signals: lost keycard, no keycard, key recovery service, CoinCover, wallet recovery, recover funds

Steps:

  1. Ask the customer for the wallet ID.
  2. Look up the wallet in the admin tool to determine whether a KRS provider was selected.
  3. If the customer selected CoinCover, instruct them to reach out to CoinCover's support to begin the wallet recovery process.
  4. Simultaneously, open a thread with the KRS provider from the BitGo support side to begin the process internally.
  5. The KRS provider will coordinate with the customer and BitGo to recover the funds and send them to a destination address.

Notes: Recovery through a KRS is a multi-party process and may take time. The customer must cooperate with the KRS provider's identity verification requirements.

"It appears you have chosen CoinCover as your key recovery service. Please reach out to [EMAIL] to get the Wallet Recovery started. We are also reaching out to them as well on a separate thread to begin the process from our side."

Scenario: password-wallet-recovery-recover#forgot-wallet-password-no-keycard-no-krs

Trigger: Customer forgot their wallet password and has no keycard and no KRS, and wishes to explore third-party password cracking recovery.

Signals: lost keycard, no keycard, no KRS, wallet recovery service, password cracking, $250

Steps:

  1. Inform the customer that without the keycard and without a KRS, BitGo cannot directly reset the wallet password.
  2. An alternative is to use a wallet recovery service to attempt to crack the password. This option is possible if:
    • The customer owns more than $250 worth of Bitcoin in the wallet.
    • The customer has an idea of what the password may be.
    • The customer is willing to pay a fee to the wallet recovery service (usually ~20% of the wallet's total funds).
  3. Collect the following details to submit to the recovery partner:
    • User ID (the email address used to log into the BitGo account)
    • The wallet address of the wallet to recover
    • The wallet name
    • The destination address (must be a BitGo wallet)
    • The date the account was created
    • The estimated balance of the account in coin
  4. Forward these details to the recovery partner team for evaluation and next steps.

Notes: The recovery team will assess whether the wallet qualifies for recovery. Not all wallets can be recovered through this method.

"Please kindly share the below details to submit it to our recovery partner... User ID (the email address you used to log into your BitGo account), The wallet Address of the wallet you want to recover, The wallet Name of the wallet you wish to recover, The destination address that you'd like (must be a BitGo wallet), The date you created the account, The estimated balance of the account in coin"

Scenario: password-wallet-recovery-recover#login-password-forgot

Trigger: Customer forgot their BitGo login (account) password and needs to reset it.

Signals: forgot password, login password, reset password, can't log in, account access, recover password

Steps:

  1. Direct the customer to the password reset page: https://app.bitgo.com/web/auth/forgot-password/recover-password
  2. The customer should enter their registered email address. A reset link will be sent to that email.
  3. If the customer does not receive the email, ask them to check spam/junk folders and confirm they are using the email address registered with BitGo.
  4. If the customer is emailing from a different address than the one on their BitGo account, they must use the correct registered email for the reset.
  5. If the customer reports a "bad request" error or "Unsuccessful HTTP response" when clicking the reset link or entering a new password, first advise them to clear browser cache, update Google Chrome to the latest version, and try again on a laptop/PC.
  6. If the issue persists across multiple users, check with engineering — there may be a platform-wide issue with the password reset flow. (See Ticket #221899 where a systemic issue was identified and fixed.)
  7. BitGo support cannot manually reset a customer's login password. The customer must use the self-service forgot password flow.

Notes: The login URL is https://app.bitgo.com/web/auth/login. BitGo does not have an actively developed mobile app; the web login is the primary access method. Remind customers that resetting their login password does NOT change their wallet password — these are separate.

"Please try again to reset your password via this link : https://app.bitgo.com/web/auth/forgot-password/recover-password" "We cannot reset your password. You will need to use the Forgot Password prompt at login." "There was an ongoing issue with the password reset flow that was troubling many users collectively. This should be fixed now. Please try again and let us know if issue persists."

Scenario: password-wallet-recovery-recover#password-reset-email-not-received

Trigger: Customer attempts to reset their login password but does not receive the password reset email.

Signals: no email, reset email not received, password reset email, spam, not sending

Steps:

  1. Verify that the customer is using the correct registered email address. Look up the user in the admin tool to confirm.
  2. Ask the customer to check their spam, junk, and other email folders.
  3. Check internal logs to confirm whether the reset email was successfully delivered. (See Ticket #230757 where logs confirmed delivery.)
  4. If there is a known platform-wide email delivery issue, inform the customer and note that there may be a delay while backlog emails are processed. (See Ticket #196044.)
  5. If the customer's account cannot be found, they may be using the wrong email address.

Notes: BitGo support cannot manually send a password reset email. If delivery issues persist and are systemic, escalate to engineering.

"We have fixed this issue of sending out email notifications though there may still be a delay while backlog emails are processed. Please let us know if you are still not receiving emails from us after some time." "Our logs showed emails was successfully delivered to [EMAIL]. Please kindly check your spam or other folders the emails could had been redirected."

Scenario: password-wallet-recovery-recover#password-reset-error-on-submit

Trigger: Customer receives the password reset email and clicks the link, but encounters an error such as "An error occurred. Please try again later.", "bad request", or "Unsuccessful HTTP response" when submitting the new password.

Signals: bad request, error occurred, Unsuccessful HTTP response, password reset error, red bar

Steps:

  1. Ask the customer to clear all browser cache, update Google Chrome to the latest version, and retry.
  2. Recommend using a laptop or PC with the latest version of Google Chrome (not mobile).
  3. If the customer is on a test environment, confirm they are using the correct URL (e.g., https://app.bitgo-test.com/ for testnet).
  4. If multiple customers report the same error concurrently, escalate to engineering — there may be a platform-wide issue with the password reset flow.
  5. Once engineering confirms a fix, inform the customer to retry.

Notes: In some cases, incomplete or unapproved KYC has been observed to block the password reset flow. If the customer's KYC state shows as unverified or incomplete, coordinate with the compliance team and provide the customer with a Persona KYC verification link if needed.

"This has been resolved. Please retry your password reset." "Could you please clear all your browser cache and update the google chrome to the latest version and try again?" "Upon checking your account we could see your KYC has not been approved yet. We are looking into your KYC with our compliance team. Once they approve you should be able to rest your password."

Scenario: password-wallet-recovery-recover#wallet-password-vs-login-password-confusion

Trigger: Customer changed their login password and now finds that their wallet password no longer works, or gets "incorrect password" errors during withdrawal despite using the same password that logs them in.

Signals: incorrect password, wrong password, withdrawal error, wallet password different, login password changed

Steps:

  1. Explain to the customer that the wallet password is different from the login password. Changing the login password does NOT change the wallet password.
  2. The wallet creator must use the wallet passphrase they originally set when creating the wallet to authorize transactions.
  3. Any other user (Admin or Spender) who was invited to the wallet should use their own BitGo platform login password to authorize wallet actions.
  4. If the customer cannot remember the wallet password, direct them to the wallet password reset flow using the keycard (see scenario #forgot-wallet-password-has-keycard).
  5. To access the "Forgot wallet password?" option in the new UI, the customer may need to switch to classic view first: profile icon → "Switch to classic view"Trade > Wallet Details > Settings > Forgot Wallet Password.

Notes: This is one of the most common sources of confusion. Always confirm which password the customer is having trouble with before proceeding.

"This error indicate that an incorrect wallet password was input. Please kindly check the password and try again. Please also note that your login password can be different from your wallet password and if you had changed your login password, your wallet passwords will not change. Also, Please note the creator of the wallet will need to use the wallet passphrase they set for the wallet. Any other user will use their BitGo platform password." "The error message indicates that the wallet password used during the withdrawal request is incorrect. Please try again and make sure to use the correct wallet password. If you happened to forgot the wallet password you may goto Trade > Wallet Details > Settings > Forgot Wallet Password"

Scenario: password-wallet-recovery-recover#wallets-missing-from-ui-v1-migration

Trigger: Customer reports that their wallets (especially older v1 BTC wallets) have disappeared from the UI after the migration to the new interface.

Signals: missing wallet, wallet disappeared, wallets not showing, v1btc, old wallet, can't see wallet, white screen

Steps:

  1. Look up the user in the admin tool and identify their wallets and enterprise associations.
  2. If the wallets are not associated with an enterprise, use bga ent addwallet <wallet_id> to add them to the customer's enterprise so they become visible in the new UI.
  3. If an enterprise does not yet exist for the user, create one (with the reactOnly feature flag) and add the wallets to it.
  4. Once wallets are added to the enterprise, confirm with the customer that wallets are now visible.
  5. If the customer sees a loading spinner or white screen when navigating to wallets, ask them to clear their browser cache and navigate to the new UI URL directly (e.g., https://app.bitgo.com/2/0/home for production or https://app.bitgo-test.com/2/0/home for testnet).
  6. For older v1 BTC wallets, loading may be slow. Recommend creating a v2btc wallet and moving funds there for a better experience.
  7. If balance displays incorrectly on a v1 wallet (e.g., showing NaN or a cosmetic balance), inform the customer that the balance on v1 wallets may be cosmetic due to deprecation of v1 wallet support. Engineering may correct it in a future release.

Notes: This scenario was extremely common during the 2023 UI migration. Funds were never at risk — only the UI visibility was affected. The bga ent addwallet command is the primary fix for wallets not appearing in the new UI.

"We are in the process of migrating all customers to our new UI. Since this wallet was of an older format, it took more work to prepare for this migration. At no point was your wallet or funds in danger." "The balance on the v1 wallet is cosmetic and a result of support for these wallets slowly being deprecated. They say it is safe to ignore." "It seems this is related to your browser's cache, we have moved all the clients to the new UI. Please clear your cache then try to login using this link https://app.bitgo-test.com/2/0/home"

Scenario: password-wallet-recovery-recover#2fa-reset-for-wallet-access

Trigger: Customer cannot access their wallet because they lost their 2FA device (e.g., Google Authenticator on a previous phone) or the 2FA-based wallet password recovery flow returns an error such as "the coin is not supported."

Signals: 2FA, two-factor authentication, Google authenticator, lost phone, coin not supported, manual 2FA reset

Steps:

  1. If the customer can reset 2FA themselves via the platform, instruct them to do so first.
  2. If the self-service 2FA reset fails (e.g., "coin is not supported" error on older wallets), support must perform a manual 2FA reset.
  3. Before initiating the manual reset, verify wallet ownership by requesting ALL of the following:
    • Date of BitGo email verification (search for "Your BitGo Email Verification" in inbox)
    • 3 transaction hashes either to or from the wallet. If the customer does not have TXIDs, they must contact the Bitcoin exchange from which they first received bitcoin and request the TXIDs. If no transactions were ever made, the customer should state this.
    • Wallet balance in cryptocurrency (provide the name of the wallet). If no wallets were created, the customer should state this.
  4. If the customer cannot provide the above, they can alternatively provide: the First 8 characters and the Last 8 characters of the BitGo Public Key from their keycard, along with the name of the wallet the keycard applies to.
  5. Verify the submitted information against internal records.
  6. Once verified, perform the manual 2FA reset.
  7. Instruct the customer to log back in and set up 2FA again.

Notes: 2FA cannot be deleted entirely for security reasons — it can only be reset to allow the customer to re-enroll a new device. Older v1 wallets may encounter "coin is not supported" errors during the self-service 2FA recovery flow, requiring manual intervention.

"Before we can initiate the manual reset, we need to verify your ownership of the wallet. Therefore, we require all of the following information: Date of BitGo email verification... 3 transaction hashes either to or from your wallet... Wallet balance in crypto currency... If you do not have the above information, we can also accept the First 8 characters and the Last 8 Characters of the Bitgo Public Key from your keycard." "Thank you for submitting the information we requested. We have completed the process of resetting your Two-Factor Authentication. Please log back into your account, and follow the instructions to set up your Two-Factor Authentication again."

Scenario: password-wallet-recovery-recover#incorrect-password-version-error

Trigger: Customer encounters an incorrect_password_version error when trying to log in, particularly on unsupported devices or browsers.

Signals: incorrect_password_version, unsupported device, unsupported browser, mobile, Chrome

Steps:

  1. This error usually indicates the customer is accessing the site from an unsupported device or browser.
  2. Recommend using the latest version of Google Chrome on a computer or laptop.
  3. Ask the customer to clear their browser cache and try again.
  4. If possible, have the customer try accessing from another device (non-mobile).
  5. If the issue persists on a supported browser and device with cleared cache, escalate to engineering.

Notes: This error has been observed with accounts created via specific distribution portals (e.g., Cred). The password itself may not be the issue — the browser/device compatibility is more likely the cause.

"This error usually indicate you are accessing our site from a unsupported device or browser. We recommend using the latest version of Google Chrome on a computer or laptop to access our website for the best experience. Please try clearing your browser cache and then try again."

Scenario: password-wallet-recovery-recover#wrw-login-issues

Trigger: Customer cannot log in to the Wallet Recovery Wizard (WRW) tool despite valid BitGo credentials.

Signals: Wallet Recovery Wizard, WRW, can't log in, login credentials not working

Steps:

  1. Confirm the customer can log in to the main BitGo platform (https://app.bitgo.com/web/auth/login) successfully.
  2. Ask the customer to download and use the latest version of the Wallet Recovery Wizard from: https://github.com/BitGo/wallet-recovery-wizard/releases
  3. If the issue persists with the latest version, attempt to reproduce the issue internally and escalate to engineering if confirmed.

Notes: The WRW uses the same credentials as the main BitGo account. Older versions of WRW may have compatibility issues.

"If you are not already doing so, please try again with latest version of WRW and let us know if that still does not work for you - https://github.com/BitGo/wallet-recovery-wizard/releases"

Related

  • keycards-and-private-keys — Covers keycard generation, storage best practices, and the role of Box D in wallet password recovery.
  • key-recovery-service — Details on KRS providers like CoinCover and how backup key recovery works with 2-of-3 threshold signing.
  • managing-wallet-users — Explains wallet user roles (Admin, Spender) and how non-creator users authenticate wallet actions with their own login password.