Scoutinternal

'Keychain does not have property encryptedPrv' / 'Unable to decrypt keychain with the given wallet passphrase' Error During Withdrawal

"Keychain does not have property encryptedPrv" / "Unable to decrypt keychain with the given wallet passphrase" Error During Withdrawal

Problem

When attempting to withdraw funds (crypto or fiat) from a BitGo wallet, the user receives one of two closely related error messages: "keychain does not have property encryptedPrv" or "unable to decrypt keychain with the given wallet passphrase". The error blocks the transaction from completing. This issue is extremely common among FTX creditor distribution recipients but also affects regular BitGo wallet users. It occurs across all asset types (BTC, USDT, USDC, SOL, USD fiat wire) and all withdrawal methods (crypto send, international wire transfer, domestic wire).

Diagnostics

  • Confirm the exact error message the customer sees. The two variants — keychain does not have property encryptedPrv and unable to decrypt keychain with the given wallet passphrase — have the same root cause (incorrect or missing wallet password) but may appear in different UI contexts.
  • Determine whether the customer is using the new UI or the classic (old) UI. The wallet password reset and "Forgot Wallet Password" options are only accessible in the classic view. Many FTX creditor users land on the new UI by default and cannot find the wallet settings.
  • Confirm whether the customer is the wallet creator or an added user. The wallet creator must use the wallet passphrase they set when the wallet was created. Any other user added to the wallet must use their BitGo platform (login) password.
  • Ask whether the customer recently changed their login password. Changing the login password does NOT automatically update the wallet password. For enterprise users, a login password change may require the user to be removed and re-added to wallets.
  • Check whether the customer has their wallet Keycard. If they have lost both the wallet passphrase and the Keycard, recovery options are limited (KRS or password-cracking service).
  • Check whether the wallet is linked. In at least one case, the error appeared because the wallet was not linked/accepted — the user had a pending wallet invitation visible only in classic view.
  • Distinguish between account password reset (Settings > Account Passwords > Update Password) and wallet password reset (Trade > Wallet Details > Settings > Forgot Wallet Password). Many customers confuse the two. Updating the account password alone does not resolve this error unless the wallet password was synced to the login password.

Resolution

Scenario: keychain-encryptedprv-property-error#incorrect-wallet-password-new-ui

Trigger: Customer sees "keychain does not have property encryptedPrv" or "unable to decrypt keychain with the given wallet passphrase" while attempting a withdrawal from the new (default) BitGo UI, and has not yet switched to classic view.

Signals: keychain does not have property encryptedPrv, unable to decrypt keychain with the given wallet passphrase, withdraw error, FTX distribution, wallet passphrase, cannot find wallet settings, cannot find forgot password

Steps:

  1. Inform the customer that the error means the wallet password used during the withdrawal request is incorrect. The wallet password is different from the login password.
  2. Instruct the customer to switch to classic view:
    • Step 1: Click on the profile icon in the top right corner.
    • Step 2: Click on "Switch to classic view".
  3. Once in classic view, direct the customer to reset or update the wallet password by navigating to: Trade > Wallet Details > Settings > Forgot Wallet Password.
  4. If the customer wants to update (not reset) the wallet password, the steps are: a. User inputs their current login password. b. User enters a new wallet password. c. User confirms the new wallet password. d. Complete the Upgrade.
  5. After the wallet password is updated or reset, the customer should retry the withdrawal using the new wallet password.
  6. Refer the customer to the FTX FAQ for additional context: https://www.bitgo.com/ftx-faq

Notes: Many customers report that updating the account password via Settings > Account Passwords > Update Password does not resolve the error. This is because the account password and the wallet password are separate. The customer must specifically update or reset the wallet password via the path described above. Switching to classic view is critical — the wallet password settings are not available in the new UI.

"If you are running into this (keychain does not have property encryptedPrv) error, you may need to reset the trading wallet password. To reset the password, please follow below steps: 1. Login 2. Navigate to Trade > Wallet Details > setting 3. Go to Settings 4. Update Wallet Password 5. Enter Password Details a. User inputs their current login password. b. User enters a new wallet password. c. User confirms the new wallet password. 6. Complete the Upgrade. Please switch to classic view first and then follow the steps suggested." (ticket #204407)

"Thanks, switching to Classic View did the trick!" (ticket #206521)

"I managed withdrawing funds. The point was switching to classic mode" (ticket #206755)

Scenario: keychain-encryptedprv-property-error#login-password-confused-with-wallet-password

Trigger: Customer insists their password is correct because they can log in to BitGo, but the withdrawal still fails — they are entering the login password instead of the wallet password.

Signals: unable to decrypt keychain, password is correct, verified my password by logging in, login password, wallet passphrase, same password

Steps:

  1. Explain that the BitGo login password and the wallet password can be different. When creating a wallet, the user had the option to set a wallet-specific password or use their login password. If the login password was later changed, the wallet password does NOT change automatically.
  2. Instruct the customer to try the original password they set when the wallet was created (if they remember it).
  3. If the original wallet password is forgotten, direct the customer to switch to classic view and navigate to: Trade > Wallet Details > Settings > Forgot Wallet Password.
  4. The "Forgot Wallet Password" flow may require the wallet Keycard (specifically "Box D" data from the Keycard) to complete the reset.
  5. After successfully resetting the wallet password, retry the withdrawal.

Notes: The wallet creator uses the wallet passphrase they set at wallet creation. Any other user added to the wallet uses their BitGo platform password. This distinction is important for multi-user wallets.

"Please also note that your login password can be different from your wallet password and if you had changed your login password, your wallet passwords will not change. Also, Please note the creator of the wallet will need to use the wallet passphrase they set for the wallet. Any other user will use their BitGo platform password." (ticket #43)

"Please note: The wallet password is different from your login password." (ticket #205470)

Scenario: keychain-encryptedprv-property-error#login-password-changed-enterprise

Trigger: An enterprise user recently updated their login password and now receives "unable to decrypt keychain with given wallet passphrase" when approving withdrawals.

Signals: updated my password to login, approve withdraws, unable to decrypt keychain with given wallet passphrase, enterprise wallet, password update

Steps:

  1. Inform the customer that if they reset or update their login password, they must be removed and then re-added to their wallets before they can spend from them again.
  2. Coordinate with the wallet admin or enterprise admin to remove the user from the affected wallet(s) and re-add them.
  3. After being re-added, the user should be able to sign transactions using their new login password.

Notes: This applies specifically to users who are not the wallet creator and whose spending key is encrypted with their login password. Re-adding the user re-encrypts their keychain with the new password.

"If you reset/update your login password, you must be removed and then re-added from your wallets before you can spend from them once more." (ticket #70138)

Scenario: keychain-encryptedprv-property-error#wallet-not-linked

Trigger: Customer repeatedly changes passwords but the error persists; upon switching to classic view, a pending wallet invitation is visible that was never accepted.

Signals: keychain does not have property encryptedPrv, changed password multiple times, not working, wallet wasn't linked, pending invitation

Steps:

  1. Instruct the customer to switch to classic view (profile icon > "Switch to classic view").
  2. Check for any pending wallet invitations or setup steps that were not completed.
  3. Accept the pending invitation and complete the wallet setup, which includes setting a wallet password.
  4. Retry the withdrawal.

Notes: This scenario is less common but was confirmed in tickets where password resets had no effect. The underlying cause was that the wallet had never been fully linked/accepted by the user.

"Turns out the whole issue was because wallet wasn't linked" (ticket #205759)

"After opting for the Classic View, I saw a pending invitation from 4 months old to create the wallet and was then able to get the wallet password sorted." (ticket #207481)

Scenario: keychain-encryptedprv-property-error#lost-keycard-and-password

Trigger: Customer has forgotten their wallet password and does not have their wallet Keycard, so the "Forgot Wallet Password" flow cannot be completed.

Signals: forgot wallet password, lost keycard, cannot decrypt, Box D, keycard not available, no way to recover

Steps:

  1. Confirm the customer does not have the wallet Keycard and cannot recall the wallet password.
  2. Inform the customer that BitGo does not hold a copy of the wallet passcode and cannot reset it without the Keycard.
  3. If the customer chose to store their wallet backup key with a Key Recovery Service (KRS) partner at wallet creation, BitGo and the KRS can work together to recover the wallet. The KRS charges a fee of $99.
  4. To initiate KRS recovery, collect the following from the customer:
    • User ID (the email address used to log into BitGo)
    • The wallet Address of the wallet to recover
    • The wallet Name of the wallet to recover
    • The destination address (must be a BitGo wallet)
    • The date the account was created
    • The estimated balance of the account in coin
  5. If KRS is not an option, an alternative is to use a third-party wallet recovery (password-cracking) service. This is viable if: the wallet holds more than $250 in value, the customer has some idea of what the password may be, and they are willing to pay a fee (typically ~20% of wallet funds).
  6. If neither option is feasible, there is no way for the customer or BitGo alone to recover access to the wallet.

Notes: Ask the customer to share the first 8 and last 8 characters of the public key shown on any Keycard they do have, so support can verify whether it matches the correct wallet. Customers with multiple wallets (e.g., v1 and v2) may be attempting to use the wrong Keycard.

"If you have lost or forgotten the passcode to your wallet and you've lost your Keycard then there is no way for you or for BitGo alone to recover access to your wallet." (ticket #200627)

"Can you share the first and last 8 characters of the public key as shown on the keycard so we can verify this is the correct keycard for the wallet?" (ticket #200627)

Related