Blockchain.com is by far the most common and one of the first ever Bitcoin wallets holding over 70 million customer wallets according to latest statistics. In the past, creating your wallet was a cumbersome task, most wallets required the user to download the entire blockchain database, a process that took a couple of days. Users who wanted fast access to a web wallet could simply use Blockchain.com and get access to their own private wallet in a matter of minutes. This and the intuitive UI offered by Blockchain.com made it a good choice for the average user.
Need help recovering your password?
Blockchain.com's security model
Normally, a locally installed wallet allows you to back up your encrypted wallet file and as long as you keep record of your password and have access to the encrypted file, you can decrypt it and access your coins.
With Blockchain.com, instead of having an encrypted wallet file, the user is insturcted to select a password and is given a Wallet ID in the form of a GUID (i.e. 00f4fcc0-b3ed-441d-b05f-e4fa2b98f896). All private information including the private key is then encrypted using the password that was selected by the user and uploaded to Blockchain.com's servers for storage. As long as you have your Wallet ID and you password you should be able to access your funds.
Recovering your lost Wallet ID
If you've lost record of your Wallet ID, you can find it in the following methods:
Searching your email Inbox for any emails from Blockchain.com
Each and every email you ever received from Blockchain.com contains your Wallet ID at the bottom of it.
Online Wallet ID reminder utility
Blockchain.com has an online utility that will send you a reminder email for all Wallet IDs linked to a given email address
Recovering your 2FA device
If you've set up a 2FA on your Blockchain.com account, disabling it an easy process but requires their staff to manually approve your request which takes up to 2 weeks. Use this page to initiate the process.
Recovering your Blockchain.com password
If you've forgotten your account password, you can try and recover it. Blockchain.com cannot access or recover the password for you as they do not store it but rather encrypt all sensitive information with the password you selected when you created your wallet
The basic approach to recovering your password is to create an Excel sheet with all relevant and optional passwords that you might have used, then, expanding each option to multiple other options. For example, if you usually use the password Password123 then you may want to include Password1234 and Password111. After listing all options, you can copy and paste each option and try to decrypt your wallet via Blockchain.com's website. Don't worry - You can try as many times as you want since the decryption process happens in-browser and does not communicate anything back to their servers until you hit the correct password.
Recovering with BTCRecover
A more advanced approach is to use Brute Force or Dictionary attacks on your wallet. This will allow you automate a part of the process in case you could not find the correct password manually. BTCRecover is an open source software developed by gurnec (and currently maintained by 3rditeration) and can help you scale your cracking attempts.
Using BTCRecover requires some technical knowledge and has basically two ways to recover your password:
- Using a dictionary attack - Requires you to create a long list of possible passwords in a text file and feed it to BTCRecover
- Using a token file - Allows you to create structures of passwords that you might have used and attempt any password that matches the pattern you provided.
First, install BTCRecover by following these instructions, then use the
download-blockchain-wallet.py script to download your encrypted wallet to your local machine.
Using a dictionary attack
Once you have your wallet locally, you can start creating your dictionary. This is a simple process where you create a new text file and input every password you can think of that may have used when creating your Blockchain.com account.
The final step is to run BTCRecover, providing it with the required parameters.
wallet.aes.json is the file downloaded via the
download-blockchain-wallet.py script and
my-passwords.txt is your dictionary.
python3 btcrecover.py --wallet wallet.aes.json --passwordlist my-passwords.txt
Using a token list
Token lists can be really simple or really complex, depends on how you want to use them. To fully understand how token lists work, you can read this instruction page. To get back to our
Password123 example, let's say we're not sure if we've capitalized the
P or if we used
123/1234/111/123456 or any other combination of numbers. A good token to represent all of the possible options is the following
The above will generate passwords with an upper case and lower case
P and will append any digits in the length of 1 to 6. Relevant candidates for the above token are:
Password123 Password111 password91874 password000000
To run your token list attack, simply use the following command
python3 btcrecover.py --wallet wallet.aes.json --tokenlist my-tokens.txt