User story: Haste makes waste
Bitcoin seed phrases or mnemonics are a combination of 12 to 24 words selected randomly from a known dictionary by your wallet software or hardware device. When a user is presented with their seed phrase, they are instructed to carefully write it down on a piece of paper and store it somewhere safe. Unfortunately, sometimes users neglect to follow these instructions and end up quickly writing their seed phrases on random pieces of paper that are then crumbled and stained in various ways.
Recently we were contacted by Sam who had his Ledger broken into pieces in an unfortunate turn of events. Sam had recently gone through a divorce and some of the ETH stored on the Ledger device belonged to his father in law who wanted to cash out. Sam remembered that he followed the instructions and wrote down his 24 word seed phrase, but when he pulled out the piece of paper and tried to restore the seed to a newly bought Ledger device he soon found that he can't read some of the words he had written down.
Highlighted are the unknown words as the rest are legible enough for us to read. Initially, we thought that we could probably solve this manually as we've been working on so many partial seed cases that we were confident that we could recognize most of these words, but we were wrong, very wrong.
1. Crouch
3. Blind
6. Battery
7. Oven
13. No idea, but it looked like it ends with 'ral'
Looking at these words carefully, we were pretty sure about 1, 3 and 7, but 6 can't be right. For us it read 'batery' so our brains immediately assumed Sam forgot to write the extra 't', but Battery is not a part of the BIP39 wordlist that is used by Ledger.
We decided to give up on the manual recovery route and make some adjustments to our already existing tools that handle partial seed recoveries. If we treated these words as completely lost, it would make this case nearly impossible to resolve since 5 missing words means going through A LOT (2048^5) of possible seed phrases.
Our seed recovery tool was modified to accept either complete words, like those we can definitely recognize and partial words where could include recognizable letters and let it run through the BIP39 wordlist for any matching words that using them produced a valid seed phrase.
Finding valid seed phrases is only one part of the process, we still need to use some common derivation paths to generate ETH addresses and check for any balances or transactions on those addresses. Even though there is a standard for derivation paths, some wallets (and in some cases only for some coin types) choose non-standard derivation paths.
To better understand derivation paths, imagine that each seed phrase represents an entrance key to a tall apartment building with hundreds of floors and thousands of doors. Your precious coins are behind one of the doors but to be absolutely sure if they're there or not you must check all doors or know exactly where they are. Although automated, this is a lengthy process that we would like to avoid, so we can look at some of the common doors the coins are usually behind. If we come up short, we can always check all doors.
Running our modified tool found over 7 billion valid seed phrases matching the relevant information we could gather from the piece of paper. After going through almost half of these seed phrases, we were able to find the correct and complete phrase that had the missing ETH. To our disbelief, these were the missing words.
1. Crouch
2. Bread
6. Betray
7. Oven
13. Moral
We securely recovered Sam's funds and transferred the coins to a freshly created Ethereum address that he has created for us.
Need help recovering your seed phrase?
We at Brute Brothers have special software and hardware to help recover partial seed phrases for all wallet types. Contact us for more details.