User story: The Toast Wallet surprise
TL;DR: A customer was sure their Toast Wallet passphrase was correct, but the app rejected it. The solution wasn't the passphrase at all — it was the 6-word recovery phrase they had almost forgotten about. Toast Wallet uses two separate credentials, and the recovery phrase can decrypt the backup directly, bypassing the passphrase entirely.
We get a lot of Toast Wallet recovery cases. Ever since the app was pulled from the iOS App Store and Android Play Store in 2020, users have been finding themselves locked out of wallets they thought were safe. Most of these cases follow a familiar pattern: the customer has their encrypted backup but forgot their password, and we run our password cracking tools against it.
This case was different.
The problem
A customer reached out to us saying they knew their passphrase. They were sure of it. They had used the same passphrase for years and remembered it clearly. The problem was that Toast Wallet kept rejecting it.
They had tried every variation they could think of: different capitalization, adding numbers, swapping characters. Nothing worked. After weeks of frustration, they contacted us for help.
Two keys, one door
When we started investigating, we noticed something the customer had overlooked. Toast Wallet actually uses two separate credentials:
- The passphrase - a password you choose when creating the wallet, used to encrypt your wallet data
- The 6-word recovery phrase - six English words generated by Toast, which serve as an alternative decryption key for the encrypted backup
These are not the same thing, and they are not interchangeable within the app. But when it comes to recovering a wallet from the encrypted backup file, the recovery phrase can be used to decrypt the wallet directly, bypassing the passphrase entirely.
We asked the customer if they had their 6-word recovery phrase. After digging through old files, they found it written on a piece of paper they had tucked away and forgotten about.
The recovery
Using our custom Toast Wallet solver, we were able to decrypt the wallet directly using the 6-word recovery phrase. No passphrase cracking needed. The wallet was open within minutes, and we transferred the customer's XRP to a fresh address they created.
It turned out the customer's passphrase was likely correct all along, but a subtle issue with how they were entering it into the wallet app (which was no longer available for download) was causing the rejection. The recovery phrase bypass made the whole question irrelevant.
The lesson
This case highlights something we see regularly: customers sometimes misunderstand which credential unlocks their wallet. Different wallets use different combinations of passwords, PINs, seed phrases, recovery phrases, and passphrases. Knowing exactly what you have and what each credential does can save you a lot of frustration.
For Toast Wallet specifically:
- Your encrypted backup (a long JSON string) is required for any recovery. Without it, recovery is not possible.
- If you have your 6-word recovery phrase, you can decrypt the backup directly, even without the passphrase.
- If you have your passphrase but not the recovery phrase, the passphrase alone is sufficient to decrypt the wallet.
- If you have neither, we can attempt to crack the passphrase using GPU hardware, provided you can give us some hints about what it might be.
Need help with your Toast Wallet?
If you are locked out of your Toast Wallet, contact us with your encrypted backup and whatever credential information you have. We have recovered hundreds of Toast wallets and built custom solver tools specifically for this wallet type. Our fee is 15% of recovered funds, only if recovery is successful.
