Bitcoin security tips
Lost bitcoin and what to do in a crypto emergency
Keep assets under your control with a Trezor hardware wallet.
Losing access to cryptocurrencies is a serious problem, as they can rarely be recovered. Luckily, there are many situations where it may not actually be so bad as you thought, especially if you use a hardware wallet to protect your keys and have your recovery seed safely backed up.
Below we’ll cover a few emergency situations that you might encounter and how to recover bitcoin or another cryptocurrency you may have lost access to.
There are two distinct groups of user which need to be considered: those who keep their keys in cold storage like a Trezor hardware wallet, and those who use an internet-connected device (phone, laptop, etc.) to store their seeds. This article will only address hardware wallet users, as the number of exploits for mobile wallets and so on is too extensive to address in a single article.
Need a hardware wallet? Get one today at https://shop.trezor.io
Contents
- Lost or forgotten PIN
- Lost or forgotten passphrase
- Lost or damaged hardware wallet
- Has your recovery seed been compromised?
- Sent cryptocurrency to the wrong address
- Physical threats and wrench attacks
What to do if you lose access to your Bitcoin
There are a number of ways that Bitcoin can be lost, but if your keys are stored safely within a hardware wallet and your seed is securely backed up in physical form, it is unlikely to have been stolen.
Scams often target your seed words, while malware might swap the transaction recipient address for another. User error or oversight is almost always the culprit: as long as you use your Trezor correctly, keep your secrets confidential and only trust the information shown on your Trezor screen, these threats can be avoided.
Most blockchain-based network transactions are irreversible. You might never get back your funds once they are transferred out of an address you hold the keys to.
The first thing to do if you suspect your Bitcoin has been stolen is to look for outgoing transactions and to look up your wallet address using a blockchain explorer like Trezor’s blockbook. If there is no queued transaction or sign of on-chain activity such as a record of a transaction being carried out without your knowledge, then your cryptocurrency is probably not lost, it is likely simply not being reported by Trezor Suite or the interface you are using.
On the other hand, if the problem is that you can not access your hardware wallet, there are a number of problems which may be fixable:
Lost or forgotten PIN
If you have forgotten your PIN but have access to your recovery seed, you can restore access to your coins in a matter of minutes by performing a device recovery. This is a simple process that wipes all data from your hardware wallet — i.e. it deletes the seed words from its memory — and forces the device to forget there was ever a PIN set for the wallet. Follow our guide to device recovery on Trezor Wiki to reset your device and import the backup seed.
Once you have restored your seed on the device, you should be able to access your funds as before and can set a new PIN that you can be sure you will remember.
Lost or forgotten passphrase
Passphrases are much more complex than PINs. A passphrase is used as a cryptographic salt that encrypts your recovery seed. This means that whatever passphrase you set is taken as an input in an equation where the second input is your seed. Combined together, these two data points produce a unique output that is practically impossible to guess without knowing both inputs: the seed and the passphrase.
While your recovery seed is stored in the device and used for calculations, if a passphrase has been set it must be entered before any action can be performed by your Trezor. The passphrase is not stored by your Trezor so either write it down on paper and store it somewhere secure, or memorize it and then also write it down and store it somewhere secure — it’s a bad idea to rely solely on memory when your funds are concerned.
If your passphrase has been lost or forgotten and you have no backup, the likely scenario is that you will not be able to access the funds secured by the passphrase until computers become much more powerful and capable of brute-forcing the encryption. This will not be possible for many years.
Do not contact companies who claim to perform recovery services, as they are likely to be scammers and could steal any funds not secured by the passphrase or convince you to part with money or information.
Lost or damaged hardware wallet
If your Trezor hardware wallet is lost, stolen or damaged but you have the recovery seed backed up securely, your funds can easily be recovered to any other BIP39-compatible wallet. Most mobile, desktop and hardware wallets use BIP39 standard for recovery, meaning most products will work for this.
Before restoring your wallet, make sure to check that the new wallet is from a legitimate source and there are no major security risks. Generally, it is best to restore your funds to a device that is not capable of connecting to the internet, so it is best to use another hardware wallet. Do not panic as rushing this process could result in loss of funds due to using a malicious app or other security oversights.
Recovering a wallet seed using a new Trezor hardware wallet is a straightforward and secure process. Once you select how many words the seed uses, you will enter your recovery seed directly on the device if using a Trezor Model T. With a Trezor Model One the process requires you to enter words using your computer in a random order to protect from keyloggers.
Has your recovery seed been compromised?
The most essential step in securing your bitcoin is to protect your recovery seed.
With our latest backup solution, the Trezor Keep Metal, you can protect your recovery seed with unparalleled peace of mind. Expertly made from premium stainless steel, the Trezor Keep Metal protects your backup against fire, water, acids, and impacts.
If you believe your seed has been compromised in any way, you must take immediate steps to transfer your assets out of the compromised wallet.
You could lose your bitcoin seed if you have stored it insecurely and suffered a break-in, or if you live with other people. There are also phishing websites which ask for you to enter your seed — something you should never do — and malicious apps which you may have downloaded that can read keystrokes, observe your accounts or simply ask for your seed phrase.
As long as your seed is only stored on your Trezor and backed up in a secure location only you can access, and you have never digitized it, it should be safe to use.
If you suspect someone other than you has gained access to your cryptocurrency seed and you still have access to the seed here’s what to do:
You must have your seed next to you when attempting this recovery process.
- Set up a new wallet from scratch by wiping your device and following the device onboarding process to generate a new seed.
- Create accounts and generate receiving addresses for any coins you will be moving. Take screenshots of the QR code or copy the receiving address shown on your device.
- Wipe the device again and restore the original seed.
- Transfer any and all funds to the addresses created by your new seed. In this scenario it is best to set a higher fee to make sure the funds are moved in the next block.
- Any funds you manage to move will no longer be associated with the compromised seed.
This process is easier and quicker when you have access to multiple hardware wallets because you can create a new seed alongside the existing one. It is important not to panic during this process: if your funds have not been moved by the time you noticed your seed has been compromised, move them securely in this manner instead of rushing the process by relying on less secure wallet apps which could lead to coin loss.
Another way to speed up this process is to prepare a new wallet through the device-wiping and recovery seed creation process in advance, then keep copies of the addresses generates to send to in case your other seed is compromised. In this case, the second seed must be stored securely separate from your main wallet’s recovery seed.
Sent cryptocurrency to the wrong address
If you have sent a cryptocurrency to an address used for a different cryptocurrency, it is often possible to recover, but recovery can be difficult and may fail outright. If you know you sent some coins to an address used by a different network, the process is complicated and should not be attempted unless you are a confident advanced user.
To retrieve cryptocurrency sent to the wrong address, you may need to use additional third party tools — do not source these from Google, you are very likely to be scammed. The process is fairly technical and varies depending on the network and currency involved so to avoid losing any crypto assets, do not attempt to recover coins alone.
In some cases it is necessary to try and sign a transaction from a particular derivation path while others simply require configuration of some wallet settings. Trezor hardware wallets have safety checks in place that prevent users from accidentally changing certain parameters, so please contact Trezor Support for step-by-step guidance on how to recover any coins sent to the wrong type of address.
Physical threats and wrench attacks
Remember, there is no security solution that will offer protection from physical attacks beyond round-the-clock monitoring and bodyguards. These are not realistic for most, so it is best to not draw attention to yourself and never say how much crypto you own: once people have been told a number they remember it, even if you happen to lose all your assets in the meantime.
Even if you have only modest holdings, when bitcoin’s value increases significantly people may remember you and estimate the value of your previously-disclosed figure.
When facing threats of physical harm or kidnapping, cooperation is a must. There is nothing more important than self-preservation, and it is not recommended to try to outsmart any assailant or abductor. That said, since the attacker should not know how much bitcoin you have, there are ways to segregate your funds across wallets or by using passphrases that could help preserve some or most of your savings while cooperating fully with demands.
Attackers are rarely sympathetic to excuses. It is best to be able to give them what they want and only aim to minimize losses. A complex multisig setup which prevents you from giving away any funds at all may frustrate a would-be thief and lead to a dangerous scenario. If they have an understanding of cryptocurrencies and wallets, or any knowledge about your investment and security strategy, it is unwise to attempt to trick them.
Splitting funds across multiple hardware wallets is one way to protect a portion of your holdings from being lost should one wallet need to be handed over. Using passphrases to create hidden wallets can also protect the greater part of your funds while offering plausible deniability by letting an attacker take funds from your standard non-passphrase protected wallet. The more a hostile party knows about you and your security strategy, the less effective this will be.
