How to Recover Your Cold Wallet with 24 Word Seed
Updated April 2024
A few years ago I set up a recurring buy for Bitcoin taking my business partner’s advice.
Every week my Stratus DCA bot automatically buys a fixed amount of Bitcoin spread across three smart limit orders.
I’m a BTC HODLer aka Bitcoin Maxi(malist). Bitcoin is a bearer asset.
Bitcoin is also fixed supply (hard cap of 21 million bitcoins), it’s divisible to the 100 millionth unit (0.00000001 called a satoshi – sat for short), and easily transferable without the need for a centralized bank to sit in the middle taking a piece and making up rules as it goes.
Chad says, “If you don’t own the keys, then it’s not your bitcoin.”
There’s Bitcoin then there’s everything else.
I know first hand how much it sucks when an exchange goes bankrupt and halts withdrawals.
After the FTX debacle, I now use multiple cold storage hardware wallets to hedge my exchange based hot wallet risk. I don’t trust any iPhone/software based app to custody some/all of my backup seed or the recovery process. If you want to learn more about what I set up, email me ryan@stratus.io
Storing your Bitcoin is a balance between:
- Availability: you can spend your Bitcoin
- Security: no one else can spend your Bitcoin
- Convenient: relatively easy, from your perspective, to manage
I forgot my cold wallet pin
In November when FTX went belly up, I set up my first hardware wallet (Ledger Nano S) and followed the instructions to write down my seed.
During Christmas break, I remember reading Mark Frauenfelder’s horror story on Wired about forgetting his cold wallet pin and thinking ‘oh boy, that would never happen to me.’
Fast forward a few months to May, and I’m cleaning out my inbox getting ready to go on vacation. My wife Corrie tells me the family room carpet is getting replaced while we’re gone.
Even though we have cameras and a security system I was uneasy about some of my crypto sitting on a cold storage device with strangers alone in the house.
May 17, 2023 4:00PM
I opened up the Ledger Live app on my Mac and connected the Nano S.
The Ledger turned on and the monochrome screen was prompting me to enter the 4-8 number pin.
I hadn’t touched the cold wallet device since November, but I remember thinking that 8 numbers would be harder to crack than a 4, 5, 6, or 7 digit pin.
I used the two buttons on the top of the device to enter: 51077722
——Invalid Pin—–

——2 Attempts Remaining—–

Ok, no big deal. Maybe it’s not 8. I thought it was 8, but I have a 6 digit pin that I’ve used before.
Tap, tap, tap and I enter ledger pin attempt #2: 510777
——Invalid Pin—–

——1 remaining attempt—–

May 17, 2023 4:05PM
I went online to the Ledger help section and searched up an article for what to do if you forget your pin.
I read that after a third failed attempt with an incorrect pin, the hardware wallet would reset to the factory default. Once the cold wallet resets, I can just restore the wallet with my 24 word recovery seed.
May 17, 2023 4:20PM
I pull out my trusty seed phrase recovery sheet that Ledger provided in the cold wallet packaging. The image below is the actual backup recovery seed written on paper. Notice anything!?

I outsmarted myself and forgot where I hid the recovery seed.
Panic set in. I spent the next 20 minutes reading the Ledger help section and trying to remember what those two missing words were or where I hid them.
Nothing. There was no digital or physical trace of 2 BIP39 words anywhere.
I had 1 remaining attempt to guess a pin. An incorrect pin meant the cold wallet would reset and could only be restored with the correct 24 word seed of which I was missing word #1 and #24.
Pro Tip – Leaving the last word of your 12/24 recovery seed is a critical mistake to avoid. An attacker would only need a maximum of 2,048 attempts to reconstruct your seed phrase. In fact, there are only 8 possible words if you know the first 23 words (in order), since the final word only contains 3 bits of entropy (2^3=8) since the final 8 bits are the checksum.
Nerd Alert: If you have the first 11 words of a 128-bit, BIP-39 mnemonic 12 word recovery seed and need to discover the 12th, it’s able to be brute forced pretty easily with a script. The first 11 words make up the first (11×11) 121 bits. The first 7 bits of the 12th (final word) are the last 7 bits of your seed. There are 2^7th = 128 words that would pass the checksum. Alternatively, you can calculate that, including the 4-bit checksum, there are only (2^4) 16 valid combinations given the 11 words. Once you have the 12 words, you can test each combination to find the recovery seed that accesses your wallet. ps – some wallets, like Sparrow, will help narrow this down for you only displaying the 128 possible words when you’re restoring a wallet from a seed after inputting the first 11 words.
Leaving ANY word off of the list, regardless of the position, creates a similar vulnerability. If word #5 is left blank and the recovery sheet is discovered, the attacker would be able to brute force your seed. No words on the BIP39 list start with the same first four letters.
May 17, 2023 5:00PM
Options to recover my Bitcoin wallet were dwindling.
Heart and mind racing, I tried to stay calm.
I didn’t perform the most exhaustive search for the two missing words but I was running out of time and surely didn’t want this hanging over my head on vacation.
I needed closure and started thinking through my options.
I figured that I wouldn’t have just committed the words to memory without some sort of clue. There was a prompt, a hint, a clue somewhere and I knew I would be able to piece together the correct 24 words.
May 17, 2023 5:15PM
I rolled the dice. My third and FINAL attempt to open the Ledger with: 5107
——Bitcoin—–

I’m in!
I still don’t have my 24 word seed phrase, so technically I’m not in control of my crypto.
The seed words, in order, are the algorithm for controlling my private key which are stored on the device.
A hash function (SHA256) is used to produce a verifiable result from any input data, by combining the input data (eg – outcome of dice roll) + checksum.
If you roll a dice 256 times, you have 256 bits of random source data (input).
For bitcoin the input data (dice roll outcomes) are put through a SHA256 hash function, which generates a checksum (128-256 input bits / 32).
Next, add the checksum to the END of the random input data.
Pro Tip: Make sure you are adding the binary checksum and NOT the hexadicimal formatted checksum. SHA256 hashing produces a hexadecimal sequence of numbers and letters which must be converted to binary (0s and 1s).
Now, the output of adding the checksum to the end of your input data produces 256 0s and 1s (ie – 10010100001….) are chunked into groups of 11.
Each ‘chunk of 11’ corresponds to a word on the BIP39 list of 2,048 words. The words, in order, are called your seed phrase and represent your encrypted private key for the wallet.
For example when you add checksums to the keys, |00011001110|00111101000| may translate to 206|488 which is used to find the corresponding word on the BIP39 list (boost|diagram). This is how your seed phrase is computed and is a much easier to manage than the long hexadecimal output string from SHA256.
Back to Ledger’s help section looking for help on what to do next.
I found this gem of an article about what to do if you lose your recovery seed.
May 17, 2023 5:30PM
My pin unlocked the Ledger and my device was connected to the Ledger Live app on my Mac.
The support article suggested to “quickly send all of your crypto assets to temporary accounts and generate a new set of 24 words.”
I copied the public address from my exchange wallet, then went back to Ledger Live to initiate a transfer of BTC from my cold wallet to my Bitcoin hot wallet.
May 17, 2023 5:35PM
Transferring Bitcoin from a cold wallet to a hot wallet took about 5 minutes to login, copy/paste the address, and confirm the quantity.
Easy-peasy.

——PENDING—–
The transfer was initiated and I was waiting for blockchain confirmation from the validators which can take up to an hour.
I watched and waited.
Refreshed and waited some more.
May 17, 2023 6:00PM
On what felt like the 100th page refresh the pending transaction switched to COMPLETE. The balance of my wallets increased in the correct amount and disaster averted.
I messaged my business partner to let him know why I’d been radio silent the past 2 hours.

I took his advice and followed the backup process.
When I got back from vacation, I wiped my Ledger Live accounts then proceeded to wipe my original Nano S.
The easiest way to wipe your Ledger Nano is to enter an incorrect pin 3 times in a row. Even though I had remembered my original pin, I still didn’t have the complete recovery seed and those accounts were worth $0 anyways.
I took great joy in forcing my cold wallet to reset.
I cover the Ledger setup step by step in this post.
As part of the setup process, I added an extra step of resetting the new wallet then restoring it with the recovery seed to confirm that I have the correct words in order.
If the recovery fails there are no consequences since I don’t transfer any crypto to cold storage until I successfully complete this step.
Backing Up Your Recovery Seed
Level 0 – Cloud Backup: stored in a cloud based password manager
- Protects against loss of wallet and physical damage.
- Most susceptible to ‘remote’ hacks, malware, third-party risks. NEVER screenshot, save a photo, or the plain text backup recovery seed.
Level 1 – Paper Backup: OG method to physically write and store seed on a piece of paper.
- Protects against loss of wallet and remote theft.
- Easy to hide, easy to lose or destroy. Use a sharpie not a pencil and store discretely on or offsite.
Level 2 – Metal Backup: Stamping your seed onto a metal plate.
- Protects against loss of wallet, remote theft, and physical damage.
- Resistant against fire and flood damage, susceptible to anyone with a metal detector or keen eye.
Level 3 – Pass-phrase: adding a word to your 12 or 24 word phrase.
- Adds an extra layer of security to your cloud, paper, or metal backup if discovered.
- Adds the risk of losing or forgetting your pass-phrase.
- Every wallet has a pass-phrase (“”), even if you don’t create one. Pro Tip – Create a honeypot with a tiny amount of crypto in an address using the default “” passphrase. If that crypto is moved, you know your seed was compromised and the bad actor is likely trying to brute force your ‘other’ pass-phrase. Immediately move your Bitcoin to a different wallet and identify the method of breach.
Level 4 – Combination (Multiple) Backups
- We strongly discourage storing your seed in a cloud in an online ‘hot’ environment.
- Metal or paper + passphrase is a preferred method to hedge against the discovery threat.
- Sharding, splitting up your recovery seed into multiple parts, and using different combinations of Level 1, Level 2, and Level 3 backups is widely considered the most secure albeit most complex method to protect your holdings. DYOR
Key Takeaways for Cold Storage
- If you don’t control your keys in cold storage somebody else (exchange, wallet provider, bank) controls your crypto.
- FDIC insurance doesn’t cover crypto (PayPal or Venmo either) in the case your keys are compromised in a hot wallet hosted by a third party.
- I looked into multi-sig wallets but abandoned that path when the options required an app that required a picture or digital input of my seed, blind trust in the company’s security and their pledge that they wouldn’t store the seed.
- Since I only transfer crypto from an exchange into my cold wallet, I don’t need anything except for the cold wallet public address. My hardware wallet remains set to factory default.
- I created an operational security process where I can restore and recover the cold wallet with the seed phrase with offline steps if I need to send crypto (which is rare). This is old school, legally binding, and built for anyone with more than $100k in crypto. Contact us.
- Could I have brute forced this? It’s been done before.

Luckily I unlocked my hardware wallet unlike this poor Redditor. Hopefully you can learn from my mistakes and avoid losing your crypto because you forgot to secure your pin or recovery seed.
Note: Stratus does NOT provide investment, legal or tax advice. All information in this article is for educational purposes and should not be interpreted as investment, legal or tax advice. The opinions expressed are those of the author for informational purposes and neither Stratus nor the author are liable for any errors, inaccuracies or omissions. Digital assets, such as cryptocurrencies or decentralized finance, present unique risks for investors. For investment, legal, tax, or other financial guidance you should consult your own advisor.