Cardano Daedalus & Yoroi Recovery

Cardano (ADA) users most often reach this page after one of two panic moments: they opened Daedalus after months of inactivity and found they could not recall the spending password, or they lost the laptop with their wallet and are now holding a slip of paper with 24 words, unsure of what to do next. The answers are opposite. A lost spending password is usually a non-event. A lost recovery phrase is usually terminal. This guide explains why, and what exactly happens inside Daedalus and Yoroi when you click "unlock".

Two layers of encryption, two completely different recovery stories

When you create a Cardano wallet, the software does two things in sequence. First, it generates a 24-word recovery phrase (BIP39 English wordlist, 256-bit entropy for Shelley wallets, 128 bits / 12 words for legacy Byron wallets). That phrase is deterministically hashed into a root private key using BIP39 + Cardano's own BIP32-Ed25519 derivation. Second, it asks you for a spending password and uses that password to encrypt the root private key on disk. The encrypted blob is then written into the wallet database.

The recovery phrase regenerates the root private key at any time on any Cardano-compatible wallet. The spending password is local only — it exists purely so that a thief who grabs your laptop cannot spend your ADA without also knowing that password. The two are independent. This is the single most important concept to grasp and the reason most "Cardano password recovery" searches should actually lead to "just restore from your seed phrase".

Byron vs Shelley — which era is your wallet?

Cardano's "Byron" era (2017–2020) used 12-word recovery phrases and a distinct address format (addresses starting with Ae2 or DdzFF). "Shelley" (2020 onward, post-hardfork) introduced 24-word phrases, staking addresses (addr1 prefix), and delegation. Yoroi and Daedalus both still support restoration of Byron wallets, but staking requires migration to a Shelley wallet.

Where Daedalus stores the wallet on disk

The wallet files live in your operating system's user data directory under the Daedalus profile:

Inside the wallets folder are SQLite databases (she.sqlite for Shelley, rnd.sqlite for Byron) plus a sibling secret.key file per wallet. The secret.key file is what holds the encrypted root private key. If you copy just the wallets/ folder to a new machine before uninstalling Daedalus, you can reinstall and resume with the same spending password — no recovery phrase needed.

The anatomy of Shelley secret.key

Shelley-era Daedalus uses the following cryptographic stack, confirmed from the cardano-wallet source code:

# secret.key byte layout (simplified)
header:    magic bytes "\x8a\x18"   # CBOR framing
salt:      16 bytes random
iv/nonce:  12 bytes (ChaCha20 nonce)
ciphertext: N bytes (enc root key + chain code)
tag:       16 bytes (Poly1305 MAC)

# Key derivation
key = Argon2id(
    password=utf8(spending_password),
    salt=salt,
    memory=65536 KiB,   # 64 MB
    iterations=3,
    parallelism=4,
    output_len=32
)

# Decryption
plaintext = ChaCha20_Poly1305_decrypt(
    key=key,
    nonce=iv,
    ciphertext=ciphertext,
    tag=tag
)

Three observations drive the recovery strategy:

• Argon2id with 64 MB memory is deliberately hostile to GPUs. Each guess needs 64 MB of fast RAM per parallel candidate. A high-end consumer GPU with 24 GB VRAM can run at most 300–400 parallel candidates, and each one takes 150–300 ms. Real-world throughput: 5–50 guesses per second on a modern CPU, maybe 2–10× that on a GPU with heavy tuning.
• Poly1305 MAC means wrong passwords fail cleanly — no false positives. The tag either verifies or it doesn't.
• ChaCha20 is a stream cipher and extremely fast once the key is derived. All the cost is in the KDF.

Yoroi light wallet — a different story

Yoroi is a browser extension and mobile app maintained by Emurgo. It stores its encrypted root key inside the browser's IndexedDB under the extension's storage area (path varies by browser, same extension-ID pattern as MetaMask). Yoroi historically used PBKDF2-HMAC-SHA512 with 19,162 iterations (an oddly specific number inherited from an old Cardano-specific library), followed by ChaCha20-Poly1305.

PBKDF2 is GPU-friendly in a way Argon2 is not. Extracting a Yoroi encrypted key and running it through a modified btcrecover Cardano module can achieve 200k–800k guesses per second on a consumer GPU — orders of magnitude faster than attacking Daedalus. If your funds are in Yoroi and you forgot the spending password, brute force is a realistic option; if your funds are in Daedalus, it is a last resort.

Scenario 1: You have the 24-word recovery phrase

This is a 5-minute recovery. The spending password becomes irrelevant.

1. Install Daedalus fresh (or use Yoroi for faster sync). Both are available at daedaluswallet.io and yoroi-wallet.com — verify the domain carefully, phishing clones are rampant.
2. On the welcome screen choose Restore Wallet.
3. Select Shelley for 24 words or Byron for 12 words. If you pick wrong, the wallet restores to an address branch with zero balance — don't panic, just redo with the other type.
4. Enter the 24 words in order. The interface autocompletes each word from the BIP39 wordlist, so typos on individual letters are caught.
5. Set a brand new spending password. The old one is no longer needed anywhere.
6. Wait for chain sync. Daedalus takes 3–12 hours on a fresh install (the full chain is large). Yoroi takes 30 seconds.

Scenario 2: You have the wallet file but no recovery phrase, forgot the spending password

This is where brute force becomes the only option. Copy the entire wallets/ folder to a separate machine (never work on the original files — corruption is permanent). Extract the encrypted secret key from secret.key. For Daedalus Shelley, a Python helper script using pycardano, cryptography, and argon2-cffi can iterate password candidates:

# Simplified Daedalus Shelley attack loop
from argon2.low_level import hash_secret_raw, Type
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305

salt = open("secret.key.salt", "rb").read()
nonce = open("secret.key.nonce", "rb").read()
ct_with_tag = open("secret.key.ciphertext", "rb").read()

for pw in open("candidates.txt"):
    pw = pw.strip().encode("utf-8")
    key = hash_secret_raw(pw, salt,
                          time_cost=3,
                          memory_cost=65536,
                          parallelism=4,
                          hash_len=32,
                          type=Type.ID)
    try:
        pt = ChaCha20Poly1305(key).decrypt(nonce, ct_with_tag, None)
        print("FOUND:", pw.decode())
        break
    except Exception:
        continue

Realistic speeds: a modern i7 reaches ~30 guesses per second. A 6-core workstation parallelized: ~150/s. 24 hours of compute at 150 guesses/second covers only 13 million candidates — enough for a strong dictionary + simple rules, nothing close to a full 8-character keyspace. If your password was random, GPU brute force is infeasible at any budget.

If your password was based on a dictionary word, year, name, or personal detail, the recovery becomes tractable. Hints dramatically narrow the search: partial memory of the password ("started with my dog's name", "ended in 2020"), character class hints (no symbols, at least one number), and length range can reduce a 100-trillion-candidate keyspace to a few million — hours instead of millennia.

Scenario 3: Yoroi password forgotten, vault intact

Much friendlier. Extract the vault from browser IndexedDB using a process nearly identical to our MetaMask vault extraction guide — open chrome://extensions → Developer mode → Inspect the Yoroi service worker → Application tab → IndexedDB → copy the encrypted blob. Run btcrecover with --wallet-type cardano-yoroi (experimental) or a custom Python script using the same PBKDF2 + ChaCha20 recipe but with much faster GPU-accelerated key derivation.

Scenario 4: Recovery phrase lost AND wallet file lost

Funds are inaccessible. No service, technique, or brute force can recover a Cardano wallet without either the seed or the encrypted file. If you have only one of: (a) old screenshots of the wallet's receive address, (b) memory of approximate balance, (c) the email used to register — none of these help. Cardano is self-custody; there is no customer service recovery like there is for exchanges. This is where Coinbase / Binance custodial accounts differ from Daedalus / Yoroi self-custody (see our custodial vs self-custody guide).

Hardware wallets and Cardano

Ledger and Trezor both support ADA natively through the Adalite, Typhon, or Eternl wallet frontends. When using a hardware wallet, the private key never leaves the device. The "spending password" concept is replaced by the device PIN. If you forget the hardware wallet PIN, three wrong attempts wipe the device — at which point you restore from your 24-word recovery phrase to any Cardano wallet (software or new hardware). See our hardware wallet recovery guide for PIN-wipe details and passphrase handling.

Realistic throughput table — Shelley secret.key

Compare with MetaMask's mode 26600 which runs at 9 million guesses/sec on an RTX 4090 — Argon2 is roughly 10,000× slower. This is by design.

Recovery matrix

A note on Daedalus Flight and testnet

Daedalus Flight is a pre-release channel; its wallet files are stored separately from Daedalus Mainnet. If you are restoring and your wallet does not appear, verify which channel you used originally. Testnet wallets (tADA) hold no mainnet value — if you mixed them up, your mainnet ADA is still safe on the real chain.

Related guides

• BIP39 seed recovery — if your 24-word phrase is missing a word or two, GPU brute force can fill in the gap.
• MetaMask vault recovery — similar browser-extension attack surface as Yoroi.
• Hardware wallet recovery — PIN, passphrase, and bricked-device procedures for Ledger and Trezor.
• Custodial vs self-custody recovery — why Daedalus is different from a Coinbase account.
• Crypto wallet recovery scams — "ADA recovery services" are 95% frauds; read before paying anyone.

Frequently asked questions