lost-my-walletrecovery.lab
Recover →
Security

Crypto Wallet Seed Phrase Security

TL;DR — A 12-word BIP39 seed phrase has 128 bits of entropy (3.4×10^38 combinations) — computationally impossible to brute force. Losing 1-2 words is recoverable with GPU assistance. Losing 3+ words becomes exponentially harder. 24 words have 256 bits of entropy but provide no practical security benefit over 12 words for today's hardware.

12 words vs 24 words: the math

BIP39 generates mnemonic phrases from entropy: 128 bits produces 12 words (plus 4-bit checksum), 256 bits produces 24 words (plus 8-bit checksum). Both are constructed from a 2048-word list using 11 bits per word.

128-bit entropy means 2^128 = 3.4×10^38 possible seeds. Even at 1 billion guesses per second globally, it would take ~10^22 years to exhaust. For context, the universe is ~1.38×10^10 years old.

256-bit entropy (24 words) is astronomically larger: 2^256 = 1.16×10^77. There is no practical security difference between 12 and 24 words against brute force — both are beyond reach. The extra words provide redundancy, not additional protection against guessing.

What happens when you lose words

Losing 1 word: 2048 possibilities. Trivial to recover with any script that checks the checksum. Instant even on a phone.

Losing 2 words: 2048² = 4.2 million possibilities. Recoverable on a CPU in minutes or on a GPU in seconds.

Losing 3 words: 2048³ = 8.6 billion. Feasible with GPU cluster (hours to days). Requires generating BIP39 seeds and checking against known addresses.

Losing 4+ words: 2048⁴ = 17.6 trillion. Impractical without knowing the word positions exactly.

Word position matters: if you know which positions are missing and the remaining words, the problem is simplified. Unknown positions multiply the complexity further.

When recovery is possible

Recovery from a partial seed phrase requires: the correct word positions, a known address (or xpub) to verify against, and compute power proportional to the number of missing words. Services like BTCRecover and seedrecover automate this with GPU acceleration.

Critical: never share your complete seed phrase with anyone. Recovery services that can work with partial phrases (1-2 unknown words) and known addresses are legitimate. Services that want your full seed are scams.

Frequently Asked Questions

Should I use 12 or 24 words?
12 words is sufficient for security against brute force. 24 words provides redundancy — if you lose a few words, a larger fraction is still known. But 24 words is also harder to memorise and more error-prone to write down.
Can a quantum computer break seed phrases?
Yes, theoretically. Shor's algorithm on a sufficiently large quantum computer could derive private keys from public keys. But current quantum computers are decades away from threatening 256-bit elliptic curves. Post-quantum standards are in development.
What if my seed phrase words are in the wrong order?
Much harder. 12 words with unknown order: 12!/(2 × ...) possibilities — computationally feasible with GPU cluster. 24 words in unknown order: 24! ≈ 6.2×10^23 — impossible. Order mistakes are harder to recover than unknown words.
How do recovery services verify a found seed?
By deriving the master public key (xpub) from the candidate seed and comparing addresses against a known address you provide. This can be done offline. The seed never needs to be sent anywhere.

Related references

Reference: layer 2

Have a wallet to recover?

Start with a free analysis. Encryption format is detected, free check runs first. Pay only if recovery succeeds.

Run a free wallet analysis