Electrum Wallet Password Recovery — Technical Guide (1.x, 2.x, 3.x, 4.x)

Q: Do I need my Electrum seed phrase to recover the password?

No — the seed phrase and the wallet password are independent. The seed phrase alone can reconstruct all your private keys without the password. The password is only needed to open the encrypted wallet file on disk. If you have the seed, you do not need password recovery at all; just create a new wallet with Electrum and restore from the seed.

Q: What is the hashcat mode for Electrum?

Hashcat supports Electrum through modes 16600 (Electrum wallet 1.x - 3.x), 21700 (Electrum wallet 4.x standard), 21800 (Electrum wallet 4.x encrypted with 2FA/hw). Each targets a different wallet storage format introduced in the matching Electrum release.

Q: Can btcrecover recover my Electrum password if I have the seed?

Yes — this is called a seed-backed attack. Because btcrecover can derive the master public key from your seed, it can check each candidate password by attempting to decrypt the wallet file and compare the derived xpub against the one computed from the seed. This is dramatically faster than trying every candidate against the full file.

Q: What is the difference between Electrum 1.x, 2.x, 3.x, and 4.x wallet formats?

Electrum 1.x uses a JSON file with AES-256-CBC encryption of individual fields. Electrum 2.x introduced a new JSON schema and HD wallets with BIP32. Electrum 3.x added segwit support and refined the encryption wrapper. Electrum 4.x introduced a new fully-encrypted wallet container where the whole file is one AES-256-CBC blob prefixed with an ephemeral ECIES key.

Q: Is Electrum password recovery realistic for random passwords?

Electrum uses PBKDF2 with only 1024 iterations in many versions, so per-guess cost is lower than Bitcoin Core. A GPU can check 1-5 million candidates per second. Still, a random 10-character password has 10^18 combinations — unrecoverable without hints. Recovery succeeds when users remember fragments, length, or pattern.

Electrum is the most popular lightweight Bitcoin wallet and has been shipping since late 2011. If you have an old default_wallet, electrum.dat, or a JSON file from Electrum 2.x–4.x, and you have forgotten the password that encrypts it, this guide explains exactly what is recoverable and what is not.

Before you do anything else: if you have your 12-word or 13-word Electrum seed written down, you do not need password recovery at all. Create a new wallet and restore from the seed — funds will appear. The wallet password only protects the file on disk; the seed is the actual master secret.

Seed vs. password — the distinction that saves lives

This is the most common misunderstanding in Electrum recovery, and it is worth stating bluntly:

Seed phrase (12/13 words)

The master secret. Can reconstruct every private key, every address, every transaction history. If you have this written down, the password does not matter — restore in a new wallet.

Wallet password

Only protects the file on disk. Losing the password does not mean losing the funds — it means losing access to that specific file. Without the seed, however, recovering the password is the only path back in.

Electrum wallet file format — a version-by-version tour

Electrum has gone through four major format revisions. The location of the password-encrypted data — and thus the hashcat mode you need — depends on which version created the file.

Electrum 1.x (2011–2015)

Python pickle format, single file on disk usually at ~/.electrum/wallets/electrum.dat. When encrypted, only the master private key seed field is protected with AES-256-CBC; other fields (addresses, history) are in clear text. KDF is PBKDF2-HMAC-SHA256, 1024 iterations, no salt in early builds.

Electrum 2.x (2015–2017)

Switched to JSON. Introduced HD wallets (BIP32). Seed format switched to Electrum's custom 132-bit version (12 words, CSPRNG drawn from a 2048-word list; distinct from BIP39). Encryption still only applies to the seed and master private key fields. Keystore JSON object:

{
  "keystore": {
    "type": "bip32",
    "xpub": "xpub6...",
    "xprv": "Q2FzdCBhZWlfM...==",     // base64, AES-256-CBC encrypted
    "seed": "Q2FzdCBhZWlfU2...==",     // base64, AES-256-CBC encrypted
    "passphrase": ""
  },
  "use_encryption": true,
  "wallet_type": "standard"
}

Electrum 3.x (2017–2020)

Same JSON schema as 2.x but added SegWit (p2wpkh, p2wpkh-p2sh) and multi-signature keystores. Encryption wrapper unchanged. Hashcat mode 16600 handles all of 1.x, 2.x, 3.x.

Electrum 4.x (2020–today)

Introduced a new whole-wallet encryption mode. The entire JSON file becomes one AES-256-CBC blob prefixed by an ephemeral ECIES public key (33 bytes, compressed secp256k1). The password derives a symmetric key via PBKDF2-HMAC-SHA512, 1024 iterations, which decrypts the ephemeral key, which decrypts the body. Hashcat mode 21700 targets this format.

# Hex dump of an Electrum 4.x encrypted wallet (first bytes)
02 5e a1 ... 33 bytes compressed secp256k1 pubkey
[ AES-256-CBC(json_body) with iv derived from pubkey ]
[ HMAC-SHA256(ciphertext) as integrity tag ]

Extracting the hash for hashcat

Before hashcat can attack the file, you must convert it to the hash format it expects. The tooling depends on version:

Electrum version	Hashcat mode	Extraction tool
1.x, 2.x, 3.x (keystore)	16600	electrum2john.py
4.x (wallet file v1)	21700	electrum2john.py / manual
4.x (wallet file v2, HW/2FA)	21800	manual hex extraction

For 2.x/3.x, electrum2john.py (from the John the Ripper source tree under run/) reads the JSON file, locates the encrypted seed or xprv field, and outputs:

$ python3 electrum2john.py default_wallet
default_wallet:$electrum$1*3c6d...40hex...*2fa0...28hex...

# For Electrum 4.x v1 (mode 21700)
$ python3 electrum2john.py my_encrypted_wallet
my_encrypted_wallet:$electrum$4*02a91b...*3ffe1c...*9c8e7d...*c4aa21...

Running hashcat against the extracted hash

# Electrum 2.x / 3.x dictionary + rules
hashcat -m 16600 -a 0 electrum.hash rockyou.txt -r OneRuleToRuleThemAll.rule

# Mask attack — you remember the password starts with an uppercase + 5 lowercase + 2 digits
hashcat -m 16600 -a 3 electrum.hash "?u?l?l?l?l?l?d?d"

# Electrum 4.x wallet
hashcat -m 21700 -a 0 electrum4.hash custom-dict.txt -r dive.rule

# Hybrid: dictionary + 4-digit year suffix
hashcat -m 16600 -a 6 electrum.hash personal-words.txt ?d?d?d?d

# Increment masks — try lengths 6..12
hashcat -m 16600 -a 3 electrum.hash --increment --increment-min 6 --increment-max 12 ?1?1?1?1?1?1?1?1?1?1?1?1 -1 ?l?u?d

The btcrecover seed-backed attack (game changer)

If you have the seed phrase and the password, you do not need recovery — but there is a third scenario that ships users to us constantly: partial seed + forgotten password + still-encrypted wallet file. Maybe you wrote down only 10 of the 12 words, or you have the seed but suspect a typo. In that case, btcrecover's seed-backed attack lets you use what you know from one side to accelerate the other.

The trick: given a candidate password, decrypt the xpub from the wallet and compare it to the xpub derived from the candidate seed. xpub derivation from a seed is milliseconds; AES-CBC of 32 bytes is microseconds. This is orders of magnitude faster than end-to-end wallet opening.

# btcrecover: password attack against an Electrum wallet with known seed
python3 btcrecover.py \
    --wallet default_wallet \
    --passwordlist candidate-passwords.txt \
    --typos-capslock --typos-case \
    --dsw

# Or: recover missing seed words, given the password
python3 seedrecover.py \
    --wallet-type electrum2 \
    --mnemonic-length 12 \
    --addrs bc1q... \
    --addr-limit 10

GPU speeds — what to expect

GPU	Mode 16600 (Electrum 1-3)	Mode 21700 (Electrum 4)
RTX 4090	~9,500,000 H/s	~2,400,000 H/s
RTX 3090	~5,800,000 H/s	~1,550,000 H/s
CMP 90HX	~4,200,000 H/s	~1,100,000 H/s
RTX 3060 Ti	~2,100,000 H/s	~540,000 H/s

Electrum's KDF is much weaker than Bitcoin Core's (1,024 rounds vs 25,000–200,000), so per-guess throughput is roughly 50–100× faster. Despite that, a truly random 11+ character password is still mathematically infeasible to brute-force.

What's realistically recoverable

Feasible

• Any password under 10 characters with some structure
• You remember 60%+ of the characters
• Password is a dictionary word + year / symbol
• Password was one of a short list you reused in 2014–2018
• You have seed phrase + forgotten password (seed-backed attack)

Effectively impossible

• Diceware / KeePass generated 14+ char passwords
• Random base64 / hex strings
• You remember nothing about the password
• File is not actually an Electrum wallet (corrupted JSON)

Step-by-step: what to try before paying anyone

Search your machine for text files named passwords.txt, keepass.kdbx, or old note-taking app exports. Many users find the password this way.
Check your browser-saved passwords. Chrome / Firefox / Safari sometimes saved the Electrum password if you had it in a web form long ago.
Reinstall Electrum, open the wallet file, and try every password you can remember. Electrum rate-limits attempts only lightly — you can try thousands per day manually.
Build a candidate wordlist from your life: names, dates, pets, places, variations with leetspeak and symbols. Feed it to btcrecover locally on CPU.
If still stuck, hand the wallet file (never the seed) to a GPU recovery service. We run mode 16600 / 21700 against tuned wordlists and custom rules 24/7.

Related guides

Bitcoin Core wallet.dat recovery — different format, different hashcat mode, slower KDF.
BIP39 seed recovery with missing words — if you have partial seed.
Ethereum keystore JSON recovery — for MyEtherWallet / Geth files.
Crypto wallet recovery scams guide — avoid fake "wallet rescuers".

Frequently asked questions

Do I need my Electrum seed phrase to recover the password?

No — seed and password are independent. If you have the seed, you do not need password recovery. Restore from seed into a new wallet and the funds will appear. The password only protects the file on disk.

What is the hashcat mode for Electrum?

Mode 16600 for Electrum 1.x–3.x keystore-encrypted wallets. Mode 21700 for Electrum 4.x whole-wallet encryption. Mode 21800 for Electrum 4.x with 2FA / hardware wallet integration.

Can btcrecover recover my Electrum password if I have the seed?

Yes, via a seed-backed attack: each candidate password is verified by decrypting the xpub and comparing against the xpub derived from the seed. Much faster than full wallet opening per guess.

What is the difference between Electrum 1.x, 2.x, 3.x, and 4.x wallet formats?

1.x: Python pickle with field-level encryption. 2.x: JSON, HD wallets (BIP32), field-level encryption. 3.x: JSON + SegWit. 4.x: whole-file ECIES+AES-256-CBC encryption container.

Is Electrum password recovery realistic for random passwords?

Only when there is structure to exploit. The KDF is weak (1024 PBKDF2 rounds) so GPUs run millions of guesses per second — but the search space of a truly random 11-char password is 10^18. Hints are what make recovery possible.

Ready to try Electrum recovery?

Upload your wallet file, list the password hints you remember, and pay only if we find it. GPU farm attacks Electrum 1.x through 4.x.

Submit Electrum wallet Free format check