Does Exodus have a spending password I can recover?

Exodus uses a local password to encrypt the desktop wallet files (seco files under %APPDATA%/Exodus). It is not a spending password in the usual sense — if you lose it but still have the 12-word secret phrase, you can reinstall Exodus on any machine and enter the phrase to regain every address and coin. Password recovery is only meaningful when the phrase is also lost but the encrypted files remain.

Where does Atomic Wallet store its encrypted vault on desktop?

Atomic Wallet stores its IndexedDB blobs in the user profile: on Windows at %APPDATA%/atomic/IndexedDB/file__0.indexeddb.leveldb, on macOS at ~/Library/Application Support/atomic/IndexedDB, and on Linux at ~/.config/atomic/IndexedDB. The encrypted seed material lives inside these LevelDB files under keys that start with data- and are AES-256-CBC encrypted with a key derived from the user password via PBKDF2.

Can I recover a Trust Wallet password without the device?

Trust Wallet is mobile-first and its encrypted keystore is held inside the app sandbox on iOS or Android. Without an unrooted/unjailbroken device, you cannot extract the keystore. If you have the 12 or 24-word recovery phrase, you do not need the password — reinstall the app and restore. If you only have the device PIN/biometric lock and have forgotten it, your only options are iOS Keychain / Android Keystore recovery, which are outside crypto-password scope.

What hashcat modes target Exodus and Atomic Wallet files?

Exodus desktop .seco files correspond to hashcat mode 25400 (Exodus Desktop Wallet up to v24.x, PBKDF2-HMAC-SHA256 with AES-256-GCM). Atomic Wallet files use a custom JSON scheme; there is no official hashcat mode, but btcrecover has native support via the --wallet option. Trust Wallet mobile keystore exports map to mode 11300 (Bitcoin Core) when using the standard dumpwallet flow, but only after extracting the .json export from the device.

Is there any way to bypass the password without brute force?

No. All three wallets use modern authenticated encryption with proper random salts; there is no documented side-channel, backdoor, or version downgrade that bypasses the password. The three realistic paths are: recover the password via GPU attack guided by hints, restore from the seed phrase, or accept the loss.

Exodus, Atomic & Trust Wallet Password Recovery

If you have installed any of these wallets and then forgotten the password you set at first launch, you are probably sitting in front of one of three files: an Exodus .seco vault, an Atomic IndexedDB LevelDB folder, or a Trust Wallet mobile backup. The critical thing to understand up front is that only one of these three is reliably attackable with modern GPU hashcracking, and for the other two the seed phrase is effectively your only recourse. We will walk through each in turn.

Before you spend a cent: if you wrote down your 12 or 24-word recovery phrase when you first created the wallet, stop reading, install any compatible wallet, restore from the phrase, and you are done. The local password only protects the file on disk — the phrase is the master secret for all coins on all chains.

Exodus Desktop — the .seco vault

Exodus has shipped as a desktop multi-chain wallet since 2015 and ported to mobile in 2019. On desktop it stores its state under the user profile folder, and the encrypted secret material lives in files with the .seco extension — short for Secure Container.

Exodus file locations

Windows: %APPDATA%\Exodus\exodus.wallet\
macOS: ~/Library/Application Support/exodus.wallet/
Linux: ~/.config/Exodus/exodus.wallet/

Inside that folder, the files that matter most are seed.seco, passphrase.seco, and info.seco. Copy the entire exodus.wallet folder to an external drive before attempting anything — never work on the live copy.

Each .seco file begins with a fixed magic header, followed by a 32-byte random salt, the PBKDF2 iteration count (usually around 25,000 on older builds, 250,000 on newer 2023+ versions), an initialization vector, the AES-256-GCM ciphertext of the inner JSON, and a 16-byte GCM authentication tag. The KDF is PBKDF2-HMAC-SHA256, which on a single modern GPU gives roughly 200,000 to 2 million candidates per second depending on the iteration count.

# .seco file structure (reverse-engineered from exodus-crypto.js)
[4 bytes]     magic "SECO"
[1 byte]      version
[4 bytes]     kdf_iterations (little-endian uint32)
[32 bytes]    pbkdf2_salt
[12 bytes]    aes_gcm_iv
[N bytes]     aes_256_gcm_ciphertext(plaintext_json)
[16 bytes]    aes_gcm_auth_tag

For extraction, the community tool exodus2john.py ships with John the Ripper's bleeding-jumbo branch and converts seed.seco into a line suitable for hashcat mode 25400:

$ python3 exodus2john.py ~/exodus.wallet/seed.seco > exodus.hash
$ cat exodus.hash
seed.seco:$exodus$1*25000*f3c2a1...*9b8e7d...*aa45...

# Run dictionary + rules attack
hashcat -m 25400 -a 0 exodus.hash rockyou.txt -r OneRuleToRuleThemAll.rule -w 3

# Or mask attack if you remember the shape
hashcat -m 25400 -a 3 exodus.hash "?u?l?l?l?l?l?d?d!"

Exodus is the most tractable of the three wallets precisely because the format is well understood and supported by hashcat. In our experience about 45 % of submitted Exodus vaults with even one useful hint are recovered within a week of GPU time. Random passwords above 10 characters remain effectively impossible.

Atomic Wallet — the IndexedDB LevelDB pile

Atomic Wallet is built on Electron and uses the Chromium IndexedDB API to persist state. That means the encrypted vault is not a single neat file — it is sprinkled across a folder of LevelDB .ldb and .log fragments.

Atomic Wallet data paths

Windows: %APPDATA%\atomic\IndexedDB\file__0.indexeddb.leveldb\
macOS: ~/Library/Application Support/atomic/IndexedDB/
Linux: ~/.config/atomic/IndexedDB/

To extract the encrypted seed you have to walk the LevelDB in read-only mode and locate keys that begin with data-. Each such key's value is a JSON blob containing a cipher, iv, and salt field. The KDF is PBKDF2-HMAC-SHA512 with 5,000 iterations in the older builds and 100,000 in builds after the June 2023 security incident.

# Extract encrypted seed blob from Atomic IndexedDB
pip install plyvel
python3 <<'PY'
import plyvel, json
db = plyvel.DB("IndexedDB/file__0.indexeddb.leveldb", create_if_missing=False)
for k, v in db:
    if k.startswith(b"data-"):
        try:
            rec = json.loads(v.decode('utf-8', errors='ignore'))
            if 'cipher' in rec:
                print(k, rec)
        except Exception: pass
PY

There is no official hashcat mode for Atomic. The practical route is btcrecover with a custom wallet module, or a small Python loop using pycryptodome. On a single RTX 3090 expect about 20,000 to 200,000 candidates per second — an order of magnitude slower than Exodus for the same password entropy. Recovery success rate in our queue sits around 22 %, mostly bounded by the sparse tooling rather than the underlying cryptography.

Trust Wallet — mobile-only and painful

Trust Wallet is fundamentally a mobile application. There is no desktop build, there is no .dat or .json sitting in your profile folder. The encrypted keystore is kept in the app sandbox — /data/data/com.wallet.crypto.trustapp/ on Android, or the application container on iOS — and is protected both by the user-chosen password and by the operating system's Keychain / Keystore.

Reality check:Without a rooted Android device (or jailbroken iOS), you physically cannot copy the keystore out of the sandbox. Even with root, iOS Secure Enclave keys used for biometric binding never leave the phone. Trust Wallet recovery without the seed phrase is, in all practical scenarios, impossible.

The one scenario where Trust Wallet password recovery works: you exported the wallet via the app's Settings → Wallets → three-dot menu → Show Recovery Phrase flow, saved the result as a JSON keystore (this is possible only for specific imported wallets, not for ones created inside Trust), and now hold that JSON file. In that case the file is a standard Web3 Secret Storage v3 keystore and can be attacked exactly like a MetaMask or Ethereum keystore with hashcat mode 15600 (if Scrypt) or 26600 (if PBKDF2).

# Trust Wallet JSON export — identify the KDF first
$ jq '.crypto.kdf' trust-wallet-export.json
"scrypt"          # → hashcat mode 15600 (Ethereum Wallet Presale)
# or
"pbkdf2"          # → hashcat mode 26600 (MetaMask Mobile Vault)

# Extract with ethereum2john.py
python3 ethereum2john.py trust-wallet-export.json > trust.hash
hashcat -m 15600 trust.hash wordlist.txt -r rules/dive.rule -w 3

Which path gives you the best odds?

Wallet	Hashcat mode	GPU speed (3090)	Our success rate
Exodus Desktop .seco	25400	~1.2 MH/s	~45 %
Atomic Wallet IndexedDB	custom (btcrecover)	~0.2 MH/s	~22 %
Trust Wallet JSON (Scrypt)	15600	~8 KH/s	~30 %
Trust Wallet sandbox only	—	unreachable	~0 %

Collecting hints before you submit

For any of the three wallets, the single most important factor determining success is the quality of the hints you provide. A GPU farm can test tens of millions of candidates per second on Exodus, but the candidate universe is infinite and without guidance you will simply not reach your password. Useful hints include:

Approximate password length (within ±2 characters dramatically narrows mask space).
Any base words you tend to reuse — family names, pet names, addresses, band names.
Numeric suffixes you favour: birthdays, years, phone digits, jersey numbers.
Whether you use capital letters at all, and if so, whether at the start or scattered.
Whether you add symbols like ! # $ @ — and at the end or in the middle.
Whether this password is reused anywhere else you could log into (even partial matches help).

When to give up and restore from seed

If you have your 12 or 24-word phrase anywhere — in an old notebook, a safe deposit box, a password manager, an encrypted note, a photo on an old phone — stop the recovery attempt and restore. Every chain's addresses derive deterministically from the phrase. Install Exodus, Atomic, Trust, MetaMask, or any BIP39-compatible wallet, enter the phrase, and watch your coins reappear on every chain you have ever used. The local password you forgot protects only the specific .seco / LevelDB / sandbox on that one device; the phrase is the real key.

Also relevant: our guides on BIP39 seed recovery when words are missing and on MetaMask vault recovery cover the adjacent scenarios — partial phrases and browser-extension keystores.

If you do want professional GPU recovery

If the seed is genuinely gone and you still have the encrypted file, send it to us via our recover page. We accept Exodus .seco files, zipped Atomic IndexedDB folders, and Trust Wallet JSON exports. You pay only if a password is actually recovered — no find, no fee.

Scam warning: so-called "wallet unlock" services that promise guaranteed recovery without GPU time, or that ask for your seed phrase to "verify ownership", are frauds. No legitimate recovery service ever needs your seed. See our scams guide before engaging anyone.

Frequently asked questions

Does Exodus have a "forgot password" option?

No. The application cannot recover the password — it is not stored anywhere server-side. The "I forgot my password" link in the UI simply prompts you to restore from your 12-word secret phrase.

Can I move my Atomic Wallet vault between machines?

Yes — copy the entire atomic folder from %APPDATA%. On the new machine install Atomic, close it, and drop the folder in place before first launch. The same password will unlock it.

Why is Trust Wallet harder than the others?

Because the encrypted keystore is bound to the mobile OS's secure storage (iOS Secure Enclave, Android StrongBox). Even if you extract the file from a rooted phone, some key material is held in hardware and cannot be exported. Always save your seed phrase at setup.

Last updated 2026-04-21. Format notes verified against Exodus 24.x, Atomic Wallet 2.82, and Trust Wallet 8.x mobile.