lost-my-walletrecovery.lab
Recover →
Ethereum keystore · 14 min read

MyEtherWallet (MEW) Keystore Recovery

How to recover a forgotten password on a MyEtherWallet UTC--* keystore — the scrypt parameters MEW chose, the differences between MEWconnect / mnemonic / imported-key flows, hashcat -m 15700 reality check, and the single shortcut that makes the keystore irrelevant if you have the mnemonic.

MyEtherWallet (MEW) was the most popular non-custodial Ethereum wallet from 2016 through 2019 and is still actively maintained. Unlike MetaMask, MEW does not host an in-browser vault — every action requires you to upload the keystore JSON file and type the password. Lose the password and you lose the address. This guide is specifically about MEW keystore files (and the related MEWconnect flow). For a generic Ethereum keystore overview see our Ethereum keystore guide; this one focuses on MEW-specific quirks.

Shortcut check: If you also have the 12 or 24-word mnemonic that MEW showed you when creating the wallet, the keystore password is irrelevant. Import the mnemonic into MEW, MetaMask or Trezor Suite — same address, no brute force needed.

Anatomy of a MEW keystore

MEW uses the standard Ethereum Web3 Secret Storage Definition v3. A typical file from 2018+ looks like this:

{
  "version": 3,
  "id": "8b9b3c8b-1234-4e3a-bfa2-71d29b3d4d8c",
  "address": "abc123...def456",
  "crypto": {
    "ciphertext": "5f2c8b...e9",
    "cipherparams": { "iv": "1d2e..." },
    "cipher": "aes-128-ctr",
    "kdf": "scrypt",
    "kdfparams": {
      "dklen": 32,
      "salt": "9a8b...",
      "n": 262144,
      "r": 8,
      "p": 1
    },
    "mac": "ce8f...8d"
  }
}

Key fields:

  • kdf — almost always scrypt; older MEW exports used pbkdf2 with c=262144 or c=10240.
  • n — scrypt cost factor. MEW defaults to 262144 ("strong"); some exports use 8192 ("weak", chosen for mobile compatibility).
  • mac — Keccak-256 of the second 16 bytes of the derived key concatenated with ciphertext. Used to verify password without decrypting.

Hashcat modes — pick the right one

KDF in JSONHashcat modeRTX 4090 H/sNotes
scrypt N=26214415700~50Default modern MEW
scrypt N=819215700~1,200Mobile-friendly export
pbkdf2 c=26214415600~80,000Older Geth-compatible
pbkdf2 c=1024015600~2,000,000Very old MEW exports

The order-of-magnitude gap between scrypt and PBKDF2 is the single most important fact about MEW recovery — check the JSON before launching anything.

Cracking with hashcat

# Convert keystore to hashcat hash
python3 ethereum2john.py UTC--2018-10-17T...--abc123 > mew.hash

# Inspect mode
head -c 50 mew.hash
# $ethereum$s*262144*8*1*<salt>*<ciphertext>*<mac>     -> mode 15700
# $ethereum$p*262144*<salt>*<ciphertext>*<mac>          -> mode 15600

# Mask attack: you remember the password starts with "Crypto" + year + 1-2 symbols
hashcat -m 15700 -a 3 mew.hash "Crypto201?d?s"

# Tokenlist with btcrecover (better for 'mostly remembered' passwords)
python3 btcrecover.py \
    --wallet UTC--2018-10-17T...--abc123 \
    --wallet-type ethereum \
    --tokenlist tokens.txt \
    --typos 2 --typos-case --typos-capslock --typos-swap

Where to find lost UTC files

MEW does not auto-store keystores anywhere — it triggers a browser download. Common forgotten locations:

  • ~/Downloads/ on the laptop you used in 2017-2019
  • Email attachments to yourself ("backup" subject line)
  • USB sticks labeled "crypto" or "ETH"
  • Old ~/Documents/Wallets/ folders
  • iCloud / Google Drive auto-uploaded Downloads folders
  • Time Machine / Windows Backup snapshots
  • Old phone backups (if you ever opened the file in mobile email)

Search by filename pattern: UTC--* or by extension .json filtered to date range and small file size (1-2 KB).

MEWconnect — different beast

MEWconnect is a QR-pairing flow between the desktop MEW website and the MEW Wallet mobile app. There is no UTC file — the keys live in the mobile app's secure enclave (iOS Keychain / Android Keystore) derived from a 24-word BIP39 mnemonic shown at install. Recovery means one of:

  • You have the phone: open MEW Wallet → settings → reveal mnemonic.
  • You wrote down the mnemonic: import it into any BIP39 wallet to access funds.
  • Neither: funds are unrecoverable. There is no encrypted file artifact on the desktop side.
Famous MEW phishing history: In 2018 attackers BGP-hijacked DNS routes for myetherwallet.com and stole ~$150K in 2 hours. Today, fake MEW sites still appear in Google Ads. Always type the URL manually and verify the certificate. Never paste a keystore into any "recovery service" website — there is no legitimate website-based recovery for unknown passwords. See scam taxonomy.

Recoverable vs not

Recoverable

  • • UTC file + password fragments
  • • PBKDF2 keystore + any reasonable hint
  • • Mnemonic alone (skip keystore entirely)
  • • MEW Wallet mobile app still installed

Not recoverable

  • • Scrypt N=262144 + 16+ char random pwd
  • • Lost UTC file, no mnemonic
  • • MEWconnect with wiped phone, no mnemonic
  • • Address only (no keystore, no seed)

Related guides

Frequently asked questions

What is a UTC keystore file?

A Web3 v3 JSON encrypting a single Ethereum private key with scrypt + AES-128-CTR. Compatible across MEW, MyCrypto, Geth and Parity.

What hashcat mode should I use?

15700 for scrypt, 15600 for PBKDF2. Check the kdf field in the JSON.

Is MEWconnect recoverable?

Only via the mobile app or its 24-word mnemonic. There is no desktop file to brute-force.

Why is MEW scrypt so slow?

N=262144 requires 256 MB per candidate. ~50 H/s on a single RTX 4090. Pure GPU brute force is unrealistic without strong password hints.

I have the mnemonic but forgot the keystore password — now what?

Forget the keystore. Import the mnemonic into any BIP39 wallet — same Ethereum address, no brute force needed.

GPU recovery for MEW keystores

Upload your UTC file and any password fragments. We auto-detect KDF (15600 vs 15700) and route to the optimal attack lane. You pay only on success.

Submit UTC file Free format check