Wasabi Wallet Password Recovery — .ckf File Decryption Guide

Q: Where does Wasabi Wallet store its encrypted wallet file?

Wasabi stores wallet files with .ckf extension (Cold Wallet File) inside the Wallets folder of its data directory. On Windows this is %APPDATA%/WalletWasabi/Client/Wallets/, on macOS ~/.walletwasabi/client/Wallets/, on Linux ~/.walletwasabi/client/Wallets/.

Q: What encryption does Wasabi Wallet use?

Wasabi uses a password-derived key that wraps the wallet's master private key. The encryption is based on PKCS#12/PFX standards with PBKDF2 key derivation. The .ckf file contains the encrypted wallet JSON, and the password is required to decrypt the master secret. There is no officially documented hashcat mode; extraction typically involves custom Python scripts or btcrecover with a Wasabi module.

Q: Is Wasabi wallet password recovery possible without the .ckf file?

No. The encrypted wallet is stored only in the .ckf file on your local machine. If the Wasabi data directory was deleted and you do not have the 12 or 21-word recovery phrase, the funds cannot be recovered.

Q: Does Wasabi Wallet use Tor?

Yes. Wasabi Wallet is designed with privacy as a core feature and routes all network traffic through Tor by default. This does not affect the local wallet encryption or password recovery process — the wallet file on disk is still a standard encrypted container that can be attacked offline.

Q: Can I recover if I have the Wasabi seed phrase but forgot the password?

Yes. Wasabi uses BIP39-compatible seed phrases. If you have the 12 or 21-word phrase, uninstall Wasabi, reinstall, and choose 'Restore Wallet.' Enter the seed words and a new password. You do not need the old password.

Wasabi Wallet is a Bitcoin-focused, privacy-first wallet that routes all traffic through Tor and uses Chaumian CoinJoin for trustless mixing. Unlike general multi-chain wallets, Wasabi is Bitcoin-only and designed with strong privacy guarantees. Its wallet encryption, however, follows a relatively standard pattern: a password-derived key protects the master private key inside a .ckf file.

Before you do anything else: If you have your Wasabi 12-word or 21-word recovery phrase written down, install a fresh copy of Wasabi, choose Restore Wallet, enter the phrase, and set a new password. The old password only protected the local .ckf file — the seed phrase is the master backup.

About Wasabi Wallet

Developed by zkSNACKs, Wasabi Wallet launched in 2018 as one of the first Bitcoin wallets with built-in CoinJoin functionality. Its key features include:

Chaumian CoinJoin — trustless Bitcoin mixing through the WabiSabi protocol
Tor by default — all network traffic routes through the Tor network
BIP39 seed phrases — standard 12 or 21-word recovery phrases
.ckf wallet files — encrypted wallet containers stored locally
Hardware wallet support — ColdCard, Trezor, and Ledger compatible

Wasabi Wallet encryption details

Parameter	Details
Wallet file format	.ckf (Cold Key File) — JSON with encrypted fields
KDF	PBKDF2-HMAC-SHA256 (PKCS#12-derived)
Encrypted content	BIP39 seed + HD wallet master key
Hashcat mode	No official mode — custom Python / btcrecover
Seed format	BIP39 (12 or 21 words)
Network	Bitcoin MainNet / TestNet

Locating the Wasabi wallet file

Wasabi Wallet data paths

Windows: %APPDATA%\WalletWasabi\Client\Wallets\
macOS: ~/.walletwasabi/client/Wallets/
Linux: ~/.walletwasabi/client/Wallets/

Wallet files have the .ckf extension and are named after the wallet label you chose at creation. Copy the entire WalletWasabi folder before attempting any extraction.

Extracting the encrypted seed

The .ckf file is a JSON document with encrypted fields. The most important field isEncryptedSeed, which contains the BIP39 seed encrypted with the password-derived key:

# Inspect a Wasabi .ckf wallet file
$ cat MyWasabiWallet.ckf | python3 -m json.tool
{
  "EncryptedSeed": "MIIGrTBX...base64...",
  "ChainCode": "A8f...base64...",
  "MasterKeyFingerprint": "a1b2c3d4",
  "SegwitExtPubKey": "zpub...",
  "AccountKeyPath": "m/84'/0'/0'",
  "Network": "MainNet",
  "CreationTime": "2025-03-15T10:30:00Z"
}

# The EncryptedSeed field is a PKCS#12/PFX blob
# Extract it to a binary file for analysis:
python3 -c "
import json, base64
with open('MyWasabiWallet.ckf') as f:
    data = json.load(f)
raw = base64.b64decode(data['EncryptedSeed'])
with open('encrypted_seed.pfx', 'wb') as out:
    out.write(raw)
print(f'Extracted {len(raw)} bytes of PKCS#12 data')
"

Attacking the encrypted seed

Wasabi uses a PKCS#12 (PFX) container to encrypt the seed material. The password is converted to a key via PKCS#12's key derivation (which uses multiple rounds of SHA-1 or SHA-256 depending on the build). There is no dedicated hashcat mode, so the attack options are:

# Option 1: Use btcrecover with custom Wasabi module
# (if available in your btcrecover build)
python3 btcrecover.py \
    --wallet-type wasabi \
    --wallet MyWasabiWallet.ckf \
    --passwordlist candidates.txt \
    --typos-capslock --typos-case

# Option 2: Custom Python attack script
pip install pycryptodome pyopenssl

python3 << 'PY'
import json, base64
from OpenSSL import crypto

# Load the encrypted PKCS#12 blob
with open("MyWasabiWallet.ckf") as f:
    data = json.load(f)
pfx_data = base64.b64decode(data["EncryptedSeed"])

# Try each candidate password
with open("candidates.txt") as f:
    for line in f:
        pw = line.strip()
        try:
            pfx = crypto.load_pkcs12(pfx_data, pw)
            # If we get here, the password is correct
            print(f"PASSWORD FOUND: {pw}")
            break
        except (crypto.Error, Exception):
            pass
PY

# Option 3: Extract hash for John the Ripper
# (if a Wasabi-specific format exists in your JtR build)
python3 wasabi2john.py MyWasabiWallet.ckf > wasabi.hash
john wasabi.hash --wordlist=candidates.txt

Recovery feasibility

Feasible

• Short password (<10 chars) with known patterns
• Password reused from other accounts
• You remember most characters and the structure
• The .ckf file is intact

Difficult

• Long random password from a password manager
• No .ckf file (deleted after uninstall)
• No memory of password structure
• Wasabi was used exclusively with hardware wallet (no local seed)

Step-by-step recovery guide

Do not uninstall Wasabi. Find the .ckf file first — once the app is gone and the data directory cleaned, the file is unrecoverable.
Back up the entire WalletWasabi directory to external storage.
Identify your .ckf file — it will be named after your wallet label (e.g.,MyWallet.ckf).
Extract the EncryptedSeed field and save it as a binary PFX blob.
Build a candidate wordlist from your password habits. Wasabi is often used by privacy-conscious users who may have distinctive password patterns.
Run btcrecover or custom Python scripts against the extracted blob. Use GPU where possible for PBKDF2 acceleration.
If unsuccessful, submit the .ckf file to a professional recovery service. We have custom tooling for Wasabi's PKCS#12 encryption scheme.

Lost your Wasabi password?

Send us your .ckf file and we will run custom PKCS#12 decryption attacks against it. You only pay if we recover the password.

Submit Wasabi wallet Free format check

Related guides

Bitcoin Core wallet.dat recovery — the most common Bitcoin wallet format.
Electrum wallet password recovery — another Bitcoin-focused wallet with different encryption.
Hardware wallet recovery — if you used Wasabi with a ColdCard/Trezor/Ledger.

Frequently asked questions

Where does Wasabi Wallet store its encrypted wallet file?

In %APPDATA%/WalletWasabi/Client/Wallets/ on Windows, ~/.walletwasabi/client/Wallets/ on macOS/Linux. Files have .ckf extension.

What encryption does Wasabi Wallet use?

Wasabi uses PKCS#12/PFX-based encryption with PBKDF2 key derivation. The EncryptedSeed field contains the BIP39 seed material protected by the password.

Is Wasabi wallet password recovery possible without the .ckf file?

No. The encrypted seed only exists in the .ckf file on your local machine. Without it, only the BIP39 recovery phrase can restore access.

Does Wasabi Wallet use Tor?

Yes, Tor is mandatory for Wasabi. This affects network connections but has no bearing on local wallet file encryption or password recovery.

Can I recover if I have the Wasabi seed phrase but forgot the password?

Yes. Wasabi uses BIP39 seed phrases. If you have the 12 or 21 words, reinstall Wasabi, choose Restore Wallet, and enter the phrase. Set a new password and you are done.