Part of the CustodyStress archive of observed Bitcoin custody incidents

Technical Recovery

Cases where recovery involved technical analysis of the wallet file, device, or cryptographic material by a specialist.

Technical recovery has a 91% success rate among determinate cases in this archive — the second highest of any active recovery path. Cases involve wallet file reconstruction, forensic storage analysis, and cryptographic key derivation by specialists.

Archive analysis — 40 cases

Outcomes

9% of determinate cases resulted in blocked access — 60 percentage points below the archive-wide average of 69%. 91% resulted in recovered access — above the archive average.

Documentation coverage

43% of cases have indeterminate outcomes — higher than the archive average of 43%.

Custody type

88% of cases involved software wallet, followed by hardware wallet (single key) at 10%.

Primary stress condition

40% of cases involve device loss. Seed phrase unavailable accounts for a further 25%.

Documentation

40% of cases had present and interpretable documentation — yet still produced a blocked or constrained outcome.

Time distribution

Cases span 2011–2023. Only 5% occurred in 2022 or later — concentrated in earlier periods.

Browse archive Archive statistics Scenarios Dependencies About

2

Blocked

0

Constrained

21

Survived

17

Indeterminate

9% of determinate cases resulted in blocked or constrained access.

40 observed cases

Blocked

2 (5%)

Survived

21 (53%)

Indeterminate

17 (43%)

Paste into any article or blog post — source credit is included

<iframe src="https://custodystress.com/embed/recovery-technical-recovery" width="600" height="300" frameborder="0" scrolling="no" style="border:1px solid #eee"></iframe>
<p style="font-size:12px;color:#777;margin-top:4px">Source: <a href="https://custodystress.com/cases/recovery/technical-recovery">Bitcoin Custody Incident Archive</a></p>

Corrupted Bitcoin Core wallet.dat: Encrypted mkey Recovery Without Wallet Access

Software wallet

Indeterminate 2023

A Bitcoin Core user encountered wallet corruption and successfully extracted a 94-digit encrypted master key (mkey) from the damaged wallet.dat file. The user r

Unencrypted 2010 Wallet.dat Corrupted Beyond Recovery

Software wallet

Indeterminate 2022

In March 2022, RBIT777 posted to a Bitcoin forum seeking help recovering a wallet created in 2010 on their hard drive. The wallet had never been encrypted—a com

Physical Hard Drive Damage and wallet.dat Recovery via File Forensics

Software wallet

Indeterminate 2021

In March 2021, a BitcoinTalk user (zzcool) reported that a hard drive containing Bitcoin wallet data had physically fallen and sustained read errors. The device

Electrum Seed Version 18 Password Recovery: btcrecover Incompatibility Resolved

Software wallet

Survived 2019

In December 2019, a BitcoinTalk user (red14159) discovered a wallet.dat file from an Electrum wallet they had lost access to approximately three years earlier.

Bither Desktop Wallet Application Crash: 3-Year Recovery via Password Rediscovery

Software wallet

Survived 2018

Sygun created a Bither wallet in March 2018 holding approximately 0.019 BTC. At an unspecified point, the Bither application ceased launching entirely—double-cl

Ledger Nano S Seed Phrase Transcription Error: Duplicate Words at Positions 9 and 12

Hardware wallet (single key)

Indeterminate 2018

In September 2018, a BitcoinTalk user identified as efreeet reported a custody access failure on a Ledger Nano S hardware wallet. The user had originally genera

Corrupted wallet.dat Recovery from 2009 Hard Drive: Hex Search Method

Software wallet

Indeterminate 2018

In January 2018, a BitcoinTalk user reported discovering a hard drive containing a wallet.dat file created during 2009 Bitcoin mining. The drive had suffered si

Armory Paper Backup Recovery Displays Zero Balance Despite Correct Restoration

Software wallet

Indeterminate 2017

In November 2017, user xTwin25 initiated recovery of Bitcoin holdings stored in Armory, a desktop software wallet. The user possessed a paper backup containing

Mark Frauenfelder's 7.4 BTC: Seed Phrase Discarded by Housecleaner, Recovered via Hardware Vulnerability

Hardware wallet (single key)

Survived 2017

Mark Frauenfelder, editor-in-chief of Boing Boing and Wired contributor, purchased 7.4 Bitcoin in January 2016 for approximately $3,000 and transferred it to a

Institutional lockout — exchange custody (2017)

Exchange custody

Indeterminate 2017

Between 2014 and 2015, the user created cryptocurrency accounts on blockchain.info and retained the mnemonic seed phrases. By December 2017, the user attempted

Wallet.dat Corruption After Accidental Drive Format — Recovery via Data Recovery and Pywallet

Software wallet

Survived 2017

In July 2017, AleksTo, a newcomer to Bitcoin, accidentally formatted their hard drive, destroying the only local copy of their wallet.dat file. The user immedia

Bitcoin-qt wallet.dat Corruption: Passphrase Known, File Unrecoverable

Software wallet

Indeterminate 2017

A BitcoinTalk user identified as 'lolika' posted a recovery request on December 1, 2017, describing a corrupted Bitcoin Core wallet.dat file created between 201

Armory Cold Wallet Restoration Created Unencrypted Wallet With Plaintext Private Keys

Hardware wallet (single key)

Indeterminate 2017

KillerTank maintained Bitcoin in offline cold storage on an air-gapped Raspberry Pi with an 18-word paper backup consisting of 4 random letters per set. In Dece

Corrupted 2013 wallet.dat Recovery via Community-Guided Disk Scanning

Software wallet

Survived 2017

In December 2017, a macOS Bitcoin Core user attempted to restore access to two wallet.dat files created in late 2013. The user had downloaded a contemporary ver

Bitcoin Core Fatal Error After Moving Block Folder: wallet.dat Accessible But Program Won't Launch

Software wallet

Indeterminate 2016

In December 2016, a Bitcoin Core user installed the software on their PC and began purchasing Bitcoin before full blockchain synchronization was complete. Appro

Corrupted Encrypted wallet.dat Recovered via Partition-Level Recovery

Software wallet

Survived 2016

In March 2016, a Bitcoin Core user discovered their only backup of an encrypted wallet.dat file had become corrupted, likely due to improper shutdown of Bitcoin

Bitcoin Core Wallet Corruption: Selective Key Decryption Failure and Community Recovery

Software wallet

Survived 2015

Henke created an encrypted wallet backup on December 20, 2015, containing approximately 4 BTC. After refreshing his Windows 7 system and reinstalling Bitcoin Co

Deleted Temporary Wallet Recovery via Private Key Forensic Extraction

Software wallet

Survived 2015

In September 2015, a Bitcoin user known as dooglus encountered a self-imposed custody failure during a transaction resend operation. After noticing an unconfirm

Recovering Deleted Bitcoin Core wallet.dat via pywallet: Device Loss and Forensic Key Extraction

Software wallet

Survived 2015

Edgar's Bitcoin Core wallet became inaccessible in 2015 when the wallet.dat file was removed from the active system while the Bitcoin Core client remained open.

Hard Drive Format Recovery: 2 BTC Restored via Sector Scanning and wallet.dat Reconstruction

Software wallet

Survived 2015

In approximately 2015, marilyn4325 formatted a hard drive and installed Windows 10, intending to preserve wallet data via backup first. However, the backup beca

20 Bitcoin Wallets Lost to Hard Drive Failure—Manual Recovery via Data Forensics and Private Key Extraction

Software wallet

Indeterminate 2014

In August 2014, Lucky Cris experienced simultaneous hardware failure affecting both primary and external backup drives, rendering all Bitcoin holdings inaccessi

Electrum Wallet Recovery After Seed Backup Loss: electrum.dat File Decryption

Software wallet

Survived 2014

In April 2014, a BitcoinTalk forum user (DarkHyudrA) experienced custody access failure after formatting their personal computer without preserving a backup cop

Electrum Legacy Seed Recovery Failure: 2013–2014 Gift Wallet Inaccessible

Software wallet

Blocked 2013

Between 2013 and 2014, alejandroaa's mother received Bitcoin from a friend and retained three pieces of documentation: a 12-word seed phrase, a 5-letter login c

Bomben Recovers 2013 Bitcoin Wallet Locked by Nonstandard Private Key Encoding

Software wallet

Survived 2013

Bomben created a Bitcoin wallet in 2013 using software that implemented a nonstandard encoding for private keys, diverging from the Wallet Import Format (WIF) s

Bitcoin Core wallet.dat Berkeley DB Corruption (2013–2024): Cross-Platform Recovery

Software wallet

Indeterminate 2013

A Bitcoin user who created a wallet backup in 2014 using Bitcoin Core version 2013 attempted to restore it in March 2024 on a Windows machine running Bitcoin Co

← Previous

1 2

Recovery paths

No Viable Path None Attempted Password Bruteforce Coerced Transfer Exchange Support Unknown Estate Process Legal Proceedings Derivation Path Correction Regulatory Intervention Seed Phrase Located Bankruptcy Claims Process Partial Recovery Only Software Downgrade Vendor Support Alternate Access Route All cases

This archive documents cases where a legitimate owner, heir, or authorized party encountered barriers accessing or recovering Bitcoin due to a failure in the custody arrangement. The central question for inclusion is: did the custody structure fail a legitimate access or recovery attempt?

A case must satisfy all three of the following to be included:

Legitimate access attempt. The person attempting to access or recover the Bitcoin was the owner, a designated heir, an executor, a legal authority, or another party with a legitimate claim — not a thief, attacker, or unauthorized third party.
Custody structure failure. The failure was caused by a property of the custody arrangement — missing credentials, structural dependencies, documentation gaps, knowledge concentration, legal barriers, or institutional constraints — not market conditions, individual-level fraud or theft, or protocol-level issues. Platform-level failures that block legitimate user access are in scope regardless of their cause.
Documentable outcome or access constraint. The case must have a stated or inferable outcome: access blocked, access constrained, access delayed, or access eventually achieved through a recovery path. Cases with entirely unknown outcomes are included only where the structural failure is documented and the constraint is unambiguous.

Owner death or incapacity — Bitcoin held in self-custody that becomes inaccessible to heirs or designated parties because credentials, documentation, or operational knowledge were not transferred
Passphrase loss — BIP39 passphrase forgotten or unavailable, blocking access to a funded wallet even where the seed phrase is present
Seed phrase or wallet backup unavailable — no independent recovery path existed or the backup was destroyed, lost, or never created
Device loss without independent backup — hardware wallet, phone, or computer lost or destroyed with no recovery path outside the device
Documentation absent or ambiguous — heirs or executors cannot determine that Bitcoin exists, which wallet holds it, or how to access it
Knowledge concentration — only one person knew the procedure, passphrase, or access method; that person is dead, incapacitated, or unreachable
Multisig quorum failure — a threshold signature arrangement cannot be completed because signers are unavailable, uncooperative, incapacitated, or have lost their keys
Legal authority / access mismatch — a court order, probate ruling, or power of attorney establishes legal entitlement but provides no technical path to access
Institutional custody barrier — exchange or platform hacks, insolvency, regulatory seizure, or operational failure that caused a access constraint or failure for legitimate users, whether temporary, prolonged, or permanent. The failure of the custodian to remain available or solvent is itself the in-scope event.
Forced relocation or geographic constraint — physical access to a device or location required for recovery is blocked by displacement, border restrictions, or political circumstances
Coercion — the holder was compelled under threat to transfer Bitcoin or disclose credentials during an access event
Hidden asset discovery — heirs or executors locate a wallet or account but cannot access it due to missing credentials or operational knowledge

Market losses, investment losses, yield scheme losses, or Ponzi scheme losses
Hacks or theft targeting an individual's personal security (phishing, SIM swap, social engineering, malware) where the custody architecture itself did not fail
Unauthorized transfers where the holder's custody system was not the cause of the failure
Ordinary transaction mistakes — wrong-address sends, fee errors, mistaken amounts
Protocol-level failures — cryptographic vulnerabilities, consensus bugs, firmware integrity failures
Deliberate burns or tribute burns
Cases where the stated loss is unverifiable and no structural custody failure is described

Cases are drawn from public sources including forum posts, news reporting, court documents, academic research, and direct submissions. Each case is reviewed against the inclusion criteria above before publication. Source material is retained and available on request for documented cases.

The archive is observational and descriptive. It does not attempt to document all Bitcoin custody failures — only those meeting the criteria above with sufficient documentation to describe the structural failure and its outcome.