We don't recommend passphrases for Unchained vault keys, but if you set one and forgot one, you can still recover your bitcoin.
Warning: If you are reading this article and need to remedy a serious situation, please know the following steps impact the keys securing your bitcoin and missteps have the potential to result in permanent loss of funds.
If you'd like to speak one-on-one with a bitcoin expert to walk through this process, we strongly encourage you to sign up for Premium Support.
Passphrases are a double-edged sword; they may provide some extra security by obfuscating the seed phrase but are often a problematic single point of failure in singlesig wallets. There is no way to recover or reset a lost or forgotten passphrase.
We do not recommend using passphrases for multisig wallets, but if you decided to use one for one of the keys in your multisig setup and can no longer remember it, you can still recover your funds and move them to a new setup with a new key that does not have a passphrase .
Note: A passphrase and a PIN are different. A PIN is commonly used to protect hardware wallets with or without a passphrase. A PIN protects access to the device; it does not protect or change the seed phrase as a passphrase does. If you forgot your PIN, follow our instructions for dealing with that issue.
1. Acquire or reset a replacement device
If you forgot your passphrase, the best thing to do is purchase a replacement hardware wallet in order to generate a new key to perform a key replacement on the Unchained platform. It's generally best to purchase devices directly from the manufacturer. See the full list of hardware wallets that Unchained supports.
Optional: Factory reset an unused device
If you have an old hardware wallet (ensure it is unused and non-compromised before proceeding) that you want to use for replacing the compromised key, you can follow the manufacturer's respective instructions to perform a factory reset.
- Trezor: How to wipe your Trezor Model One
- Trezor: How to wipe your Trezor Model T
- Ledger: Reset Ledger Nano S (Plus) to factory settings
- Ledger: Reset Ledger Nano X to factory settings
2. Initialize device as new or restore seed phrase
Next, initialize the brand new (or newly-reset) device. This generates a new seed phrase which generates the public key that you will upload to the Unchained platform.
Follow the guide from the manufacturer to set up the device as new:
- Trezor: How to setup your Trezor Model One
- Trezor: How to setup your Trezor Model T
- Ledger: Setup Ledger Nano S
- Ledger: Setup Ledger Nano X
- Coldcard: How to setup a Coldcard
Optional: Restore the seed phrase for this key
Importantly, the 24-word seed phrase backup you made for this key, if you have it, is still valid. This will export a different private key without the passphrase, but. you can still use the original seed phrase by itself in place of the key derived from the seed phrase with its passphrase.
If you wish to restore the seed phrase rather than generate a new key entirely, follow the instructions from the corresponding manufacturer:
3. Upload the new key to your Unchained account
Before you can conduct a key replacement, you need to upload the new key.
- Log in to your Unchained account.
- Click Keys from the menu on the left-hand side of your screen.
- Click the Upload New Key button a the top of the screen.
- Use the platform suggestion or enter a custom name for this key and select Next.
- Select the manufacturer of the device you're using.
- On Trezor and Ledger, click Connect to export your public key. On a Coldcard, follow the instructions on the screen to import your public key via microSD card.
- Review the exported public key and select Next.
4. Conduct a key replacement
- Navigate to your keys dashboard.
- Select the key you want to replace.
- Click on Replace Key and author a transaction.
- Select the new key from the Choose Key dropdown menu.
- Verify that you can't sign a transaction via the Can you sign? section toggle.
- When you select that you can't sign, you're saying that you can only provide one signature. This means you will sign with the transaction using the hardware wallet that you did not forget the passphrase for. Unchained will then countersign to provide the second signature, which will successfully replace the key. This requires identity verification.
- Click Replace Key.
- Confirm that you are sure of the change by clicking Replace.
- Sign with the key whose passphrase you didn't forget and record a verification video to approve the key replacement and submit it.
5. Securely store your new hardware wallet and seed phrase
Following operational security best practices, you should securely store the new hardware wallet and seed phrase backup.
Other important maintenance items
Download your wallet configuration file
Your multisig wallet configuration file contains the extended public key information from each device. Therefore, a new wallet constructed with a different key entails a different wallet configuration file.
Remove or adjust any whitelisted addresses
Many exchanges allow or may even require users to verify receive addresses by “white-listing” or “allow-listing” before sending funds. If you have done this, be sure to update white-listed any addresses at your exchange of choice. Your new vault has a unique set of addresses associated with it and bitcoin sent to addresses of old or compromised keys may be lost.
If you followed the above steps correctly, your Unchained vault should be controlled by three new keys: your original non-compromised key, the newly-generated key and associated hardware wallet, and Unchained's key. You can verify this by performing a test withdrawal.