How to recover an Ethereum wallet

By Rainer Wichmann    (last update: Mar 04, 2018) is a web service that lets you create an online wallet which you can use for receiving and sending Ethereum (a cryptocurrency, in case you're unaware of it). claims that you can recover your wallet if the service ever becomes unavailable.

First, as of today (Jul 5, 2017) still works. However, it seems that you cannot sign up for a new account anymore.

Second, while it is true that you can recover the wallet, it will be very difficult once is offline unless you take precautions now (see the warning below).

What do you need for recovery?

The wallet is a two-of-three multisig wallet, which means that is has three owners, and every transaction needs to be authorized by two of these three owners. The three owners are:

  1. The account
  2. Your user account (created for you upon wallet creation)
  3. Your recovery account (created for you upon wallet creation)

In normal operation, you initiate a transaction at the site with your user account, and will confirm it with their account (after it sent you a confirmation SMS and you typed in the received pin).

Without, you would initiate a transaction with one of your two accounts, and confirm it with the other. Because an Ethereum account can be recovered with (only) the private key, what you need is:

  1. The private key of your user account.
  2. The private key of your recovery account
  3. The wallet address (obviously).

WARNING: upon wallet creation, shows you the user account key in encrypted form. The format of that encrypted key is NOT standardized, and other Ethereum software may NOT recognize it. If you want to be sure you can recover your wallet, go to NOW, decrypt your user account key and write it down (in triplicate, if you do it by hand - to guard against typos and bad handwriting).

One of my readers has pointed out that it is possible to decrypt the key also by using the BitGo SDK (see here).

UPDATE: as is currently (2018-03-04) down for several days already, I got several email request for explaining the BitGo SDK key decryption, so I tested it. The procedure as tested (successfully) on Ubuntu 17.10 is as follows:

First, install the BitGo SDK and start the test server on your own machine. To do that, open a terminal and execute the following commands:

    bash$ sudo apt-get install npm git curl
    bash$ npm install bitgo --save
    bash$ cd node_modules/bitgo/bin/
    bash$ ./bitgo-express --debug --port 3080 --env test --bind localhost
    BitGo-Express running
    Environment: test
    Base URI: http://localhost:3080

If you see the output shown below the "./bitgo-express ..." command, the server is running (you can stop it with Ctrl-C, but right now we need it).
The second step is to send the decryption request via HTTP to the server you just started. To do that, open a second terminal window and execute the following commands:

    bash$ PASSWORD='your password'
    bash$ INPUT='your encrypted key'
    bash$ curl -X POST -H "Content-Type: application/json" -d "{ \"password\": \"$PASSWORD\", \"input\": \"$INPUT\" }" http://localhost:3080/api/v1/decrypt

NOTE that you need to escape every quote in the encrypted key by prepending a backslash. The following example is from the BitGo online documentation and demonstrates how to properly escape the quotes. As you can see in the output of the 'curl ...' command, the example key decrypts to 'this is a secret':

    bash$ PASSWORD='password'
    bash$ INPUT='{\"iv\":\"n4zHXVTi/Go/riCP8fNs/A==\",\"v\":1,\"iter\":10000,\"ks\":256,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"zvLyve+4AJU=\",\"ct\":\"gNMqheicMoD8ZmNzRwuQfWGAh+HA933l\"}'
    bash$ curl -X POST -H "Content-Type: application/json" -d "{ \"password\": \"$PASSWORD\", \"input\": \"$INPUT\" }" http://localhost:3080/api/v1/decrypt
    {"decrypted":"this is a secret"}

How to perform the recovery

Once you have the decrypted keys for your accounts, you can then use Parity for accessing the wallet.

  1. Download and install Parity
  2. Start parity and point your browser to http://localhost:8080 for the web interface (this is local on your machine)
  3. Parity will ask you to create an account. You can skip that, but you may want to have a test account.
  4. Import your user account: Accounts -> +Account -> Private Key (enter the decrypted key, prefixed by 0x). Parity will ask for a password and store the key in encrypted form on your disk.
  5. Import your recovery account. Same as above.
  6. Add your wallet: Accounts -> +Wallet -> Watch a wallet. Enter your wallet address (prefixed by 0x).

Parity will show the balance of the wallet, will inform you that the wallet has three owners, and show two of them to be the ones you just imported. If you want to carry out a transaction, first make sure both imported accounts have at least a small positive balance. If the recovery account is empty, transfer some tiny amount to it.

  1. Go to "Accounts", select the wallet, then select "Transfer" from the menu row.
  2. The Sender has to be one of the owners of the wallet.
  3. Parity will inform you that the transaction exceeds the allowed limit and therefore must be confirmed by a second owner. No reason to worry, just go ahead.
  4. Wait for the transaction to finish. Don't expect anything to happen before parity has synced fully, and even then.. well, just wait until parity tells you the transaction has gone through. Get a book and some coffee.
  5. Remember, it takes two transactions to send from the wallet. One to initiate the transfer, one to confirm it by another owner.
  6. Once parity has discovered that the transaction has been done, it will show you that the wallet has a pending confirmation. You can then click on "Confirm", and parity will give you the confirmation dialog for the other account you've imported.
  7. Parity gives you a link to, so if you're impatient you can always check the progress of the transaction there. Parity's view of things may lag way behind... don't know whether there's an option to speed it up.
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.0 Germany License.