Install & build
SeedCrypt Recover is distributed as Rust source code only — there are no pre-built binaries. Install Rust (rustup) and build with Cargo. Same instructions are used on macOS, Linux, and Windows.
For air-gapped use, run cargo vendor on a connected machine, then transfer the directory and pass --offline on the air-gapped host.
Global options
| Flag | Description |
|---|---|
| -h, --help | Print help and exit. |
| -V, --version | Print version and exit. |
Subcommands: missing · typo.
missing — Recover N missing words at known positions
Replace each unknown word with ? in the mnemonic. Up to 3 missing words are supported (20484 = 17 billion combinations is impractical). The mnemonic must contain 12, 15, 18, 21, or 24 words total. Without --address, the tool returns the first BIP-39 checksum-valid candidate (cheap but ambiguous). With --address, every checksum-valid candidate is re-derived along all six standard derivation paths (BIP-44/49/84/86 for BTC-likes, m/44'/60' for ETH, m/44'/195' for TRX) and validated against your address.
Flags
| Flag | Type | Default | Description |
|---|---|---|---|
| --mnemonic REQUIRED | string | — | The full mnemonic with ? in place of each unknown word. Single-quote the whole string in your shell to protect spaces. |
| --address OPTIONAL | string | — | Target wallet address. If absent, the tool stops at the first checksum-valid candidate. Strongly recommended: without it, many seeds pass the checksum. |
| --passphrase | string | "" | BIP-39 25th-word passphrase. Empty by default. Case-sensitive; preserves Unicode normalization (NFKD). |
| --account-start | u32 | 0 | First account index to test. Path m/PURPOSE'/COIN'/account'/0/i. |
| --account-end | u32 | 0 | Last account index (inclusive). Increase if your wallet uses multiple accounts. |
| --address-start | u32 | 0 | First address index to test per account. |
| --address-end | u32 | 9 | Last address index (inclusive). Matches btcrecover's --addr-limit default. |
Examples
typo — Fix a single-word typo
All words are present but one is wrong. The tool tries every position × all 2048 BIP-39 words — total ≈ N × 2048 candidates (25 k for a 12-word seed, 49 k for 24 words). Always pair this with --address: without validation, the original (wrong) seed itself passes the checksum and you’d get a false positive.
Flags
| Flag | Type | Default | Description |
|---|---|---|---|
| --mnemonic REQUIRED | string | — | Full mnemonic, all words present. No ? placeholders. |
| --address REQUIRED | string | — | Target wallet address. Required because the original mnemonic is itself checksum-valid most of the time. |
| --passphrase | string | "" | BIP-39 25th-word passphrase, same semantics as in missing. |
| --account-start | u32 | 0 | First account index. |
| --account-end | u32 | 0 | Last account index (inclusive). |
| --address-start | u32 | 0 | First address index per account. |
| --address-end | u32 | 9 | Last address index (inclusive). |
Examples
apple instead of abandon). Runs in <1 s on a modern CPU.Supported addresses (auto-detection)
Pass any of these to --address. The coin and derivation type are inferred from the prefix.
| Prefix | Address kind | Coin / standard |
|---|---|---|
| 1… | P2PKH (legacy) | BTC, BCH, BSV / BIP-44 |
| 3… | P2SH (nested SegWit) | BTC / BIP-49 |
| bc1q… | P2WPKH (Bech32) | BTC native SegWit / BIP-84 |
| bc1p… | P2TR (Bech32m) | BTC Taproot / BIP-86 |
| L… M… | P2PKH / P2SH | Litecoin (LTC) |
| ltc1q… | P2WPKH | Litecoin native SegWit |
| D… | P2PKH | Dogecoin (DOGE) |
| X… | P2PKH | Dash |
| t1… | Transparent P2PKH | Zcash (transparent only) |
| 0x… (40 hex) | Keccak-256 + EIP-55 | Ethereum / EVM (BSC, Polygon, Avalanche-C, Arbitrum, Optimism, Base) |
| T… (34 chars) | SHA3 + Base58Check | Tron (TRX) |
Match is case-insensitive for hex characters. EIP-55 mixed-case is preserved but not enforced. If the prefix isn’t recognized, the command fails fast with "Could not detect address type".
Exit codes & output
0— Recovery succeeded. Prints the full mnemonic, total candidates tested, and elapsed time.0with "No match found" — Search space exhausted with no checksum-and-address match. Try widening--account-end/--address-end, or check the passphrase.1— Invalid input: malformed mnemonic, unknown address prefix, too many?placeholders, etc.
On success, the recovered seed is printed to stdout as a single line. The tool intentionally does NOT write the seed to disk — capture it manually if you need to persist it.
Practical tips
- Always pass
--addresswhen possible — without it,missingstops at the first checksum-valid candidate, which is rarely the right one. - Try the default range first — most wallets use account 0, addresses 0–9 (HD wallets generate fresh receive addresses, so a used wallet typically has index 0 unused but earlier indexes match older receives).
- Use a freshly-booted air-gapped machine for highest-value recoveries. The binary doesn’t need internet at runtime.
- Test before trusting — pair
--mnemonicwith a known seed and known address first, to confirm the build works on your hardware. - Don’t paste your real seed publicly — even when "just for testing". Use the BIP-39 test vector
abandon× 11 +aboutinstead, which derives the public ETH address0x9858EfFD232B4033E47d90003D41EC34EcaEda94.
Out of scope
- Password recovery (the BIP-39
--passphrase): the tool accepts a known passphrase but does not brute-force it. - Non-secp256k1 chains: Solana (ed25519), Cardano (ed25519), Polkadot (sr25519), Cosmos, Stellar, Algorand. Those need separate tooling.
- Hardware-wallet-specific anti-tamper schemes (Trezor SLIP-39 sharding, Ledger Recover, etc.). SeedCrypt Recover only handles standard BIP-39 mnemonics.
- Cracking AES-256-GCM payloads from the SeedCrypt app — that’s the encryption product, not this recovery tool. AES-256-GCM is unbreakable; if you’ve lost the password, no offline tool will recover it.