distribrute.
Coinomi · Multi-chain

Recover a Coinomi wallet.

Coinomi is a popular multi-chain mobile and desktop wallet, with a password-encrypted seed protected by a memory-hard lock.

Recover a Coinomi wallet See the extract
Why people get locked out

For a forgotten Coinomi password when you still have the wallet. Its memory-hard lock favors big CPUs.

Can we recover it?

Yes. Coinomi is one of the formats that reduces to a check-only extract, so the fleet can test passwords against it safely — finding the password never exposes a key that holds funds. CPU-optimal — scrypt at Coinomi's parameters rewards memory bandwidth over raw GPU throughput. You pay 15% only if we recover it, and nothing if we don't.

Recover a Coinomi wallet How recovery works
Under the hood

The Coinomi extract, in detail.

Exactly what the fleet receives for this format — and why finding the password still can't move the funds.

Anatomy of the extract

What leaves your machine — and what never does

For a Coinomi wallet, this is the entire check-only extract the fleet receives. It can test a password, but it can never be turned back into a key that spends.

CPU $coinomi$
in the extract
  • the final 32 encrypted bytes of the encrypted master key
  • the scrypt salt
  • the scrypt N, r, and p parameters
stays on your device
  • the rest of the encrypted master key, seed, and private keys — never sent
  • your addresses and balances across chains
how a guess is checked

A correct password derives the scrypt key and decrypts the fragment to the expected padding. The fragment is only a tail of encrypted key material, so it cannot reconstruct the seed or a spendable key.

example extract
illustrative · synthetic
$coinomi$<encrypted-master-key-tail-hex>$<salt-hex>$<n>$<r>$<p>

Illustrative and synthetic — placeholder bytes.

on the wire

32 encrypted bytes plus scrypt salt, parameters, and a checksum wrapper — not enough to reconstruct the master key.

password math (KDF)
scrypt (memory-hard)

Coinomi derives its key with scrypt parameters stored in the wallet, commonly N=16384, r=8, p=1. The memory-hard work makes memory bandwidth dominate, so it is CPU-friendly.

how a guess is recognized
padding / structure check

A correct password derives the scrypt key and decrypts the fragment to the expected padding. The fragment is only a tail of encrypted key material, so it cannot reconstruct the seed or a spendable key.

extract format
$coinomi$

An open, published format. The agent checks every job matches it before running — so a real wallet can't be disguised as an extract.

See the full security model, or how a recovery works end to end.

All supported wallets Recover a Coinomi wallet