distribrute.
MetaMask · ETH & EVM chains

Recover a MetaMask wallet.

MetaMask is the popular browser and mobile wallet for Ethereum and other EVM chains. Its keys live in an encrypted "vault" protected by the password you set when you created or imported the wallet.

Recover a MetaMask wallet See the extract
Why people get locked out

This is for a forgotten vault password when you still have the encrypted vault but not the secret recovery phrase. If you still have your recovery phrase you don't need us — you can restore directly. We only help when the password is the one thing standing between you and the vault.

Can we recover it?

Yes. MetaMask is one of the formats that reduces to a check-only extract, so the fleet can test passwords against it safely — finding the password never exposes a key that holds funds. The vault's lock tests quickly on GPUs, so consumer graphics cards are a good fit. You pay 15% only if we recover it, and nothing if we don't.

Recover a MetaMask wallet How recovery works
Under the hood

The MetaMask extract, in detail.

Exactly what the fleet receives for this format — and why finding the password still can't move the funds.

Anatomy of the extract

What leaves your machine — and what never does

For a MetaMask wallet, this is the entire check-only extract the fleet receives. It can test a password, but it can never be turned back into a key that spends.

GPU $metamask$
in the extract
  • the vault salt
  • the IV or nonce
  • the stored iteration count and vault-type flag
  • the first 16 encrypted bytes of the vault
stays on your device
  • the secret recovery phrase and private keys — in encrypted vault bytes that are never sent
  • every account address
  • the rest of the encrypted vault payload
how a guess is checked

The right password decrypts those first encrypted bytes into the start of a JSON-like vault record. That confirms the guess without ever exposing the seed, which lives in vault bytes that were never transmitted.

verifier vault JSON markers such as "type", "version", or "mnemonic"
example extract
illustrative · synthetic
$metamask$<salt-base64>$<iv-base64>$<iterations>$<desktop-or-mobile>$<first-16-encrypted-bytes-base64>

Illustrative and synthetic — the angle-bracket fields are placeholders, not real bytes. The shape carries just enough vault metadata and ciphertext to verify a guess; the seed never appears.

on the wire

Roughly 75 decoded bytes — salt, IV or nonce, iteration count, a small vault-type flag, the first 16 encrypted bytes, and a checksum wrapper. The seed-bearing vault bytes are left out.

password math (KDF)
PBKDF2-HMAC-SHA256 (desktop)

Desktop vaults derive an AES-GCM key with PBKDF2-SHA256, a vault salt, and the stored iteration count — older vaults commonly used 10,000, while newer vaults record higher counts. Legacy mobile vaults use a separate PBKDF2-SHA512/AES-CBC path, so the extract carries a small flag for that case.

how a guess is recognized
vault JSON markers such as "type", "version", or "mnemonic"

The right password decrypts those first encrypted bytes into the start of a JSON-like vault record. That confirms the guess without ever exposing the seed, which lives in vault bytes that were never transmitted.

extract format
$metamask$

An open, published format. The agent checks every job matches it before running — so a real wallet can't be disguised as an extract.

See the full security model, or how a recovery works end to end.

All supported wallets Recover a MetaMask wallet