Lost 1 or 2 words from your BIP-39 seed phrase? Learn how SeedCrypt's recovery tool brute-forces all valid combinations and validates the SHA-256 checksum to find your missing words — completely offline.
If you have lost your entire seed phrase, recovery is essentially impossible. The number of possible combinations is astronomically large, and no tool can brute-force a full 12 or 24-word phrase. But if you have lost only 1 or 2 words from an otherwise intact BIP-39 seed phrase, the situation is entirely different. Recovery is not only possible — it is fast.
The reason is the checksum. Every BIP-39 seed phrase includes a SHA-256 checksum embedded in the final bits of the last word. This checksum validates the entire sequence: if even a single word is wrong, the checksum fails. SeedCrypt exploits this property by brute-forcing all candidate words in the missing positions and checking each combination against the SHA-256 checksum. Only valid phrases survive the filter.
This means that with 11 out of 12 words (or 22 out of 24), your seed phrase is recoverable. With 10 out of 12, it is still feasible. Beyond that, the search space grows exponentially and recovery becomes impractical.
To understand why recovery works, you need to understand how BIP-39 phrases are constructed. Each word in the phrase corresponds to an 11-bit index into a standardized list of 2,048 words. The phrase encodes a binary string that contains both the entropy (the actual random secret) and a checksum.
For a 12-word phrase: 12 words × 11 bits = 132 bits total. Of these, 128 bits are entropy and 4 bits are the checksum. The checksum equals the first 4 bits of SHA-256(entropy).
For a 24-word phrase: 24 words × 11 bits = 264 bits total. Of these, 256 bits are entropy and 8 bits are the checksum. The checksum equals the first 8 bits of SHA-256(entropy).
When SeedCrypt tests a candidate phrase, it extracts the entropy, computes SHA-256(entropy), and checks whether the checksum bits match. If they do, the phrase is valid. If they don't, it is discarded. For a 12-word phrase, only about 1 in 16 random combinations will have a valid checksum. For 24 words, only about 1 in 256. This dramatically reduces the number of results. For a deeper dive into BIP-39 internals, see our article on BIP39 explained.
SeedCrypt offers two distinct recovery modes depending on what you know about your missing words.
You know all the words you have, but you don't know where the missing ones were in the sequence. Maybe you wrote 11 words on paper and one got smudged beyond recognition, but you are not sure which position it occupied. In this mode, SeedCrypt generates all C(n, k) possible position combinations (where n is the phrase length and k is the number of missing words) and brute-forces each one. For 1 missing word in a 12-word phrase, that means testing all 12 possible positions × 2,048 candidate words = 24,576 combinations. This completes instantly.
You know exactly which slots are empty. Perhaps word #3 and word #9 are missing because of water damage or a torn piece of paper. In this mode, you mark the missing positions with a ? placeholder in the input grid, and SeedCrypt only brute-forces those specific slots. This is faster because it skips the combinatorial position search entirely and goes straight to testing candidate words. For 2 known-position missing words, the search space is exactly 2,048² = 4,194,304 combinations — completed in seconds.
Ctrl+R to jump there directly.?. In Unknown Position mode, enter all the words you have and specify how many are missing.Recovery speed depends on two factors: the number of missing words and whether their positions are known. Here is what to expect:
SeedCrypt uses Dart isolates to parallelize the computation across multiple CPU cores, making the most of your hardware. But the mathematics are clear: each additional missing word multiplies the search space by 2,048. Recovery is fast for 1-2 missing words and feasible for 3 with known positions, but beyond that, the exponential growth makes it impractical.
SeedCrypt runs entirely offline. The recovery computation happens on your device and your device alone. No internet connection is required. No data is transmitted to any server. No analytics, no telemetry, no cloud calls — nothing leaves your machine.
The brute-force computation runs in Dart isolates (lightweight threads) on your local CPU. Your seed phrase, whether partial or complete, never leaves your device. This is not a web-based recovery tool that sends your words to a remote server. It is a native desktop and mobile application with zero network dependencies during recovery.
This offline-first design is not optional — it is the only acceptable architecture for a tool that handles seed phrases. Any tool that asks you to enter seed phrase words into a web form or sends data over the network should be treated as a potential phishing attack.
It is mathematically possible for multiple valid phrases to exist when you are missing words. The BIP-39 checksum is a filter, but it is not unique — for a 12-word phrase, approximately 1 in 16 random combinations will pass the checksum validation. This means that when brute-forcing a missing word, you may get around 2,048 / 16 = 128 valid candidates rather than exactly one.
SeedCrypt shows all valid results, not just the first match. To identify the correct phrase, you will need to check each candidate against your wallet. Import the recovered phrase into your wallet software and see which one matches your known addresses and balances. This step is typically quick — even with dozens of candidates, testing each one takes only seconds.
The more words you provide, the fewer false positives you will encounter. With only 1 missing word, the number of valid results is usually small and manageable. With 2 missing words, you may see more candidates, but the correct one will be the only one that matches your actual wallet.
Losing a word or two from your seed phrase is not the end. Unlike losing an entire phrase — which is irreversible and catastrophic — losing 1 or 2 words is a solvable problem. The BIP-39 checksum gives recovery tools like SeedCrypt a mathematical handle to grab onto, reducing a seemingly impossible search to something that completes in seconds or minutes.
Open SeedCrypt, go to the Recovery screen, enter what you have, and let the brute-force engine find what you are missing. Once recovered, do not make the same mistake twice — encrypt your seed phrase with AES-256-GCM and store the backup securely. SeedCrypt handles both recovery and encryption, entirely offline, on your device.
Your seed phrase is the single point of failure for your entire crypto portfolio. Recover it, encrypt it, and protect it — before the next accident happens.
AES-256-GCM · PBKDF2-SHA512 · No cloud · Windows & Android
Get SeedCrypt from €29