SeedCrypt Recover is a free, open-source Rust CLI tool that brute-forces a missing or mistyped word from a BIP39 seed phrase, validating each candidate against a wallet address you own. Bitcoin, Ethereum, Litecoin, Dogecoin, Tron and more. 100% offline.
You wrote down your 12 or 24-word BIP39 seed but a word is illegible, missing, or you're not sure of one spelling. You still have a wallet address you control. SeedCrypt Recover tries every candidate, derives the HD wallet, and tells you the exact seed when an address matches.
Code, tests, and build instructions are public on GitHub under the MIT license. Every candidate is verified by re-deriving the BIP32/secp256k1 path against the address you provide — there are no false positives. If you have any doubt about handing your seed to a tool, you can read the full source (~600 lines of Rust) or run it air-gapped.
Even though SeedCrypt Recover never sends data over the network, the seed it processes is yours and any compromise of the host machine is a risk. Best practice: run on an air-gapped or freshly-installed laptop, then transfer funds to a brand new wallet immediately after recovery.
Two options: build from source with Cargo (recommended — auditable), or grab a pre-built release from GitHub.
Skip if you already have Rust 1.74+ installed.
Pulls the source from GitHub and compiles a release-mode binary (3 MB, statically linked).
Puts the binary in your ~/.cargo/bin so it's on your PATH as seedcrypt-recover.
Two recovery modes. Both validate candidates against an address you control.
Use ? for each unknown position. Up to 3 missing words supported (anything more is impractical: 20484 = 17 billion candidates).
Tries replacing each position with all 2048 BIP39 words. ~25k candidates total for a 12-word seed — runs in seconds.
Add a BIP39 passphrase, expand the address scan range (for users with many wallets), or specify a non-default account.
All secp256k1-based chains. Auto-detected from address prefix. EVM chains (BSC, Polygon, Avalanche-C, Arbitrum, Optimism, Base) share the same Ethereum address from a given seed.
Out of scope (different elliptic curve): Solana, Cardano, Polkadot, Cosmos, Stellar. Those use ed25519 / sr25519 — separate tooling needed.
Times measured on a modern 8-core CPU with one address checked per candidate. The hot path (elliptic-curve math) uses Bitcoin Core's libsecp256k1 via FFI — same library as Bitcoin Core itself.
| Scenario | Candidates | Wall time |
|---|---|---|
| 1 missing word | 2 048 | < 1 sec |
| 1 typo (12-word seed) | 24 576 | 5–15 sec |
| 1 typo (24-word seed) | 49 152 | 10–30 sec |
| 2 missing words (favourable indices) | ~200 000 | 30–90 sec |
| 2 missing words (worst case) | ~4 million | 5–15 min |
| 3 missing words | ~8 billion | hours / days |
The SeedCrypt app focuses on encrypting your seed before you ever lose part of it. Recovery is a different problem — it needs raw CPU performance, native code, and a CLI workflow. Bundling that inside the app would have meant compromising on either speed or simplicity. Splitting it out gives you a small, auditable, fast Rust binary that you can run air-gapped, while keeping the SeedCrypt app focused on what it does best.
The reference implementation in this space is btcrecover by 3rdIteration / gurnec — Python-based, mature, broad coverage. SeedCrypt Recover is a focused subset rewritten in Rust with a smaller binary, more coins out of the box, and zero Python dependency. Use whichever fits.
Free, open-source, MIT licensed. Audit the code, build it yourself, run it offline.
github.com/femto7/seedcrypt-recover