($200 reward) Phantom Wallet seed phrase recovery

[cyclone]

...
After some other research, i heard about the "Metamask vault decryptor", which is a tool that can decrypt those type of encrypted data by using the wallet password but unfortunately it works only with Metamask wallet.
...

I have written several extractor/decryptor tools for crypto wallets including Metamask, Atomic, and Phantom. Yesterday, I publicly released the Phantom Extractor / Decryptor code on github which supports the new wallet version like your example.
https://github.com/cyclone-github/phantom_pwn

Feel free to contact me if you need the seed phrase decrypted. It's a process, but doable. 

For clarity, the python3 scripts posted by bingussssssss seem to work fine with the previous version of Phantom wallets, but not the newer wallets which have 4x encrypted json strings.

Old Phantom Wallet:

Code:

encryptedMnemonic | {"expiry":{digits},"value":"{\"encrypted\":\"{base58_string}\",\"nonce\":\"{base58_string}\",\"kdf\":\"pbkdf2\",\"salt\":\"{base58_string}\",\"iterations\":10000,\"digest\":\"sha256\"}"}

New Phantom Wallet:

Code:

{"encryptedKey":{"digest":"sha256","encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}

[bingussssssss]

...
After some other research, i heard about the "Metamask vault decryptor", which is a tool that can decrypt those type of encrypted data by using the wallet password but unfortunately it works only with Metamask wallet.
...

I have written several extractor/decryptor tools for crypto wallets including Metamask, Atomic, and Phantom. Yesterday, I publicly released the Phantom Extractor / Decryptor code on github which supports the new wallet version like your example.
https://github.com/cyclone-github/phantom_pwn

Feel free to contact me if you need the seed phrase decrypted. It's a process, but doable. 

For clarity, the python3 scripts posted by bingussssssss seem to work fine with the previous version of Phantom wallets, but not the newer wallets which have 4x encrypted json strings.

Old Phantom Wallet:

Code:

encryptedMnemonic | {"expiry":{digits},"value":"{\"encrypted\":\"{base58_string}\",\"nonce\":\"{base58_string}\",\"kdf\":\"pbkdf2\",\"salt\":\"{base58_string}\",\"iterations\":10000,\"digest\":\"sha256\"}"}

New Phantom Wallet:

Code:

{"encryptedKey":{"digest":"sha256","encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}

Thanks for bringing this up -- I'll see if I can get some scripts working for this type as well.

question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL?

[cyclone]

question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL?

The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn

[bingussssssss]

question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL?

The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn

wonderful, thank u

[BloodElf808]

...
After some other research, i heard about the "Metamask vault decryptor", which is a tool that can decrypt those type of encrypted data by using the wallet password but unfortunately it works only with Metamask wallet.
...

I have written several extractor/decryptor tools for crypto wallets including Metamask, Atomic, and Phantom. Yesterday, I publicly released the Phantom Extractor / Decryptor code on github which supports the new wallet version like your example.
https://github.com/cyclone-github/phantom_pwn

Feel free to contact me if you need the seed phrase decrypted. It's a process, but doable. 

For clarity, the python3 scripts posted by bingussssssss seem to work fine with the previous version of Phantom wallets, but not the newer wallets which have 4x encrypted json strings.

Old Phantom Wallet:

Code:

encryptedMnemonic | {"expiry":{digits},"value":"{\"encrypted\":\"{base58_string}\",\"nonce\":\"{base58_string}\",\"kdf\":\"pbkdf2\",\"salt\":\"{base58_string}\",\"iterations\":10000,\"digest\":\"sha256\"}"}

New Phantom Wallet:

Code:

{"encryptedKey":{"digest":"sha256","encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}

Sent you a DM!

[jakezain]

question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL?

The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn

Hello mate, i know this is a few months old but i wanted to know whether it is possible to recover the 12 words if you have forgotten your password ? as most scripts i see use your initial password. I have forgotten my password but was able to retrieve the encrypted key since its the same device.

[cyclone]

question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL?

The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn

Hello mate, i know this is a few months old but i wanted to know whether it is possible to recover the 12 words if you have forgotten your password ? as most scripts i see use your initial password. I have forgotten my password but was able to retrieve the encrypted key since its the same device.

The first step in recovering the seed phrase is recovering the password. Check out my phantom_pwn toolset and writeup on github as it will lead you in the right direction.

[jakezain]

question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL?

The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn

Hello mate, i know this is a few months old but i wanted to know whether it is possible to recover the 12 words if you have forgotten your password ? as most scripts i see use your initial password. I have forgotten my password but was able to retrieve the encrypted key since its the same device.

The first step in recovering the seed phrase is recovering the password. Check out my phantom_pwn toolset and writeup on github as it will lead you in the right direction.

sent you a dm regarding this!

[John10101]

Hey man, I totally get how stressful this must be. Losing access to a wallet, especially with that much money in it, is frustrating. I've done some digging, and here's what I found that might help you recover your Phantom Wallet:

1️⃣ First, Check If Phantom is Still Storing Your Wallet Locally

Phantom usually keeps your encrypted seed phrase in the browser extension files. Since you already found the .ldb file, let's try decrypting it.

You can try locating the wallet storage files manually:

On Windows, check:

C:\Users\YourUsername\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa

(Replace YourUsername with your actual Windows username.)

On Mac, check:

~/Library/Application Support/Google/Chrome/Default/Local Extension Settings/bfnaelmomeimhlpmgjnjophhpkkoljpa


If you still have files in there, your wallet might still be recoverable without needing the seed phrase.


---

2️⃣ Decrypt Your Encrypted Seed Phrase

Since you already have the encrypted seed phrase, you need to decrypt it using your wallet password.

Unfortunately, Phantom doesn’t have an official decryption tool like MetaMask, but there is a way to do it manually.

Option A: Try Phantom’s Built-in Recovery (If Available)

Reinstall the Phantom extension from the official site.

Click "Restore Wallet".

Instead of entering a seed phrase, try entering your wallet password and see if it auto-restores.


Option B: Decrypt Using a Python Script

Since Phantom uses PBKDF2 encryption, you can try decrypting it yourself using this Python script:

import json
import base64
import hashlib
from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2

# Paste your encrypted data here
encrypted_data = {
    "digest": "sha256",
    "encrypted": "wFCwaUXv2nCNS1vBcuZiXnhS1hNK2e5ZerPTWz1Nst37x64WQBmMS1QWuetdp3X4P",
    "iterations": 10000,
    "kdf": "pbkdf2",
    "nonce": "2AeSHJN3yAviUqmg3AGqRjdZEAjX7mAq4",
    "salt": "q9FJnyK8eaQPEz7XsNgUT"
}

# Replace with your wallet password
wallet_password = "YOUR_PASSWORD_HERE"

# Decode nonce and salt
nonce = base64.b64decode(encrypted_data["nonce"])
salt = base64.b64decode(encrypted_data["salt"])
encrypted_seed = base64.b64decode(encrypted_data["encrypted"])

# Derive key using PBKDF2
key = PBKDF2(wallet_password, salt, dkLen=32, count=encrypted_data["iterations"], hmac_hash_module=hashlib.sha256)

# Decrypt using AES-GCM
cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
decrypted_seed = cipher.decrypt(encrypted_seed)

# Convert to UTF-8
seed_phrase = decrypted_seed.decode("utf-8")

print("Your decrypted seed phrase:", seed_phrase)

How to Use It:

1. Copy and paste this script into a Python environment (like VS Code or a Python terminal).


2. Replace YOUR_PASSWORD_HERE with your actual Phantom wallet password.


3. Run the script.


4. If successful, it will print your real seed phrase.


5. Enter this phrase into Phantom to recover your wallet.




---

3️⃣ Try Contacting Phantom Support

If all else fails, you can reach out to Phantom Support:
👉 https://help.phantom.app

Make sure to explain the issue clearly. They won’t ask for your password or seed phrase, but they may help if your wallet is still stored locally.


---

🚨 Important Warnings

Never share your seed phrase with anyone, even if someone offers to "recover" it for you.

Only run decryption scripts on your own computer (not online).

Double-check the Phantom extension URL before reinstalling (only download from phantom.app).



---

Hope this helps! Let me know if you get stuck. Wishing you the best in recovering your wallet!