Aixa@aixarizzo
there’s a wallet i used to own with money in it and i can’t access it anymore
don’t ask me why. long story and an NDA...
someone sent me money there by accident
i hadn’t used that wallet for more than a year. i store my seeds safely, but somehow i didn’t have the one for that specific address.
the weird part is that i’m almost sure it was just a normal metamask account created with the “create account” button.
so i decided to go full detective:
first thing i checked was whether that wallet had ever existed inside my computer. metamask stores its encrypted wallet data locally in the browser, so if the browser profile is still there, the vault might still be there too.
i went into chrome’s extension storage and pulled the metamask database files. inside those files there’s an encrypted object called the vault. that vault contains the seeds and keys metamask uses, but everything is encrypted with your metamask password.
so i extracted the vault data and decrypted it.
the encryption metamask uses is basically a key derived from your password (PBKDF2) that decrypts the vault payload (AES). if you still know the metamask password, you can decrypt the vault and recover the seed phrases stored inside.
that part actually worked.
after decrypting the vault i recovered three different seed phrases that had been stored in that metamask installation.
then came the derivation step.
metamask doesn’t store every ethereum address individually. it takes a seed phrase and deterministically generates wallets from it using a derivation path (usually m/44'/60'/0'/0/n). every time you click “create account” metamask just increments the index and derives the next address from the same seed.
so i wrote a script and started deriving addresses from those seeds. hundreds of them.
i compared every derived address with the wallet i’m trying to recover.
i also checked metamask’s internal logs and found proof that the wallet had signed messages from that installation before, which confirms that address definitely existed inside this metamask at some point.
but here’s the strange part:
after deriving hundreds of addresses from all three recovered seeds, the wallet never appeared.
so right now the situation looks like this:
• the wallet definitely existed in my metamask
• metamask signed messages with it
• i recovered three seeds from the vault
• my current accounts derive correctly from those seeds
• but the missing wallet does not derive from any of them
which is confusing, because i’m almost certain this was just a normal account created by clicking “create account”.
crypto lesson of the day:
if you ever used a wallet on a computer and still have the browser profile and the password, there’s a good chance your seeds are still sitting there encrypted in the local cache.
anyone here who has dug through metamask storage before… am i missing something?
