Skip to main content
T TON Adoption
RU
Security SECURITY · 2026

TON Wallet Recovery 2026: Seed, Ledger, Keystore Complete Guide

Full guide to recovering a TON wallet: seed phrase, Ledger, keystore files. What to do if you lose access, available safeguards, how to avoid losing funds.

Author
· research lead · security desk
Published
6 min read

Recovering a TON wallet is one of the most stressful moments in self-custody crypto. This piece is a detailed instruction for all possible recovery scenarios, with an honest take on when recovery is possible — and when it isn’t.

Top line: in TON wallets nobody recovers access for you. Not the Tonkeeper team, not TON Foundation, not an exchange (if you used self-custody). Recovery works only through cryptographic material in your hands.

Three recovery paths

MethodRequiredWallets that support it
Seed phrase (BIP39)24 wordsTonkeeper, MyTonWallet, Tonhub, Wallet by TG
Ledger hardware walletPhysical device + PINTonkeeper, MyTonWallet
Keystore fileEncrypted JSON + passwordMyTonWallet (only)

Without at least one of the three — recovery is impossible. It’s not a bug; it’s a self-custody feature.

Method 1: seed-phrase recovery (primary)

Step 1: Locate your seed

BIP39 24-word — TON standard. May be stored:

  • On paper (best practice)
  • On a steel plate (premium)
  • ❌ In a messenger / cloud / photo gallery (always compromised eventually)

If you wrote it in cloud (Telegram saved, Google Keep) — assume the seed is compromised. Move funds to a new wallet immediately.

Step 2: Download the official wallet

Tonkeeper:

  • iOS: App Store → “Tonkeeper” (by Ton Apps)
  • Android: Google Play → “Tonkeeper” (by Ton Apps)
  • Desktop: tonkeeper.com → Downloads
  • Web: app.tonkeeper.com (NOT recommended for large amounts)

MyTonWallet:

  • iOS, Android, browser extension, desktop — mytonwallet.io
  • Open source, audited

⚠️ Verify the URL letter-by-letter. Phishing domains like tonkkeper.com or mytonwalle.io steal seeds on import.

Step 3: Restore in the app

In Tonkeeper:

  1. Open app → “Import wallet” (not “Create wallet”!)
  2. Choose “Words” / “Mnemonic phrase
  3. Enter 24 words in order
  4. Pick wallet version (v3R2 / v4R2 / v5R1 — usually v4R2 for older 2022-2024 accounts)
  5. Confirm — wallet appears with balance

In MyTonWallet:

  1. Open app → “Import wallet” → “From seed phrase”
  2. Enter 24 words
  3. Set a password for on-disk encryption (not the seed)
  4. Confirm — wallet appears

Step 4: Check balance

If balance is 0 or less than expected:

Possible cause 1: wrong wallet version.

TON wallets have several contract versions: v3R1, v3R2, v4R1, v4R2, v5R1. Each version yields a DIFFERENT address for the same seed phrase.

If you used Tonkeeper in 2022-2023, your address is most likely v3R2. In 2024-2025 — v4R2. From 2025 — v5R1.

In Tonkeeper, switch version in Settings → Wallet → “Wallet version” → try all four. One will show your balance.

Possible cause 2: seed is right but different derivation path.

Tonhub used an alternative derivation path before 2024. If you created the wallet in Tonhub — importing into Tonkeeper may show an empty balance and vice versa.

Fix: open tonviewer.com, input each of the 5 possible addresses (v3R1…v5R1). Find the one with balance.

Possible cause 3: seed phrase is wrong.

See “Seed errors” section below.

Method 2: recovery via Ledger

If you used a Ledger hardware wallet with the TON app:

Step 1: Plug in Ledger

  • USB / Bluetooth (Nano X)
  • Open the TON app on the Ledger device (via Ledger Live → Manager → “TON”)

Step 2: Open Tonkeeper

  • Settings → “Add wallet” → “Hardware wallet” → “Ledger”
  • Tonkeeper detects Ledger via the TON app
  • Confirm pairing on the Ledger device

Step 3: Done

All balances appear. Transactions are signed on the physical device (Ledger buttons), protecting you even from a compromised phone.

If you lost the Ledger: open Ledger Live, restore the Ledger via its 24-word seed (set when first initializing — this is different from a software-wallet seed). After restore, repeat steps 1-3.

Method 3: recovery via keystore (MyTonWallet only)

Keystore = encrypted private key in JSON format, protected by a password.

Creating a keystore (for future backup)

In MyTonWallet:

  1. Settings → “Wallet” → “Export keystore”
  2. Enter a password (12+ characters, complex)
  3. Save the JSON file (e.g. keystore-myton-2026.json)

Recovery from keystore

In MyTonWallet:

  1. Open app → “Import wallet” → “From keystore file”
  2. Upload the JSON
  3. Enter the password
  4. Confirm — wallet appears

Limitations:

  • Only MyTonWallet supports it (Tonkeeper has no keystore feature)
  • Lose the password and the keystore is useless
  • Doesn’t work with Ledger accounts (the key sits on the device, not in a keystore)

Hard cases

Case 1: seed is correct but wallet can’t find the balance

Checklist:

  • Try all wallet versions (v3R1, v3R2, v4R1, v4R2, v5R1)
  • Try both Tonkeeper and MyTonWallet (different derivation conventions)
  • Check on tonviewer.com — input the seed-derived address manually
  • If nothing works — the seed is actually wrong

Case 2: you know 23 of 24 words

If one word is unclear / lost:

Don’t enter it into an online tool! Most “seed recovery” sites are phishing. They’ll steal even a partial seed.

Safe path:

  1. Download offline Ian Coleman BIP39 tool (github.com/iancoleman/bip39)
  2. Run on a computer with no internet
  3. Enter 23 known words + the 24th blank
  4. The tool iterates 2048 BIP39 words for the blank slot
  5. For each variant, derive the address → check on tonviewer.com → find the one with balance

Time: 30-60 minutes manually checking 2048 variants.

Case 3: you know 22 of 24 words

Combinatorial space: 2048² ≈ 4 million. Manual checking is unfeasible.

Option: write a script that derives all 2048² addresses and checks them via TON RPC API. Nobody has done this publicly, but it’s doable in a few engineer-hours.

Worth it? If the wallet >$10K — yes. Less — your hour is more expensive.

Case 4: you know seed but the wallet was multi-sig

A TON multi-sig wallet requires signatures from multiple seed phrases. If you only have one — coordinate with the other signers.

More: Multi-sig on TON: team security.

Case 5: was on Wallet by Telegram, phone lost

Wallet by Telegram is a custodial wallet up to a certain threshold. If your balance was below $200, Telegram can recover via KYC (passport + your Telegram account).

If balance >$200 — Telegram actively pushed you to export the seed (24 words). If exported — you have a seed, see Method 1. If not — contact Wallet support via @walletsupport_bot.

Case 6: compromised seed (drained)

If you noticed unauthorized transactions from your address:

  1. Don’t enter the seed anywhere for recovery — it’s already compromised
  2. Create a new wallet with a new seed phrase (on a clean device)
  3. Move all remaining funds to the new address (minimum number of transactions)
  4. Audit what’s lost: view full transaction history via tonviewer.com
  5. Report the drainer address: contact @tonkeeper-support, TON Foundation forum, to add to blacklist

See drainer sites on TON: how they work for the technical detail.

Preventive measures (2026 best practice)

Level 1: under $1K — simple

  • Tonkeeper / MyTonWallet (mobile)
  • Seed on paper, at home
  • Verify recovery in the first week

Level 2: $1K - $50K — standard

  • Tonkeeper + MyTonWallet (two copies for tool diversification)
  • Seed in two separate physical locations (home + work / friend / safe deposit)
  • Test recovery every 6 months
  • Optional: add a passphrase (BIP39 25th word) for extra protection

Level 3: $50K+ — premium

  • Hardware wallet: Ledger Nano S Plus or Nano X with TON app
  • Steel plate for seed (CryptoSteel, Billfodl, or DIY metal)
  • Multi-sig for assets >$100K — 2-of-3 or 3-of-5 with distributed signers
  • Annual security audit — check backups

Level 4: $500K+ — enterprise

  • Multi-sig 3-of-5 with diverse Ledger devices
  • Geographically distributed signers
  • Insurance via Nexus Mutual / specialized TON insurers
  • Annual external security audit

What changes after Toncoin → Gram rebrand

Nothing at the recovery level. Seed phrases stay the same, Ledger keeps working, keystore formats unchanged. The wallet UI just shows “GRAM” instead of “TON.”

More: main rebrand explainer.

What does NOT work (don’t try)

  • ❌ Recovery via email / phone (TON wallets don’t use credentials)
  • ❌ Third-party “recovery service” (99% are scams, the rest don’t have enough info)
  • ❌ Recovery via blockchain explorer (you can see transactions, you can’t extract keys)
  • ❌ “Brain wallets” / passphrase-derived seeds — entropy too weak, easy to brute-force
  • ❌ Custom seed generators — use only official wallet generation

Bottom line

TON wallet recovery = knowledge of cryptographic material (seed / Ledger / keystore). Without it, recovery is impossible via any social-engineering method.

Best practice: write the seed on paper immediately on creation, verify recovery the first day, keep backups in multiple physical locations.

If something goes wrong — act fast (drainers work in seconds), don’t enter the seed on suspicious sites, contact official support.

Additional reading:

Frequently asked

At minimum — a **seed phrase** (24 BIP39 words). With it, you can recover any TON wallet (Tonkeeper, MyTonWallet, Tonhub) on any device. Alternatives: **Ledger** via TON app — private keys live on the device, no seed needed. Third: **keystore file** (encrypted key export) + password. Without at least one — recovery is impossible.
A keystore (JSON format) is an encrypted private-key export protected by a password. Analogous to an Ethereum keystore (UTC-XXX.json). Used less often than a seed but offers an **additional backup** option. MyTonWallet supports keystore export from settings. Tonkeeper has no built-in keystore feature (uses seed only). To recover: import the keystore into MyTonWallet → enter the password → wallet is decrypted.
**With a Ledger** — yes, by connecting it to a new Tonkeeper or MyTonWallet. The key stays on the Ledger device; the mobile wallet is just the UI. **With a keystore file + password** — yes, by importing into MyTonWallet. **Without any of the above** — NO, funds are lost forever. There's no 'forgot password' via email — this is a decentralized system.
No. They are **non-custodial** — they don't store a copy of your seed/key. Unlike an exchange (Binance, Bybit) or custodial Wallet by Telegram, where the company holds keys and can recover via KYC, in self-custody wallets this is **technically impossible**. The Tonkeeper team has no access to user balances.
If the error is in **one word** — there are tools like [Ian Coleman's BIP39 tool](https://iancoleman.io/bip39/) (offline-only, not on the website) that can try variants. If multiple errors — practically impossible. Hence the rule: **verify recovery immediately** — delete the app, reinstall, restore from seed. If the balance matches — the seed is correct.
Best practice 2026: (1) **Paper copies** in two separate places (home + safe deposit box), (2) **Steel plate** for large amounts (standard: CryptoSteel or Billfodl), (3) **Multi-sig** for big balances. Do NOT store in cloud, messengers, photo galleries, password managers (even encrypted 1Password / LastPass are additional attack surface).
**Immediately** move all funds to a new wallet with a new seed. The old seed is burned. Action plan: (1) create a new wallet → safely record the new seed, (2) move TON/Gram, USDT-TON, jettons, NFTs one transaction at a time, (3) delete the old wallet. Time is critical — drainers can withdraw funds in seconds if they're already monitoring the address.

Related

← Back to blog