KeepKey Locked Out by the Wait Timer? What You Need to Know About Failed PIN Attempts

If your KeepKey is currently showing a wait timer of hours, days, or longer after you've entered the wrong PIN too many times, you're probably in a slightly panicked state right now. The wait time doubles after each failed attempt — eight seconds, then sixteen, then thirty-two, then minutes, hours, days. By the time most people search for help, they're staring at a timer measured in weeks or longer.

Here is the most important thing to know: the wait timer does not affect whether your seed can be recovered. Stop entering PINs and read this post all the way through.

How the wait timer actually works

The KeepKey runs on a chip called the STM32F205. Its firmware enforces an exponentially increasing delay between failed PIN attempts as a defense against brute-force attacks. The delay logic is written in the open-source KeepKey firmware and is straightforward:

• The first two failed attempts have no delay.
• Starting with the third failed attempt, the delay is 2 ^ (number of failures) seconds.

That means:

• 3 wrong PINs in a row → wait 8 seconds
• 4 wrong PINs → wait 16 seconds
• 5 wrong PINs → wait 32 seconds
• 10 wrong PINs → wait about 17 minutes
• 15 wrong PINs → wait about 9 hours
• 20 wrong PINs → wait about 12 days
• 25 wrong PINs → wait about 1 year
• 30 wrong PINs → wait about 34 years
• 32+ wrong PINs → wait time caps at the maximum representable value, which is roughly 136 years

The failure counter is written to the device's flash storage before the PIN is actually checked. That means power-cycling the device mid-attempt does not reset the counter. The increment is committed first; the check happens second. Trying to unplug the device quickly after a wrong PIN entry does not work.

Does the KeepKey ever wipe itself?

No. This is the second important fact for anyone in this situation: the KeepKey does not automatically erase your seed after any number of failed PIN attempts. Unlike some other hardware wallets, there is no maximum count that triggers a wipe.

For comparison:

• Trezor One and Trezor Model T automatically wipe themselves after 16 failed PIN attempts.
• Trezor Safe 7 wipes after 10 failed attempts.
• KeepKey — never wipes. The delay just grows.

The only exceptions on the KeepKey are:

1. The wipe code feature. If at some point you set up an optional secondary PIN called a "wipe code," entering that secondary PIN intentionally erases the device. Most users have never set this up. If you did and you're not sure whether you've entered it during your recovery attempts, that is the one scenario where your seed could already be gone.

2. Hardware-detected flash corruption. If the device's internal integrity check fails during normal operation, it will wipe and restart. This is extraordinarily rare and is not caused by wrong PIN attempts.

In every other case — regardless of how many wrong PINs you've entered, regardless of how long the wait timer is showing — your encrypted seed is still sitting safely in the device's flash memory.

Why the wait timer doesn't affect professional recovery

The wait timer is enforced by the device's firmware. Specifically, it's enforced by the PIN entry user interface that runs on the device and displays the random keypad on the screen. To trigger the delay, you have to be entering a PIN through the official firmware-driven path — typing into the KeepKey app, watching the keypad on the device, going through the normal authentication flow.

A hardware recovery process — the kind we perform at Seed Recovery Co. — does not use any of that. Here is the actual flow at a high level:

1. The device is disassembled and the STM32F205 chip is mounted on our lab platform.
2. We use a technique called electromagnetic fault injection (EMFI) to bypass the chip's read protection at the silicon level. This involves no firmware execution on the KeepKey itself.
3. We extract the encrypted seed material and the cryptographic parameters needed to decrypt it directly from the chip's memory.
4. We brute-force the PIN against the extracted data on our compute infrastructure — not on the device. Our cracker can test the entire possible PIN space within just a few hours.

Steps 1 through 4 never invoke the KeepKey's firmware PIN entry path. The wait timer is irrelevant to the recovery process. The number of failed attempts you have accumulated on the device is irrelevant. The exponential delay has zero impact on our ability to recover your seed.

What you should actually do right now

If your KeepKey is showing a long wait timer:

1. Stop entering PINs. Additional attempts will not damage anything, but they will not help either. Every attempt makes the wait timer longer for the next attempt. You are wasting your own time.

2. Power down the device by disconnecting it from any USB cable. The wait timer state is preserved in flash, so this does not reset anything, but there is no reason to leave the device powered.

3. Write down what you remember about the PIN. Anything: the length, digits you remember being part of it, digits you remember NOT being part of it, whether it was a date or a phrase, anything. The more we know going in, the faster we can narrow the search space. Even partial information dramatically reduces our brute-force time.

4. Did you set up a wipe code? Think back to the original setup of this device. If you remember explicitly creating a secondary PIN intended to wipe the device — and you might have entered it during your recent attempts — please let us know during intake. If you did not set up a wipe code (most users do not), this concern does not apply.

5. Contact us for a free evaluation. Diagnosis costs nothing. We will tell you whether recovery is feasible before any work begins, and we charge nothing if we cannot recover the seed.

A note on patience versus action

Some people in this situation are tempted to just wait out the timer — to set the device aside for the months or years it would take for the delay to expire, then enter what they think is the correct PIN. There are a few problems with this:

• If the PIN you remember is actually wrong (which is statistically likely, given that you've already gotten it wrong multiple times), the timer will double again and you'll be in an even longer wait the next time around.
• After enough cumulative failures, the wait timer caps at a value that is essentially "forever" — well over a human lifetime. You cannot wait out a 136-year timer.
• Most importantly: you do not need to. The whole point of professional hardware-level recovery is to bypass the on-device delay completely.

Waiting is the wrong move. Sending the device for evaluation is the right one.

The bottom line

Forgotten PINs and lockout timers are exactly the kind of problem hardware-level recovery exists to solve. The wait timer is a defense against casual brute-force attacks on the device itself — it is not a defense against legitimate recovery by the device's owner using the right tools.

If you are reading this from inside a multi-day wait timer, take a breath. Your funds are not lost. The encrypted seed is still on the device. The math works in your favor as long as you used a memorable PIN. We do this work professionally, and we are happy to evaluate your case at no cost.

Contact us for a free recovery evaluation →

Seed Recovery Co. is a hardware wallet recovery lab based in Ninilchik, Alaska. We specialize in KeepKey and Trezor One recovery using documented fault injection techniques. No recovery, no fee. All cases are handled under strict confidentiality.