Highlander · April 30, 2025
How to Wipe Your KeepKey
Loading…
Keep your crypto safe.
Open-source hardware wallet with 7,500+ supported assets. Your keys never leave the device.
Open sourceFree shipping30-day returns
How to Wipe Your KeepKey
Wiping a KeepKey returns it to factory state. The on-device seed and PIN are erased; the device looks and behaves exactly like a brand-new KeepKey out of the box. This guide explains when you'd want to do that, how to do it safely in KeepKey Vault Desktop, and how to recover afterward.
When to wipe
Three legitimate reasons:
- You forgot your PIN. Once your KeepKey is wiped, you restore the wallet from your recovery phrase and set a new PIN. Your funds are not lost — they are tied to the recovery phrase, not to the device or the PIN.
- You're selling, gifting, or returning the device. Never hand a KeepKey to anyone with your seed still on it. Wipe first.
- You're rotating to a new seed. If you suspect your recovery phrase has been seen by someone else, wiping and re-initializing with a fresh seed (and migrating funds to the new wallet) is the only safe path.
Before you wipe — confirm the seed
⚠️ This is the step that matters. A wipe is irreversible. The only thing standing between you and permanently lost funds is your recovery phrase.
Before you click anything:
- Find the paper backup of your recovery phrase. Read the words back. Confirm they're legible and that you can identify all 12 (or 18, or 24) words.
- Check spelling. Each word must match the BIP39 English word list. A misspelled word is a useless backup.
- If you use a passphrase, make sure you can reproduce that exactly too. The passphrase is not on the recovery card and is not in the seed — see BIP39 Passphrase.
If you can't produce the seed, stop. Do not wipe. Move funds off the device while you still have access.
Wipe path 1 — Forgot PIN
If you forgot your PIN, you can't reach the Vault Desktop settings menu. The desktop app handles this case at unlock time:
- Plug the KeepKey into your computer and open Vault Desktop.
- You're prompted to enter the PIN.
- Below the PIN grid, click "Forgot your PIN?"
- Confirm the wipe on the device's screen by pressing the physical button.
The device shows a clear "Wipe device?" prompt. Pressing the button confirms; doing nothing cancels. After confirmation the device clears its storage and reboots in uninitialized mode.
Wipe path 2 — Settings menu (you know your PIN)
If you can still unlock the device, the cleaner path is through the settings:
- Unlock the KeepKey in Vault Desktop with your PIN.
- Open Settings → Security → Danger Zone.
- Click Wipe device.
- Confirm the action on the KeepKey's screen with the physical button.
The device confirms with an on-screen prompt. Press the button to commit; the device wipes and reboots.
After the wipe
You now have a blank KeepKey, the same state as a brand-new device.
- To restore an existing wallet, follow KeepKey Device Recovery. You'll enter your recovery phrase via the cipher flow and pick a new PIN.
- To start fresh with a new seed, plug in the device and Vault Desktop will walk you through the standard onboarding — generate a new 12 or 24-word phrase, write it down, set a PIN.
Fallback — the legacy updater
If for any reason the wipe action isn't reachable in Vault Desktop (very old firmware, an OS-level USB issue), you can use the legacy KeepKey Updater as a fallback. It's older but still serves the wipe-and-recover path on devices Vault Desktop can't reach:
For modern firmware, Vault Desktop is the recommended tool — it handles transport fallbacks (WebUSB / USB / HID) automatically and is actively maintained.
Common mistakes
- Wiping without confirming the seed first. The single biggest cause of self-inflicted lost wallets. Always read the seed back from your backup before wiping.
- Throwing out the recovery card after a wipe. The card is the wallet. The wipe doesn't change that. Keep the card; you'll need it during recovery.
- Assuming the wipe also "logs you out" of any connected dApps. It does — your KeepKey can't sign anything until it's reinitialized. But any session tokens, cached approvals, or off-chain state held by web apps are independent of the device. If your concern is that the device was compromised, also revoke any active token approvals from the wallet's address.
Related
- KeepKey Device Recovery — restore your wallet onto a wiped device
- Recovery Phrase basics — how to keep the seed safe
- PIN setup — set a strong PIN you can actually remember