CryptoTrade.wiki

Seed Phrase in Crypto: Protection, Storage, and Recovery

What a crypto seed phrase is, how it protects access, and how to store it safely — from paper and metal backups to Shamir’s Secret Sharing and encrypted microSD.

Written byCryptoTrade Research
|
Reviewed byCryptoTrade Editorial Team
|
Updated

What a seed phrase is and why it’s the main security rule

A seed phrase is 12–24 words and the core secret of a non-custodial wallet. It encodes the source data used to generate keys: BIP-39 (a mnemonic) maps cryptographic randomness to words. BIP-32/BIP-44 define how private keys and addresses are derived from that base.

Knowing the seed phrase makes it possible to restore a wallet on any device and sign transactions with the same authority as the owner.

A seed phrase matters more than a password or a device: a password and a phone protect the device, while a seed phrase defines access to the wallet. Below is the difference between loss and compromise, plus a storage scheme that preserves recovery for the owner and prevents access by outsiders.

Seed phrase: a mnemonic set of words that encodes the source data used to generate a wallet’s keys (BIP-39).

Recovery phrase: the same thing as a seed phrase; different wallets use different names.

Non-custodial wallet: a wallet where the seed phrase and private keys are controlled by the owner; the service cannot “restore access” if they are lost.

Secure storage of a seed phrase (12–24 words): a metal backup and an offline capsule, with a reminder “do not photograph / do not store in the cloud” — a visual metaphor for protection and backup rules.

How a seed phrase protects assets

Key idea: control over assets is defined by control over the signature: a transaction is authorized with a private key. As long as the seed phrase remains secret, wallet recovery and transaction signing are available only to the owner.

A seed phrase is the foundation of an HD wallet: private keys and addresses are derived from it deterministically. Sending assets requires a private-key signature; without the seed phrase (or the required private key), a transaction cannot be signed on the owner’s behalf. The main practical risk is not “brute force,” but leakage: phishing, social engineering, and storage mistakes.

A nuance: assets do not “live on a phone.” They are recorded on the blockchain, and the device is an interface. Losing a phone or deleting an app does not mean losing funds: the wallet can be restored on another device by entering the seed phrase.

A seed phrase grants full control over a wallet: a found or copied record means full access. Backups, closed storage, and periodic checks that the record is complete and readable are required.

What a seed phrase consists of and how it’s generated (BIP-39)

What’s inside: a wallet generates cryptographic randomness (entropy) and encodes it as words from a fixed list. This produces a secret format that is convenient to write down and enter.

When a new wallet is created, entropy is generated and converted into a mnemonic under the BIP-39 standard. A checksum is added to the phrase: it helps detect input errors (for example, a wrong word or order), but it does not “restore” the phrase automatically.

Most often, 12 or 24 words are used. Both options provide an enormous search space, so the main risk is leakage — when the phrase is seen, extracted, or stored insecurely.

Entropy: cryptographic randomness from which a seed phrase is produced.

BIP-39: a standard that defines the word list and the mnemonic encoding method.

HD wallet (BIP-32/44): a hierarchical scheme where many private keys and addresses are derived deterministically from one seed.

Important: a seed phrase is not an app password, but the source secret for keys. 12/24 words create a massive search space, but the biggest risks are almost always human: photos in the cloud, entering the seed phrase on a phishing site, storing it in an unencrypted file or notes.

Where a seed phrase appears

A seed phrase is shown when a non-custodial wallet is created and is entered to restore access. A request for a seed phrase outside the recovery flow in a wallet or on the screen of a hardware device is a sign of fraud.

  • Mobile and desktop wallets show the words on first launch and ask for them to be written down (often confirming a few words).
  • Hardware wallets display the seed phrase on their own screen so the record stays offline.
  • When moving to a new device, “Restore from phrase” is selected and the words are entered in the correct order.

A seed phrase is entered only into a wallet during recovery on a trusted device. Support services, chats, and websites should not request these words.

Seed phrase, private key, and loss of access: what is actually at risk

A private key controls one address, while a seed phrase restores the entire HD wallet. That is why “leakage” and “loss” of a seed phrase are more critical than the compromise of a single key or a device failure.

A private key is the ability to sign transactions for one specific address. A seed phrase is the wallet’s source secret: all private keys and addresses are derived from it deterministically, so it restores the wallet as a whole.

  • One private key leaked → one address associated with that key is at risk.
  • The seed phrase leaked → the entire wallet and all derived addresses are at risk.
  • A device is lost → not critical if the seed phrase is saved: the wallet can be restored on a new device.
  • The seed phrase is lost → critical: without it, the keys cannot be derived again, so transactions cannot be signed and assets cannot be controlled.

Newcomer case: the seed phrase is written on a sticky note. A year later there is a move, and the note is lost. The phone breaks, and there is no backup. Access cannot be restored: the assets remain on the addresses, but no one can control them anymore.

Result: there is no “administrator” or “password reset” on a blockchain. Only pre-made backups and a verified storage scheme work.

What must never be done with a seed phrase

These mistakes end in leakage or an irreversible loss of access. The basic principle: a seed phrase must not appear in digital form and must not be shared with third parties.

Red flag: a request to enter or send a seed phrase “for verification/support/unlocking” indicates a theft attempt. A seed phrase is entered only into a wallet during recovery on a trusted device.

  1. Do not photograph it or take screenshots: images can end up in cloud backups and synced galleries.
  2. Do not store a seed phrase in plain text in files/notes on a PC, phone, or in the cloud.
  3. Do not enter a seed phrase on “verification/support” websites and do not send it in chat or email.
  4. Do not “make up” a seed phrase: it must be generated by the wallet from the standard word list (BIP-39), otherwise the secret can be predictable or invalid.
  5. Do not keep a single paper copy without a backup and protection from water/fire.
Approvals in DeFi: permissions and revoking access
Even without a seed-phrase leak, assets can be spent via granted permissions (approve). Below is a breakdown of where “permanent access” can remain and how to revoke approvals safely.
Read about approvals and revoking them

Secure storage methods

There is no universal “best” medium: the choice is a balance between durability (water/fire/wear), secrecy (protection from being read), and ease of recovery. A common failure mode is one copy or too many copies without control over locations and access.

Choosing by situation:

  • A fast, low-cost start is needed → paper (2 copies, stored in separate places).
  • Protection from fire/water is needed → metal + a discreet hiding place.
  • Protection against “one copy was found” is needed → sharding (3-of-5 threshold) or a passphrase (an extra word).
  • Recovery needs to be simplified → microSD as an add-on, but not instead of a readable copy.

Paper (handwritten)

Basic offline backup: the words are written clearly and stored outside digital devices. The main risk is elements and wear.

  • Good for: a quick start, a small budget, a first backup.
  • How to do it: 2 copies, separate locations, protection from water/fire (bag/lamination/container).
  • Main risk: a found copy means full access.

✅ Pros

  • Cheap and simple.
  • No digital traces.

❌ Cons

  • Vulnerable to water/fire/wear.
  • Requires storage discipline.

Bottom line: paper works with two separated copies and protection from elements.

Metal (steel/titanium)

Protection from elements: the words are engraved/stamped onto a plate or assembled in a capsule. Metal improves durability, but does not conceal the secret.

  • Good for: long-term holding, protection from water/fire.
  • How to do it: one medium + a planned hiding place; during transfer — no cameras and no witnesses.
  • Main risk: physical access = the phrase can be read.

✅ Pros

  • Resistant to fire and moisture.
  • Durable and readable.

❌ Cons

  • More expensive and slower to prepare.
  • Does not protect against “found and read.”

Bottom line: metal solves fire and water; secrecy is provided only by location and discipline.

“Multi-safe” (multiple identical copies in different places)

Protection against losing one hiding place: 2–3 identical copies are made and spread across locations. Durability improves, but leakage risk also increases.

  • Good for: protection against fire/flood/theft at one storage location.
  • How to do it: minimum copies, maximum control (where it is and who has access).
  • Main risk: any found copy reveals the entire secret.

✅ Pros

  • Survivability under a local incident.
  • A simple scheme without extra cryptography.

❌ Cons

  • Leakage risk rises with each copy.
  • Location tracking and access control are required.

Bottom line: a “multi-safe” improves durability but does not protect against reading. For secrecy, a passphrase or sharding is needed.

Sharding (Shamir’s Secret Sharing, Seed XOR)

No single point of compromise: the secret is split into parts; recovery requires a threshold (for example, 3 of 5). One fragment on its own is useless.

  • Good for: large amounts, family/corporate custody.
  • How to do it: a clear recovery threshold + tracking where fragments are stored + a recovery test.
  • Main risk: losing quorum fragments = loss of access.

✅ Pros

  • One fragment does not grant access to the wallet.
  • Fragments can be spread geographically.

❌ Cons

  • Setup and recovery are more complex.
  • Tracking errors break the scheme.

Bottom line: protection against theft of one copy at the cost of stricter tracking and recovery tests.

Encrypted backup on microSD (via a hardware wallet)

A convenient offline duplicate: the device saves an encrypted backup to a memory card; recovery requires a compatible device and a password.

  • Good for: an add-on to paper/metal to speed up recovery.
  • How to do it: store separately from the device; store the password securely; do not treat it as the “only backup.”
  • Main risk: media damage and dependence on the device/password.

✅ Pros

  • Fast recovery on a compatible device.
  • Encryption reduces “read and steal” risk.

❌ Cons

  • The medium is vulnerable to damage.
  • Dependence on the device and password.

Bottom line: microSD speeds up recovery; a readable copy (paper/metal) is still required.

Next step: a hardware wallet and a proper backup
As the amount grows, separating the “signing device” from seed-phrase storage becomes sensible. The guide covers models, metal/microSD backups, and testing recovery before the first large transaction.
Read the hardware wallet guide

Ready storage schemes: choosing by amount and risk

A scheme is not a “medium,” but a set of rules: how many copies, where they are stored, who has access, how often recovery is checked, and what is done during a move or after device loss.

Passphrase: an extra word/phrase on top of the seed phrase. Without the passphrase, the seed phrase will not restore the intended wallet, but the passphrase also becomes a key — it is stored separately and just as securely.

Scheme 1 — Beginner / small amount

  • Paper ×2: two copies in two different places.
  • Every 3–6 months — check that the record is readable and the copies are present.
  • No photos/cloud/notes — offline only.

Scheme 2 — Medium amount / long-term holding

  • Metal ×1 (primary) + paper ×1 (backup) in different places.
  • The hiding place matters more than the material: physical access = reading risk.
  • Every 6–12 months — a short audit of presence and condition.

Scheme 3 — Large amount / protection against theft of one copy

  • Sharding 3 of 5 (different people/cities) or a seed phrase + passphrase.
  • The passphrase is stored separately from the seed phrase and separately from the medium.
  • Instructions for “how to assemble quorum” are needed without exposing fragments.

Scheme 4 — Fast recovery is needed

  • microSD backup only as an add-on (encrypted file + password).
  • A “readable” copy is required: paper or metal.
  • microSD is stored separately from the device and separately from the seed phrase.

A scheme is not considered reliable without a recovery test. At least once, recovery should be verified using the copies (ideally offline on a “clean” device).

Summary table of storage methods

The comparison follows two axes — medium resilience (water/fire) and protection from reading (what happens if a copy is found). “Recovery convenience” is often higher where risk is higher, unless a passphrase or sharding is used.

Method 💧 Water resistance 🔥 Fire resistance 🕵️ Protection from reading ⏳ Longevity 🧭 Recovery convenience ⚙️ Complexity 💵 Cost
Paper
handwritten		 Low Low Low
copy found → access		 Low High
easy to read		 Low Low
Metal
steel/titanium		 High High Low
found → readable		 High High Low–medium Medium–high
“Multi-safe”
multiple copies		 Medium
depends on the medium		 Medium
depends on the medium		 Low
any copy → access		 Medium
depends on the medium		 High Low Low–medium
Sharding
Shamir / Seed XOR		 High
fragments are separated		 High High
1 fragment is useless		 Medium
depends on the medium		 Medium
quorum required		 High Medium
microSD backup
encrypted file		 Low
medium is vulnerable		 Low
medium is vulnerable		 Medium–high
depends on the password		 Medium High
on a compatible device		 Medium Low–medium

How to read this

“🕵️ Protection from reading”: low — a found copy almost immediately grants access (paper/metal/multi-safe). high — one find is not enough: a quorum of fragments is required (sharding) or an extra condition is required (a strong password for an encrypted backup).

Three routes: a basic scheme → a recovery test → stronger protection as needed.

1 — Starter

  • Paper copy ×2: two separate locations (not “in the same cabinet”).
  • Moisture protection + a readability check every 3–6 months.
  • One recovery test on a “clean” device (ideally offline).

2 — Durability and protection from elements

  • Metal as the primary copy + paper as a backup in a different place.
  • Transfer the words with no cameras/screenshots and no “digital notes.”
  • Geographic separation of hiding places (at least two independent locations).

3 — Protection against theft of one copy (family/team, large amounts)

  • Sharding (for example, 3 of 5) and separate media for each fragment (paper/metal).
  • Fragments held by different people/in different places; a pre-written recovery scenario.
  • Regular checks: locations, media integrity, and instruction freshness.

Change a scheme one parameter at a time. First — a basic scheme and a recovery test, then — a passphrase, sharding, or additional copies.

Ready-made solutions for storing words (3 options)

Below are popular form factors. The choice is based on material and recording method, as well as two criteria: medium resilience (fire/water/mechanical damage) and reading risk with physical access.

Perforated titanium plate

Medium resilience: titanium resists corrosion and high temperatures; the words are marked using a template so the record stays readable for years.

✅ Pros

  • High fire and water resistance.
  • Clear marking and longevity.

❌ Cons

  • Above-average price.
  • Time and tools are required to transfer the words.

Main point: the medium is designed for long-term storage. The risk is unchanged: if the plate is found, the phrase can be read.

Steel capsule with letter tiles (constructor)

A compact format: letters are assembled inside the case; the capsule protects from impacts and moisture and hides contents from casual view, but it does not replace protection from reading.

✅ Pros

  • Compact size and good medium protection.
  • Contents are not visible without opening.

❌ Cons

  • With physical access, it can be opened and read.
  • Letter tiles require careful handling.

Main point: a compromise between size and durability; a passphrase or sharding is needed for protection from reading.

Steel plate with engraving/stamping

A practical option: cheaper than titanium and often durable enough. The key is engraving depth and quality so the record remains readable years later.

✅ Pros

  • Good durability at a moderate price.
  • Easy to check readability.

❌ Cons

  • Care is required during marking.
  • Physical access = the phrase can be read.

Main point: a predictable durable medium; secrecy depends on the hiding place and discipline.

Common beginner mistakes

Top mistakes that are easy to avoid

  • Seed-phrase leakage
    Photo/screenshot with automatic cloud upload or gallery sync across devices.
  • Phishing
    Entering the phrase on a “support site,” via a link from an email/chat, or in a “verification form.”
  • Digital traces
    Storing an unencrypted file like “seed.txt” on a PC/drive or in the cloud.
  • One copy
    A single paper record without a backup or water/fire protection.
  • One location
    No geographic separation — all copies in one place.
  • Homemade “encryption”
    First letters, word shuffling, personal abbreviations — often break recovery and lead to loss of access.
  • No verification
    No recovery test performed on a “clean” device.
  • Device compromise
    Recovery on an infected PC/phone: keyloggers capture seed-phrase input, and clippers replace withdrawal addresses.
  • “Tell someone”
    Sharing the phrase “just in case” without access rules, accountability, and an inheritance scenario.

Backup and verification tips

A backup is reliable only after recovery has been tested. The scheme should be simple and repeatable: copies, locations, verification.

  1. Write the words down clearly right away and double-check the order without rushing (one wrong word = recovery failure).
  2. Make at least 2 copies and store them in independent locations (for example, metal + paper).
  3. Protect media from moisture and damage (container/bag/safe); metal is better for fire resistance.
  4. Run a test recovery on a “clean” device: minimal software, no suspicious extensions, ideally offline.
  5. Create a “how to restore” note (which wallet, where to enter the phrase, what to click) — without the seed phrase and without the passphrase.
  6. Schedule a check every 6–12 months: media integrity, record readability, and instruction freshness.
When a passphrase (an additional “25th word”) is used, it is stored separately from the seed phrase; a note is also needed indicating where it is required during recovery.

When to use additional protections

Layers are added as the amount and control requirements grow. First, a basic backup is created and a recovery test is completed using the copies; then the scheme is made more complex.

Passphrase (BIP-39)

When to use: when the “one copy was found” scenario is critical.

  • Helps: 12/24 words without a passphrase will not open the intended wallet.
  • Risk: the passphrase is forgotten or it is not recorded that it is enabled.
  • Mini rule: the passphrase is stored separately; a clear note is needed indicating where it is required.

Multisig (2 of 3)

When to use: shared ownership or very large amounts.

  • Helps: one key/device should not provide control over everything.
  • Risk: there is no “lost one key” scenario and recovery is not practiced.
  • Mini rule: signer roles are defined and a yearly check is performed.

Geographic separation

When to use: when the “everything in one place” scenario is unacceptable.

  • Helps: a local incident does not wipe out the entire capital at once.
  • Risk: tracking becomes more complex and control over locations is lost.
  • Mini rule: two clear wallets are better than five without control.

Encrypting copies

When to use: when an electronic duplicate is needed (as an add-on).

  • Helps: the file cannot be read without a password if the medium is accessed.
  • Risk: the password is forgotten or decryption was never tested.
  • Mini rule: an offline medium + a strong password + a check every 6–12 months.

Any extra protection increases the chance of locking out the owner. Complexity makes sense only after a recovery test and fixed rules (what is enabled and where it is required).

Multisig: when it’s needed and how to avoid losing access
Multisig removes a single point of theft, but adds rules and responsibility. The guide covers “lost a key” scenarios, signer roles, and a minimal recovery checklist.
Read the multisig guide

What to do if a seed phrase is lost

If the seed phrase is gone, recovery is impossible. Access is possible only when wallet access remains on one device and a transfer can be sent.

  • If the wallet is still unlocked on a device: create a new wallet with a new seed phrase and transfer assets to a new address (starting with a small test amount is better).
  • If almost everything is remembered but there is doubt about one word or a typo: the BIP-39 checksum can sometimes help (the wallet will indicate the phrase is invalid). This does not always work and only when there are few errors.
  • If several words or the order are lost: in practice, access is likely lost — “recovering” a seed phrase without precise information is extremely difficult.

This is prevented only in advance — with backups, a recovery test, and storage discipline.

Questions and answers (FAQ)

Short answers to common questions: 12 vs 24 words, where to store copies, why photos are unsafe, how to test recovery safely, plus passphrases and multisig.

How many words should a seed phrase have — 12 or 24?
Both options are widely used. 24 words provide a larger margin, but in practice risk is more often tied to leaks and storage mistakes than to phrase length.
Can a seed phrase be made up to make it easier to remember?
No. The seed must be random and follow the standard (BIP-39). “Made-up” phrases are predictable and often invalid for recovery.
Where is it safer to store copies — at home or in a bank safe-deposit box?
Most often, a combination works best: one copy at home (in a protected place), and a second copy outside the home (for example, a safe-deposit box). This reduces dependence on a single location.
Why should a seed phrase never be photographed?
A photo can end up in cloud backups or become accessible to apps/services on the device. Any digital trace increases leakage risk.
Is it safe to test recovery?
Yes, if it is done offline on a trusted device. After the check, the test wallet should be removed and it should be confirmed that the phrase did not remain anywhere (not in notes, photos, or the clipboard).
What is a passphrase and why is it used?
This is an additional phrase (BIP-39 passphrase) on top of 12/24 words. Without it, the seed phrase alone may not open the intended wallet, so the passphrase is stored separately and just as securely.
When is multisig actually justified?
For meaningful amounts and shared ownership (family, partners, a team). Multisig reduces the risk of a single-key compromise, but requires stricter tracking and a recovery procedure.
Is one metal plate/capsule with a seed phrase enough?
At least two copies in different locations are better (for example, metal + paper or a second metal copy). One copy is always “one place = one failure.”

Final checklist: the minimum that actually saves access

A quick summary: these points cover the main reasons for losing access — leakage, a single copy, and no recovery verification.

  • The seed phrase is recorded offline (paper/metal), and the word order is double-checked without rushing.
  • At least 2 copies exist, stored in different places (not “in the same drawer”).
  • No digital traces: no photos, cloud storage, notes, or files like “seed.txt.”
  • Recovery has been tested at least once using the copies on a “clean” device (ideally offline).
  • If extra protection is added (passphrase/sharding/multisig), the rules are recorded and recovery is tested again.

Complex schemes often fail due to human error. First — a recovery test, then — added complexity.

Found this article useful?

Subscribe to our updates to not miss new reviews and ratings

View All Exchanges →