A seed phrase (also called a recovery phrase or mnemonic phrase) is a list of 12 or 24 words generated when you create a new wallet. These words encode your private keys using the BIP-39 standard — the same standard used by every reputable hardware wallet and most software wallets. Anyone who has your seed phrase has complete, unconditional control over every asset in that wallet, across every blockchain it supports, forever.
There's no account recovery, no support ticket, no appeal process. Crypto private keys don't work that way by design. The seed phrase is it.
What BIP-39 Actually Is
The BIP-39 standard maps 2,048 possible words to numerical values. Your 12 or 24-word phrase encodes a large random number (128 or 256 bits of entropy) that is used to mathematically derive every private key your wallet will ever need. This is why a single seed phrase controls addresses across Bitcoin, Ethereum, Solana, and dozens of other networks simultaneously.
The last word in the sequence is a checksum — it's not random but calculated from the others, which is why randomly chosen words usually don't form a valid seed phrase. Wallets verify this checksum during restoration to catch transcription errors.
Physical Storage: The Right Way
Paper
The recovery card included with hardware wallets is paper. Paper works for short-term storage or as an initial backup while you set up something more durable. Long-term, paper's vulnerabilities are obvious: it can burn, flood, tear, fade, and be photographed. If you use paper, laminate it, store it in a sealed waterproof bag, and keep it somewhere no one will accidentally find it.
Metal Backups
Metal backup products are specifically designed for seed phrase storage. Products like Cryptosteel Capsule, Bilodeau, and Coldbit Steel use stainless steel tiles or stamps that can withstand temperatures exceeding 1400°C — far above any house fire. They're waterproof and physically durable in ways paper never will be.
For a DIY approach: buy a set of stainless steel letter stamps from a hardware store and a small steel plate. Stamp your words carefully. This is not elegant but it's highly effective and leaves no digital trace.
Location and Copies
Store your seed phrase backup somewhere physically separated from your hardware wallet. If someone finds the device, they shouldn't automatically find everything they need to drain it. Consider a home safe, a safety deposit box at a bank, or with a trusted family member in a sealed envelope — each with different trade-offs for accessibility versus security.
Making multiple copies stored in different locations protects against physical disasters (a house fire, for example) at the cost of increased exposure. Decide where you sit on this trade-off based on the value at stake and your living situation.
The Passphrase ("25th Word")
Most hardware wallets support an optional BIP-39 passphrase — sometimes marketed as the "25th word." This is an arbitrary string you choose (it can be any character, any length) that is combined with your seed to derive an entirely different set of private keys.
The benefit: even if your 24-word seed is physically compromised, the attacker also needs your passphrase to access the funds. The cost: if you forget the passphrase, there is no recovery. Wallet software cannot help you. The keys derived from seed + wrong passphrase are just a different, empty wallet.
For significant holdings, a passphrase stored in your head (with a written hint you'd understand but a stranger wouldn't) can be an effective additional layer.
What Never to Do
These are not edge cases — these scenarios represent the majority of actual crypto theft from individuals:
- Never photograph your seed phrase. Photos back up to iCloud, Google Photos, Samsung Cloud. One account compromise and your seed is exposed.
- Never type your seed phrase into any device — not your phone's notes app, not a Word document, not a Google Doc. Devices are compromised. Cloud storage syncs. Keyloggers exist.
- Never email or text your seed phrase to yourself or anyone else, even "just temporarily."
- Never enter your seed phrase on any website, including those that look exactly like your wallet provider's site. Legitimate wallet software never asks for your seed phrase via a web form.
- Never share your seed with a "support agent" on Discord, Telegram, Twitter, or anywhere else. There is no legitimate support scenario that requires your seed phrase.
- Never store it in a password manager. Password manager databases sync to the cloud and are targeted by attackers specifically because they're high-value targets.
If Your Seed Phrase Is Compromised
If you have any reason to believe your seed phrase has been exposed — a malware infection, someone glimpsed a photo, you typed it somewhere — act immediately. Create a new wallet, generate a new seed phrase, and move all your assets to the new wallet before the attacker can. Speed matters. Blockchain transactions are irreversible; there's no clawback once funds are moved by an attacker.