Quick answer
Your seed phrase is a 12 or 24-word sequence that can regenerate your entire wallet on any device. Never type it into any website, app, or digital device. Never photograph it. Never share it with anyone. Write it on paper (or metal) and store it in a physically secure location. Anyone who has your seed phrase has complete, irreversible control of all your funds.
What your seed phrase actually is
When you create a crypto wallet, the software generates a random number and converts it into a human-readable sequence of words — your seed phrase (also called recovery phrase, mnemonic phrase, or backup phrase). This sequence encodes your master private key, from which every account in your wallet is derived.
The words come from a standardised list of 2,048 words (BIP-39 standard). There are 12 or 24 of them. The order matters — 'apple brick candle' and 'brick apple candle' are completely different wallets. There is no server that holds a copy — your seed phrase exists only where you choose to save it.
If you lose your seed phrase and your device breaks or is lost, your funds are gone permanently. No company, no customer support, no blockchain developer can recover them. If someone else gets your seed phrase, they can empty your wallet instantly from anywhere in the world.
How people lose their crypto: real threats
- Phishing websites and apps
- Fake websites that look exactly like MetaMask, Ledger, Trezor, or your exchange ask you to 'verify your wallet' or 'restore access' by entering your seed phrase. The most common way seed phrases are stolen. Always type website URLs manually — never click links from emails, DMs, or social posts.
- Fake support on social media
- Attackers impersonate support staff in Discord, Telegram, Reddit, and Twitter DMs. They claim your wallet has a problem and ask you to enter your seed phrase on a 'support' site. Legitimate support never asks for your seed phrase. Ever.
- Malware on your computer
- Keyloggers and clipboard hijackers watch for seed phrases being typed or copied. If you ever type your seed phrase into a computer that has malware, it can be captured and sent to the attacker automatically.
- Photographs and screenshots
- Photos on phones are often backed up to iCloud or Google Photos automatically. If your seed phrase is photographed, it may be stored online in an account that could be compromised.
- Password managers and note apps
- Storing seed phrases in apps like 1Password, LastPass, Apple Notes, or Google Keep means they exist in a cloud account. Password manager breaches and account takeovers have led to real crypto losses.
- Trusted people
- A significant percentage of crypto theft is by people known to the victim — family members, friends, housemates. Physical security of where you store your written seed phrase matters as much as digital security.
How to store your seed phrase safely
- 01
Write it down on paper immediately
When your wallet first generates the phrase, write every word in exact order on paper. Use pen, not pencil (pencil fades). The wallet app should provide a recovery card — use it. Do not rely on your memory.
- 02
Verify the backup by doing a test restore
While still set up, go through the verification process your wallet provides (confirming words in order). Some users also test a full restore on a second device. This catches copying errors before they matter.
- 03
Store it securely offline
Keep the paper in a fireproof safe at home, a bank safety deposit box, or with a highly trusted family member in a separate location. Separate physical locations protect against fires, floods, and burglaries.
- 04
Consider a metal backup for durability
Paper burns. Metal plates designed to stamp seed phrases (Cryptosteel, Bilodeal, Cobo Tablet) survive fires and floods. For significant holdings, this is worthwhile.
- 05
Tell one trusted person where it is
If you die or become incapacitated, your family should be able to access your estate. Consider leaving instructions in your will or with a solicitor indicating where the seed phrase is stored and how to access the funds.
Do not laminate your seed phrase backup — it makes it look important and valuable to anyone who finds it. A plain piece of card in a sealed envelope inside a safe is less obvious.
The one rule that prevents 95% of seed phrase theft
Here it is: never enter your seed phrase into any website, app, or computer. The only legitimate time you should enter your seed phrase is when physically setting up a hardware device (Ledger, Trezor) or restoring a fresh install of a software wallet on a device you own and trust — and even then, only if you are confident the device is clean.
Any website, support agent, Discord bot, email, or pop-up asking for your seed phrase is an attack. Without exception. There is no scenario where a legitimate service needs your seed phrase.
Legitimate wallet companies — MetaMask, Ledger, Trezor, Coinbase Wallet — will NEVER ask for your seed phrase through any website, email, chat, or social media. If someone is asking you for it, they are stealing from you.
What to do if you think your seed phrase has been compromised
- 01
Act immediately — assume the worst
If you believe your seed phrase has been exposed (phishing, malware, shared accidentally), move your funds immediately. Every minute of delay is an opportunity for the attacker.
- 02
Create a brand new wallet on a clean device
Use a device you trust has not been compromised, or use a hardware wallet. Generate a completely new seed phrase. Do not use the compromised wallet ever again.
- 03
Transfer all assets to the new wallet
Move everything from the compromised wallet to the new one as fast as possible. Start with your most valuable assets. If the attacker is also moving funds, you may be in a race — act fast.
- 04
Revoke token approvals
Attackers often exploit existing token approvals before you can react. Use revoke.cash or a similar tool to revoke all approvals from the compromised wallet address, even after you have moved your main funds.
Frequently asked questions
Is a 12-word phrase less secure than a 24-word phrase?
Both are cryptographically extremely secure against brute-force guessing. A 12-word phrase from the BIP-39 list has 2^128 possible combinations — more than the number of atoms in the observable universe. A 24-word phrase has 2^256. Both are effectively unguessable. The vulnerability is not the phrase length — it is humans: storing it insecurely, entering it on phishing sites, or sharing it.
What is a passphrase (25th word)?
Many wallets support an optional passphrase — sometimes called the '25th word' — that acts as a second factor. Your wallet is derived from the seed phrase PLUS the passphrase. This means someone with your seed phrase cannot access your funds without also knowing the passphrase. The downside: if you forget the passphrase, your funds are also permanently inaccessible. Passphrases are an advanced feature for users who understand the tradeoffs.
Can I store my seed phrase on a password manager?
Security experts are divided on this. A well-secured password manager like 1Password or Bitwarden with a strong master password and 2FA is significantly better than leaving a seed phrase in a notes app or Google Doc. However, it is still an online storage method subject to password manager breaches (see LastPass 2022). For significant holdings, offline physical storage is preferable. Many users use a two-layer approach: passphrase manager for small wallets, physical backup for the hardware wallet securing their main holdings.
What if I split my seed phrase in half and store the halves separately?
This sounds clever but is a security anti-pattern for most users. Splitting a seed phrase is not a standard backup scheme — the halves are not independent backups, and you need both to restore. More importantly, splitting creates new failure modes: losing either half means losing everything, finding both halves takes two separate thefts instead of one, and you have introduced complexity without a standardised recovery procedure. If you want split-key security, use Shamir's Secret Sharing (supported by some hardware wallets) which is designed for this purpose.