A Practical Guide to Seed Phrase Security and Wallet Hygiene
We were all new at some point. I was afraid of crypto when my now-husband told me he was getting interested in this technology. Back then I did not think of it as a ‘technology’, but rather as something completely unfamiliar that was famous for scamming people, or making them rich. I hoped he knew what he was doing, and would get, if not the latter result, at least not the former.
It has been quite a journey for me into the ecosystem, and I want to share what helped me survive through my initial anxiety and fear, while providing tips on how to keep your assets safe.
There are many risks inherent to this space, especially for those just starting out. Here’s a non-exclusive list of the risks that gave me nightmares at the beginning of my journey: losing my assets during a transaction, forgetting where my assets are, losing my seed phrase, having my seed phrase stolen, and giving a smart contract unwanted permissions to control my assets. Let’s explore these issues more fully.
OMG, Where Did My Crypto Go?
This is just a natural fear when you do something for the first time, but it was so hard for me to start using crypto because of this fear! At the beginning, I would triple check the address I was sending assets to. Bridging funds to other chains was by far the worst feeling of all; I kept wondering if I would really receive them on the other end. To say this was nerve-wracking is an understatement.
I had to learn that transactions are not instantly reflected; they take time to confirm, and the timing varies from blockchain to blockchain. If you feel unsure about doing a transaction, it’s always good to start with a test. I prefer paying the extra gas fees to losing the full amount I’m about to transfer. When trying a new dApp or bridge, I would send a small amount of money or an unimportant NFT to see how it worked. Once that transaction went through, it helped some of the nerves go away. My first experiments were not on Mainnet (Ethereum) but on a cheaper blockchain like Polygon or Gnosis (formerly xDai), and I was guided by someone who had more experience than me.
It took me a while, but now I buy, trade, and send funds between accounts and chains with confidence. I play it safe and never put my assets into a dApp or a project I know nothing about.
I Forgot I Had Money in That Account!
When first learning about crypto, I created different addresses in different wallets for different chains. So I had a mess. I did not know the difference between the wallet and my addresses and my seed phrase. So, just to be clear:
Wallets. Wallets are the interface from which you can interact with the blockchain. The wallet stores all the public and private keys of the accounts associated with one seed phrase. There are hot wallets, like MetaMask, where the keys are stored in connected devices, and cold wallets, like Ledger, where the keys are stored completely offline.
Seed Phrase, also called recovery phrase or secret recovery phrase, is generated when setting up a new wallet. Seed phrases are mnemonic, meaning they are made up of a list of words. Importantly, the seed phrase provides access to all the accounts (addresses) within the wallet interface, and once created can also be used to import the accounts into a different wallet. It is NEVER safe to share (apart from this specific use).
Public and Private Keys. A public and a private key are associated with every address. The private key grants access to one specific account and the public key is the full public address of the account. You can use a private key to import a specific account into a new wallet, instead of the seed phrase to import all the accounts. Notably, the private key is what you use to sign transactions, so it is like your personal signature and NEVER safe to share.
Address. Your address is the piece of information you will need in order to send and receive assets, so it is safe to share. You can use the same address for Ethereum and EVM-compatible chains. Your address is a hashed (shortened) version of your public key. You can see the transactions and assets associated with any address using Etherscan or an equivalent blockchain explorer.
Seed phrase in a safe. Generated with AI Stable Diffusion
Don’t Ever Lose Your Seed Phrase
Your seed phrase is typically a 12 to 24 word long mnemonic phrase that grants you control of your wallet and the accounts and assets within it. The seed phrase is the most important piece of web3 information you own. Put this seed phrase into a wallet and you will be able to interact with the blockchain.
Most seed phrases are derived from the Bitcoin Improvement Proposal 39 standard, and are drawn from a random group of 2,048 words. It is hard to grasp how difficult it would be to guess or otherwise obtain a specific seed phrase. In an equation, it looks like 2,048²⁴ for a 24 word seed phrase. That’s over 70 zeros worth of impossibility. There are more possible seed phrases than there are stars in the universe which makes trying to hack into a specific someone’s account a nearly impossible endeavor.
The good things about this is that no one can hack into your account, at least not with the current technology available. The bad thing is that if you lose it, your assets are inaccessible, recorded on the blockchain but no longer yours to control.
The 3–2–1 Rule for a Good Backup
My husband taught me this rule for backups, and it is as useful for photos and work documents as for a seed phrase. The 3–2–1 rule of a good backup tells us to have three copies of the information we want to keep safe, stored on at least two different media, with one of them in a different physical location.
So what would this look like? As an example, first your seed phrase safely stored in the wallet that you trust, plus an additional hardware wallet in your parents’ house, and lastly an engraved metal sheet (so it is safe against the elements like water or fire) that’s stored away in a personal vault.
So that is three copies: 1) wallet 2) backup hardware wallet 3) metal engraving. In this example there are two media: two forms of digital storage, and one physical record. And one of those is in a different location (parents’ house).
So then, if for some reason you lose access to your main wallet, you can still go running to your parent’s house to quickly get access to your funds again. Phew! Best practices involve hardware wallets and the metal engraving as mentioned above.
For starters, an almost zero dollars initial investment backup could involve encrypting files securely, using an encrypted password keeper that runs locally in your computer, and writing the physical backup in paper, putting it into a envelope, covering it entirely with tape, and storing it inside a personal vault.
Still Worried You Will Lose Your Seed Phrase?
Another way to prevent losing access to your assets is using a multi-sig (multi-signature) wallet. These digital wallets, also called smart-contract wallets, are like vaults that can hold your assets, but they can be set up to require multiple signatures (private keys) to confirm and execute a transaction.
For example, at the beginning I was worried I could accidentally lose my seed phrase for good, so I used a multi-sig called Safe (formerly Gnosis Safe). I set it up with two different sets of personal private keys from different wallets (so different seed phrases) and one of my husband’s accounts to access the vault, with the rule that two out of those three private keys had to sign any transaction.
This might not be the most convenient user experience, because every time I wanted to do a transaction I had to approve everything twice. The process is slower and is a bit more costly due to increased gas fees, but I sleep peacefully knowing that if I lose access to my main wallet or it is otherwise compromised, I can still access the funds inside the Safe with my other wallet and my husband’s help.
Why Did You Do That?
Below are a few examples of BAD methods for storing private information like seed phrases or private keys.
❌ Send it through email to yourself. Emails aren’t meant to be used as backups. They are not usually encrypted and are susceptible to hacker attacks.
❌ Save it in a Word or Excel document and protect it with a password. These passwords are pretty easily hacked, even by non-programmers, and once the file is accessed, the data is there for the taking. Use a dedicated password manager program to ensure the data itself is encrypted.
❌ Write it down in a notebook or on a piece of paper and stash it somewhere that is not secure. Just don’t do this unless you can put the paper into a personal safe.
If someone is smart and patient and for some reason has access to your seed phrase, they can write it down to access it years later after you have accumulated a healthy balance of assets. If you ever mistakenly share or otherwise compromise your seed phrase, the best thing to do is transfer everything to a different address with a safely secured seed phrase. It is just like with a credit/debit card; if you lose it you call the bank to cancel it. It’s similar in crypto, you would move your funds, just in case.
Stolen Seed Phrases
Having a seed phrase stolen is relatively easy to prevent. A good rule of thumb is to limit the number of wallets that share a seed phrase.
Once I decided to invest more money in crypto I bought a trusted brand of hardware wallet (Ledger, in my case, but there are other brands too). I generated a seed phrase from within the hardware wallet, wrote down the words, and stored them away in a safe place; I never stored them in a digital medium. This way, I can be sure that not even a smart hacker or a bug in my computer could extract my seed phrase.
How hardware wallets like Ledger work is beyond the scope of this article, but you can rest assured no one can crack into your Ledger without your 4 to 8 digit password, and they only have three chances before the device resets itself. So not even losing your Ledger is a worry, as long as you have a good 3–2–1 backup. 😉
Overcoming Crypto Anxiety
Remember I mentioned I would never invest in a project that I know nothing about? Well, another golden rule that I hold dear to my heart is to never invest any money I can’t afford to lose. Some projects fail, some get hacked, some get bugs that are exploited by more savvy programmers and their bots. There is so much going on in the web3 space it’s hard to keep up. Prices go up and down, bridges and companies fail. It is truly overwhelming and confusing at first. So what then?
You can sleep soundly knowing your seed phrase is safe and you are the only one with access to your funds. As for the other things that could make you feel anxious when beginning your journey into crypto, these are some words of advice I can share so you can continue exploring with confidence:
Check out the community channels of those projects you are interested in to make informed investing decisions. Many projects use Discord as a means to communicate and engage with their communities, so learning to use the platform is a great way to start.
As they say, don’t put all your eggs in the same basket. It’s always good to diversify assets and even use different chains. It is confusing at first but there are many advantages to exploring across the different blockchains.
Be vigilant about signing transactions via your wallet. Ensure you know the reason for the transaction, understand what permission it gives, and have checked the URL and details of the site you are interacting with. Practice wallet hygiene by reviewing and revoking permissions regularly.
If you really believe in a project you could HODL their tokens. It is not guaranteed to succeed, but it is a less risky option than investing in new random coins or signing transactions with smart contracts that haven’t been put to the test of time. This way you can help the projects you are passionate about to grow!
Read some of the crypto news to find out what things are going on and take appropriate action. Twitter or Alphaday are good places to start.
Don’t do it alone! There are a bunch of people out there who have already gone down the path you are starting and can guide you. Make friends you can share your opinions and experiences with and discover a new world of opportunities.
Is It Really Necessary?
You might be asking yourself: “Do I really have to do all of this?” Well, there are alternatives like custodial wallets such as Binance or Bitso, and smart contract wallets like Argent. They usually use different methods of seed phrase recovery. In those cases the risks shift and there are other aspects to worry about, but losing a seed phrase is not one of them.
Other good news is that something called “account abstraction” is on the horizon, which will be a key aspect of bringing web3 to the general public with the safety levels of a seed phrase for recovery but without its hassles.
Why Is This Important?
“IN A WORLD WHERE BANKS RUN, EXCHANGES GO BANKRUPT, AND MALICIOUS HACKS HAPPEN OFTEN, IT IS PARAMOUNT TO ENSURE THAT YOUR ASSETS ARE SAFE AND IN YOUR POSSESSION.”
In this short article, Bankless Publishing summarizes the importance of self custody of your assets and explains the advantages of going through all this trouble rather than using centralized exchanges that hold your assets for you.
Remember: your sovereignty over your assets depends greatly on taking good care of your seed phrase. It takes a great deal of responsibility, but it is not so hard once you know where you have to be careful. We don’t need other parties or centralized exchanges to take care of our assets. We have the power of self sovereignty! Use it bravely. And go Bankless.
Anaphant is an active contributor in BanklessDAO since season 6, helping translate content to Spanish, and writing introductory articles to web 3. She studied Industrial Engineering but is more passionate about digital tools to make life better and easier, financial freedom, and network states. And the future of humanity. Scout, ballerina, coffee lover. Loves to chat and meet new friends.
Hiro Kennelly is a writer, editor, and coordinator at BanklessDAO and the Editor-in-Chief at Good Morning News. He is also helping to build a grants-focused organization at DAOpunks.
Trewkat is a writer and editor at BanklessDAO. She’s interested in learning as much as possible about crypto and NFTs, with a particular focus on how best to communicate this knowledge to others.
ab_colours is a versatile designer with over seven years of experience. He specializes in doing product design, UX design and brand identity. He has been DAOing for the past eight months and has been able to amass quite a lot of knowledge about the fascinating blockchain space.
BanklessDAO is an education and media engine dedicated to helping individuals achieve financial independence.
This post does not contain financial advice, only educational information. By reading this article, you agree and affirm the above, as well as that you are not being solicited to make a financial decision, and that you in no way are receiving any fiduciary projection, promise, or tacit inference of your ability to achieve financial gains.
More Like This
Cryptocurrency Wallets 101 by ijeblowrider
How to Set-up a MetaMask Wallet by Frank America
The Importance of Self Custody by theconfusedcoin