Seed Phrase: The Complete Guide to Recovery Phrases

A seed phrase — also known as a recovery phrase, mnemonic phrase, or backup phrase — is the single most important piece of information in your entire cryptocurrency portfolio. It is a human-readable representation of the master key that controls all of the addresses and funds within a cryptocurrency wallet. Losing it means losing your assets permanently; exposing it means anyone can steal everything you own.

This guide explains what seed phrases are, how they work under the hood, how to generate them safely, and how to store them so they survive fires, floods, and the passage of time.

What Is a Seed Phrase?

A seed phrase is an ordered list of 12 or 24 common English words that encodes a large random number (the "entropy") used to derive every private key in a hierarchical deterministic (HD) wallet. The word list and the encoding process are defined by the BIP-39 standard.

A typical 24-word seed phrase looks like this:

abandon ability able about above absent absorb abstract absurd abuse access accident
acid acoustic acquire across act action actor actual adapt add addict address

(This is an example only. Never use a seed phrase found online.)

Each word is drawn from a fixed list of 2,048 English words chosen for their uniqueness — no two words in the list share the same first four letters, which reduces transcription errors.

Seed Phrase vs. Private Key

A private key is a single number that controls a single address. A seed phrase is a master secret that can deterministically derive an unlimited number of private keys — one for every address your wallet will ever create. Think of the seed phrase as the root of a tree, and private keys as its branches.

Property	Seed Phrase	Private Key
Format	12 or 24 English words	256-bit hexadecimal number
Controls	Entire wallet (all addresses)	Single address
Standard	BIP-39	ECDSA / secp256k1
Human-readable	Yes	No
Backup complexity	Write down words	Copy exact hex string

Because the seed phrase generates every private key, protecting it is strictly more important than protecting any individual key.

How Seed Phrases Work

The Generation Process

1. Entropy generation — The wallet generates a block of cryptographically secure random data. For a 24-word phrase this is 256 bits of entropy; for a 12-word phrase, 128 bits. The quality of this randomness is critical — see our Entropy and Randomness guide for a deep dive.

2. Checksum — A SHA-256 hash is computed over the entropy, and the first few bits of the hash are appended. This checksum allows wallets to detect typos when the phrase is entered later. For 256-bit entropy, 8 checksum bits are appended, creating a total of 264 bits.

3. Word mapping — The 264 bits are split into groups of 11 bits. Each 11-bit group maps to an index (0–2047) in the BIP-39 word list, producing exactly 24 words.

4. Seed derivation — The mnemonic words are passed through PBKDF2-HMAC-SHA512 with 2,048 rounds of hashing, using the string "mnemonic" (plus an optional passphrase) as the salt. The output is a 512-bit seed.

5. Key derivation — The 512-bit seed is fed into BIP-44 derivation paths to produce master keys, child keys, and ultimately the individual private keys and addresses for each cryptocurrency.

Why 24 Words?

Twenty-four words encode 256 bits of entropy plus 8 bits of checksum. This gives:

• 2^256 possible combinations — approximately 1.16 x 10^77. For comparison, the estimated number of atoms in the observable universe is roughly 10^80.
• Brute-forcing a 24-word seed phrase is computationally infeasible with any technology that exists today or is projected to exist within classical computing paradigms.

Twelve-word phrases (128 bits of entropy) are also secure against brute force, but 24 words provide a substantially larger security margin, which matters if you are storing significant value for long time horizons.

The BIP-39 Word List

The English BIP-39 word list contains exactly 2,048 words. Key design properties:

• Words are between 3 and 8 characters long.
• The first four letters of every word are unique, so you only need to record the first four characters if space is limited (for example, on a metal plate).
• Words are common English vocabulary — no obscure or easily misspelled terms.
• Word lists also exist for Spanish, French, Italian, Japanese, Korean, Chinese (simplified and traditional), Czech, and Portuguese.

How to Generate a Seed Phrase Securely

The security of your seed phrase is only as strong as the randomness used to create it and the environment in which it is generated.

Use a Trusted Wallet or Tool

Hardware wallets like Ledger and Trezor generate seed phrases on-device using a hardware random number generator (TRNG). This is one of the safest methods because the seed phrase never touches a general-purpose computer.

For software generation, use an open-source, auditable tool that runs entirely client-side.

SafeSeed Tool

Use the SafeSeed Seed Phrase Generator to generate BIP-39 compliant seed phrases securely in your browser. The tool runs entirely client-side — no data is ever sent to any server. For maximum security, disconnect from the internet before generating your phrase.

Air-Gapped Generation

For high-value wallets, generate your seed phrase on a computer that has never been and will never be connected to the internet. See our Offline Key Generation guide for a step-by-step process.

Never Do These Things

• Never generate a seed phrase using your own "random" word selection. Humans are terrible at generating randomness. Studies consistently show that human-chosen "random" sequences have far less entropy than they appear to.
• Never use an online seed phrase generator that runs on a server. If the server sees your entropy, it can reconstruct your seed phrase.
• Never use a seed phrase you found in a tutorial, book, or anywhere online. These are examples and are monitored by thieves.
• Never let anyone else generate a seed phrase for you. If they know the phrase, they can take your funds at any time.

Storing Your Seed Phrase

Paper Backup

Writing your seed phrase on paper is simple and effective if done correctly:

1. Use a pen (not pencil, which fades) on acid-free paper.
2. Write clearly, numbering each word.
3. Double-check every word against what your wallet displays.
4. Store the paper in a fireproof, waterproof safe.
5. Consider creating two copies stored in different physical locations.

Metal Backup

Paper is vulnerable to fire and water damage. Metal seed storage products (steel plates, capsules, washers) can survive house fires (over 1,000 degrees Celsius) and floods. Popular options include:

• Stamped or engraved steel plates
• Steel washer assemblies with letter stamps
• Capsule-style storage with engraved tiles

If you use the first-four-letters abbreviation, ensure you verify that each abbreviation uniquely identifies one word in the BIP-39 list.

Digital Backup — Proceed with Extreme Caution

Storing a seed phrase digitally (in a file, password manager, cloud storage, photo, or screenshot) introduces attack surface:

• Cloud storage can be breached.
• Password managers can be compromised.
• Photos sync to cloud services automatically.
• Malware can scan for known BIP-39 word patterns in files.

If you must store a digital copy, encrypt it with a strong passphrase using a tool like GPG, store it on an encrypted USB drive kept offline, and never store the decryption passphrase alongside the encrypted file.

The 3-2-1 Rule for Seed Phrase Backup

Adapt the data backup 3-2-1 rule:

• 3 copies of your seed phrase
• 2 different media types (e.g., paper + metal)
• 1 copy in a geographically separate location

Splitting a Seed Phrase (Shamir's Secret Sharing)

Some advanced users split their seed phrase using Shamir's Secret Sharing (SSS), which divides the secret into N shares such that any M of them (where M < N) can reconstruct the original. For example, a 2-of-3 split means any two shares together recover the seed, but a single share reveals nothing.

This approach mitigates single points of failure: a thief who steals one share learns nothing, and you can lose one share and still recover. Trezor's SLIP-39 standard implements Shamir backup natively.

Warning: Do not simply split a 24-word phrase into two 12-word halves. This is not Shamir sharing — each half provides significant information about the full phrase and dramatically reduces the brute-force difficulty.

Recovering a Wallet from a Seed Phrase

If your hardware wallet is lost, broken, or stolen, your seed phrase lets you reconstruct the entire wallet on a new device or in compatible software:

1. Obtain a new wallet (hardware or software) that supports BIP-39.
2. Select "Restore from seed phrase" or "Import wallet."
3. Enter your words in the exact order they were generated.
4. The wallet will re-derive all your addresses and scan the blockchain for your balances.

Compatibility Across Wallets

Because BIP-39 and BIP-44 are open standards, a seed phrase generated in one wallet can usually be restored in another. However, some wallets use non-standard derivation paths or proprietary schemes. Always verify:

• The wallet supports BIP-39.
• The derivation path matches the original wallet's path for each coin.
• The wallet supports the same address types (Legacy, SegWit, Taproot).

What If I Lost One Word?

If you have 23 of 24 words, there are only 2,048 possible values for the missing word, and the checksum eliminates most of them. Tools exist that can brute-force the missing word in seconds. However, if you have lost two or more words, recovery becomes exponentially harder and may be practically impossible for three or more missing words without additional constraints.

Seed Phrase Security Threats

Physical Threats

• Theft — Someone finds your written seed phrase.
• Disaster — Fire, flood, or other event destroys all copies.
• Inheritance failure — You die or become incapacitated and heirs do not know the phrase exists or where it is stored.

Digital Threats

• Clipboard hijacking — Malware intercepts copy-paste operations.
• Screen capture — Malware takes screenshots while the seed is displayed.
• Phishing — Fake wallet apps or websites ask you to enter your seed phrase.
• Keyloggers — Software records keystrokes as you type the phrase.
• Social engineering — Someone impersonates support staff and asks for your seed phrase. See our Social Engineering guide.

Mitigations

• Never type your seed phrase on a device connected to the internet.
• Never take a photograph of your seed phrase.
• Verify wallet software and firmware before entering a seed phrase.
• Consider adding a BIP-39 passphrase for an additional layer of protection.
• Use hardware wallets that display seed phrases only on their own screens.

Seed Phrases and Inheritance Planning

Cryptocurrency does not have a "forgot password" recovery process. If you die without passing on your seed phrase, your funds are lost forever. Consider these strategies:

• Sealed letter with a lawyer or in a safe deposit box — Include the seed phrase and instructions for recovery.
• Shamir's Secret Sharing — Distribute shares to multiple trusted parties (e.g., family members, a lawyer, and a bank vault).
• Dead man's switch — A service that delivers instructions after a period of inactivity. Be cautious with services that could themselves be compromised.
• Written instructions — Even if heirs have the seed phrase, they need step-by-step instructions on what wallet software to use and how to access the funds.

Document the derivation paths, the wallet software used, and which cryptocurrencies are stored. Your heirs may not be crypto-savvy.

Common Mistakes to Avoid

1. Storing seed phrases on cloud-synced devices — iCloud, Google Drive, Dropbox, and similar services are high-value targets for attackers.
2. Taking screenshots or photos — These automatically sync across devices and cloud services.
3. Emailing or messaging the seed phrase — Email is not encrypted end-to-end by default.
4. Entering the seed phrase on a website — No legitimate service will ever ask for your full seed phrase. This is always a phishing attack.
5. Using a weak or predictable seed phrase — Never pick your own words. Use a cryptographically secure random number generator.
6. Failing to verify the backup — After writing down your seed phrase, verify it by performing a test recovery before sending significant funds to the wallet.
7. Keeping only one copy — A single backup is a single point of failure.

FAQ

What is a seed phrase in cryptocurrency?

A seed phrase (also called a recovery phrase or mnemonic phrase) is a list of 12 or 24 words generated by a cryptocurrency wallet. It encodes the master secret from which all of your wallet's private keys and addresses are derived. It is the ultimate backup: anyone who knows your seed phrase has complete control over the associated funds.

Can I change my seed phrase?

No. The seed phrase is derived from the initial random entropy generated when the wallet was created. To get a new seed phrase you must create an entirely new wallet and transfer your funds to it.

Are 12-word seed phrases less secure than 24-word phrases?

A 12-word phrase provides 128 bits of entropy, and a 24-word phrase provides 256 bits. Both are currently infeasible to brute-force with any known technology. However, 256 bits provides a vastly larger security margin, which is recommended for long-term storage of significant value.

What happens if someone steals my seed phrase?

They gain full control of every address and cryptocurrency in the associated wallet. They can transfer all funds to their own addresses immediately. There is no way to reverse such transactions on a blockchain.

Should I store my seed phrase in a password manager?

This is a debated topic. A reputable password manager like 1Password or Bitwarden encrypts data at rest, but the seed phrase still exists in decrypted form on your device when you access it. For high-value wallets, offline physical storage (paper or metal) is generally considered safer because it eliminates all digital attack vectors.

Can I recover my wallet without a seed phrase?

Generally, no. If you have lost both your wallet device and your seed phrase, the funds are irrecoverable. Some wallets offer alternative backup methods (e.g., Shamir backup), but the standard BIP-39 seed phrase is the primary recovery mechanism.

Is it safe to enter my seed phrase into a website?

No. Legitimate cryptocurrency services will never ask for your seed phrase on a website. Any site requesting your full seed phrase is almost certainly a phishing scam. Only enter your seed phrase into trusted, verified wallet software or hardware devices. See our Phishing Prevention guide for more details.

What is the difference between a seed phrase and a private key?

A seed phrase is a human-readable encoding of master entropy that can generate an unlimited number of private keys through hierarchical derivation (BIP-44). A private key is a single cryptographic key that controls a single address. The seed phrase is the root; private keys are the leaves. See our Private Key Security guide for more.

Related Guides

• Private Key Security Guide
• BIP-39 Standard Explained
• BIP-39 Passphrase (25th Word)
• Offline Key Generation Guide
• Cold Wallet Guide