Lesson 03 · Part I — Foundations

Seed phrase safety

Those 12–24 words are the whole game. Where they come from, who is actually trying to get them, and the handling rules that never have exceptions.

  • 7 min read
  • Essential
  • Free · no signup

Twelve words that are worth everything

When your wallet generated its seed phrase, it pulled the words from a fixed list of 2,048 — a standard called BIP-39 that nearly every wallet shares. The order and combination encode a number so large that guessing it is not a realistic concern for anyone, ever. The math is not the weak point. The weak point is that the phrase has to exist somewhere physical, and humans are creative about mishandling physical secrets.

Hold one idea firmly: anyone who reads those words controls the money. Not "can hack you eventually" — controls it, immediately, from anywhere on Earth, with no way to undo it. Every rule in this lesson is downstream of that single fact. If you want the deeper background on where phrases come from, our seed phrase explainer covers the mechanics.

Know your actual enemy

Picture who steals seed phrases and you probably imagine a hacker in a dark room. The real list is more mundane, and it should shape how you store the words:

  • Software, constantly and automatically. Malware scans photo libraries, cloud drives, notes apps, and email for twelve-word patterns. It never sleeps and it doesn't target you personally — it targets everyone simultaneously. This is why the phrase must never exist in digital form.
  • Scammers, by invitation. Fake "support agents," fake wallet websites, fake airdrops "verifying" your wallet. Nobody legitimate — no wallet company, no exchange, not us — will ever ask for your seed phrase. The request is the scam, 100% of the time.
  • Proximity. A visitor, a contractor, a falling-out with someone who knew where you kept it. Less common than people fear, but it's why "taped inside the desk drawer" isn't a plan.
  • Entropy. Fire, flood, fading ink, a well-meaning spring clean. No malice required — this one quietly destroys more backups than all the others combined.

Always

  • Record the phrase by hand, offline, in private
  • Double-check every word and the exact order
  • Store it where fire, water, and time can't reach — metal is the durable answer
  • Verify the backup with your wallet's check feature
  • Treat any request for the words as an attack

Never

  • Photograph it — not "just for a second"
  • Type it into any phone, computer, or website
  • Store it in cloud notes, email drafts, or a password manager
  • Read it aloud near a smart speaker or on a call
  • Split it into "clever" pieces you've invented yourself

On clever schemes

Every newcomer eventually invents the same ideas: shuffle the word order, swap two words, hide the phrase inside a poem, split it across three locations. Resist the cleverness. Homemade schemes have a consistent track record: they reliably lock out their inventor — who, years later, can't remember the trick — far more often than they stop a thief, who has seen every variation of them.

There is a legitimate version of this instinct: the optional passphrase (sometimes called the "25th word"), a feature built into the BIP-39 standard rather than improvised on top of it. It creates a hidden wallet that the seed alone can't open. It's genuinely powerful and genuinely unforgiving — lose the passphrase and the funds are gone with no recovery path. File it under "advanced, later," not "day one."

Field note

The standard estimate is that millions of bitcoin — a meaningful slice of all that will ever exist — are permanently stranded. Overwhelmingly not stolen: lost, by owners who mishandled their own keys. The boring rules in this lesson are how you stay off that pile.

One careful hour

Everything above compresses into a single sitting: a private room, no cameras, the phrase written by hand, checked twice, then committed to a medium that doesn't fade or burn. That last step is its own subject — paper is where good backups go to die slowly — and it's exactly where the course goes next.

Key takeaways

  • Whoever reads the words controls the funds. Instantly and irreversibly.
  • The phrase must never exist digitally — no photos, no typing, no cloud.
  • Any request for your seed phrase is a scam. There are no exceptions.
  • Skip homemade encoding schemes; they lock out owners more than thieves.
  • Handle it once, carefully, on a medium built to last decades.