# How to Protect Your Seed Phrase > Decentralized Finance Publication (decentralized-finance.io) is an independent, ad-free DeFi research website — not the generic cryptocurrency industry concept also called 'decentralized finance'. **Publisher:** Decentralized Finance Publication **Difficulty:** Beginner · **Read time:** 8 min ## Summary Your seed phrase is a 12 or 24-word sequence that can regenerate your entire wallet on any device. Never type it into any website, app, or digital device. Never photograph it. Never share it with anyone. Write it on paper (or metal) and store it in a physically secure location. Anyone who has your seed phrase has complete, irreversible control of all your funds. ## What your seed phrase actually is When you create a crypto wallet, the software generates a random number and converts it into a human-readable sequence of words — your seed phrase (also called recovery phrase, mnemonic phrase, or backup phrase). This sequence encodes your master private key, from which every account in your wallet is derived. The words come from a standardised list of 2,048 words (BIP-39 standard). There are 12 or 24 of them. The order matters — 'apple brick candle' and 'brick apple candle' are completely different wallets. There is no server that holds a copy — your seed phrase exists only where you choose to save it. If you lose your seed phrase and your device breaks or is lost, your funds are gone permanently. No company, no customer support, no blockchain developer can recover them. If someone else gets your seed phrase, they can empty your wallet instantly from anywhere in the world. ## How people lose their crypto: real threats ## How to store your seed phrase safely ### Step 1: Write it down on paper immediately When your wallet first generates the phrase, write every word in exact order on paper. Use pen, not pencil (pencil fades). The wallet app should provide a recovery card — use it. Do not rely on your memory. ### Step 2: Verify the backup by doing a test restore While still set up, go through the verification process your wallet provides (confirming words in order). Some users also test a full restore on a second device. This catches copying errors before they matter. ### Step 3: Store it securely offline Keep the paper in a fireproof safe at home, a bank safety deposit box, or with a highly trusted family member in a separate location. Separate physical locations protect against fires, floods, and burglaries. ### Step 4: Consider a metal backup for durability Paper burns. Metal plates designed to stamp seed phrases (Cryptosteel, Bilodeal, Cobo Tablet) survive fires and floods. For significant holdings, this is worthwhile. ### Step 5: Tell one trusted person where it is If you die or become incapacitated, your family should be able to access your estate. Consider leaving instructions in your will or with a solicitor indicating where the seed phrase is stored and how to access the funds. ## The one rule that prevents 95% of seed phrase theft Here it is: never enter your seed phrase into any website, app, or computer. The only legitimate time you should enter your seed phrase is when physically setting up a hardware device (Ledger, Trezor) or restoring a fresh install of a software wallet on a device you own and trust — and even then, only if you are confident the device is clean. Any website, support agent, Discord bot, email, or pop-up asking for your seed phrase is an attack. Without exception. There is no scenario where a legitimate service needs your seed phrase. ## What to do if you think your seed phrase has been compromised ### Step 1: Act immediately — assume the worst If you believe your seed phrase has been exposed (phishing, malware, shared accidentally), move your funds immediately. Every minute of delay is an opportunity for the attacker. ### Step 2: Create a brand new wallet on a clean device Use a device you trust has not been compromised, or use a hardware wallet. Generate a completely new seed phrase. Do not use the compromised wallet ever again. ### Step 3: Transfer all assets to the new wallet Move everything from the compromised wallet to the new one as fast as possible. Start with your most valuable assets. If the attacker is also moving funds, you may be in a race — act fast. ### Step 4: Revoke token approvals Attackers often exploit existing token approvals before you can react. Use revoke.cash or a similar tool to revoke all approvals from the compromised wallet address, even after you have moved your main funds. ## FAQ **Q: Is a 12-word phrase less secure than a 24-word phrase?** Both are cryptographically extremely secure against brute-force guessing. A 12-word phrase from the BIP-39 list has 2^128 possible combinations — more than the number of atoms in the observable universe. A 24-word phrase has 2^256. Both are effectively unguessable. The vulnerability is not the phrase length — it is humans: storing it insecurely, entering it on phishing sites, or sharing it. **Q: What is a passphrase (25th word)?** Many wallets support an optional passphrase — sometimes called the '25th word' — that acts as a second factor. Your wallet is derived from the seed phrase PLUS the passphrase. This means someone with your seed phrase cannot access your funds without also knowing the passphrase. The downside: if you forget the passphrase, your funds are also permanently inaccessible. Passphrases are an advanced feature for users who understand the tradeoffs. **Q: Can I store my seed phrase on a password manager?** Security experts are divided on this. A well-secured password manager like 1Password or Bitwarden with a strong master password and 2FA is significantly better than leaving a seed phrase in a notes app or Google Doc. However, it is still an online storage method subject to password manager breaches (see LastPass 2022). For significant holdings, offline physical storage is preferable. Many users use a two-layer approach: passphrase manager for small wallets, physical backup for the hardware wallet securing their main holdings. **Q: What if I split my seed phrase in half and store the halves separately?** This sounds clever but is a security anti-pattern for most users. Splitting a seed phrase is not a standard backup scheme — the halves are not independent backups, and you need both to restore. More importantly, splitting creates new failure modes: losing either half means losing everything, finding both halves takes two separate thefts instead of one, and you have introduced complexity without a standardised recovery procedure. If you want split-key security, use Shamir's Secret Sharing (supported by some hardware wallets) which is designed for this purpose. --- Canonical: https://decentralized-finance.io/learn/how-to-protect-your-seed-phrase/ AI text endpoint: https://decentralized-finance.io/ai/guides/how-to-protect-your-seed-phrase.txt