Pool online 12,418 active miners last block 4m ago
BTC $67,412 +1.2% XMR $172.40 -0.4% ETC $28.91 +2.1% RVN $0.0214 +0.6% KAS $0.143 +0.3% GCC pre-mainnet
Security 14 min read

A field guide to seed phrase storage that won't get you robbed

Metal plates, paper wallets, passphrases, multisig — when each one becomes worth the trouble, ranked by holding size.

S
Published May 11, 2026 · Updated May 11, 2026

I’ve watched four people lose meaningful amounts of cryptocurrency to seed-phrase mistakes in the last year. None of them lost it to clever attackers. They lost it to boring failure modes — house fires, divorces, lost notebooks, a roof leak above a shoebox. The interesting attacks get the headlines; the boring ones get the money.

This is a practical guide to writing down twelve to twenty-four words in a way that survives both you and your worst week. It is not a recommendation to hold cryptoassets at all — please re-read the risk disclosure before you put money on the line — but if you’ve decided to, this is how to not lose it through self-inflicted error.

01 · The single rule that matters most

Your seed phrase is the wallet. The wallet software is a viewer; the device it runs on is a viewer; the password you set on it is a viewer-lock. Anyone who has the words has the funds. Anyone who loses the words loses the funds. The wallet vendor cannot help. The pool operator cannot help. I cannot help.

That sentence is worth re-reading every time you make a storage decision. If the storage method you’re about to use protects the words against the threats you actually face, you’re good. If it doesn’t, you’re not.

getcryptocoin · seed phrase

  1. 01 altitude
  2. 02 barrel
  3. 03 candle
  4. 04 dolphin
  5. 05 ember
  6. 06 floral
  7. 07 gravel
  8. 08 herald
  9. 09 iceberg
  10. 10 jaguar
  11. 11 keenly
  12. 12 lantern
  13. 13 morning
  14. 14 nimbus
  15. 15 oblige
  16. 16 penguin
  17. 17 quasar
  18. 18 river
  19. 19 silent
  20. 20 tundra
  21. 21 urchin
  22. 22 velvet
  23. 23 willow
  24. 24 xylem
signature ____________________ date __________
Figure 1 — A handwritten paper card stored in a sealed mylar bag. Cheap, durable, and easy to recover; the trade-offs start when you try to copy it.

02 · Threat-model your storage

Before you pick how to write the words down, decide what you’re protecting against. The right answer for £200 of mining proceeds is not the right answer for £20,000 of long-term hold. Be honest about which threats actually apply to you — most people massively over-engineer against state-actor attacks and under-engineer against a leaky roof.

ThreatLikelihoodStorage that defeats it
House fire, flood, roof leakReal for everyoneFireproof safe, metal plate, geographic split
Tidying-up loss (you lose the paper)Real for everyoneTwo copies, one off-site
Family member finds it and “helps”Common in householdsPassphrase (BIP-39 25th word)
Solo physical attacker (mugging)Rare for mostDecoy wallet on the device, real funds on a passphrase
State-level forensicAlmost nobodyHardware wallet + multisig in three jurisdictions
Targeted insider (your own kids)Real for somePassphrase memorised, never written

If your name is on a Forbes list, your threat model is different. For most readers, the realistic top three are fire, household discovery, and tidy-up loss — in that order.

03 · The four-tier ladder

This is the matrix I actually use. Each tier costs more time, money, or attention than the one above it. Pick the tier that matches what you’re protecting and stop there — moving up is fine, moving down without first reducing what you’re protecting is how you end up with a fancy multisig you can’t operate under stress.

Tier 0 — Less than £500 total

A single paper copy in a fireproof document bag (around £15 on Amazon, look for ones rated to 1700°F for at least 30 minutes), stored somewhere you’d think to look in five years. Don’t laugh — for a beginner with mining proceeds under £500, this is better than a hardware-wallet stack you don’t understand. The biggest risk at this scale is you forget you have it.

Tier 1 — £500 to £5,000

The paper copy plus a stainless steel backup. A Cryptosteel Capsule, a Billfodl, a Trezor Keep Metal, or just a cheap stamped plate from a reputable maker. Around £60–£120. Acid-resistant, fire-resistant well past house-fire temperatures (steel melts at ~1500°C; a fully-developed house fire averages 800°C). Stamp the words yourself with a letter-punch set — engraving services exist but you’re trusting a stranger with the words at that point.

Tier 2 — £5,000 to £50,000

Add a BIP-39 passphrase (the so-called “25th word”). The passphrase is not written on the metal backup — it lives only in your head, or in a separate location with separate access controls. Anyone who finds your seed phrase without the passphrase sees the empty decoy wallet you set up to receive small deposits. Memorise the passphrase using a method (method of loci, song lyrics with substitutions, anything that produces high-entropy recall without external aid). Test recall monthly.

Tier 3 — Above £50,000

Multisig, geographically split. 2-of-3 is the practical sweet spot — Sparrow Wallet plus three hardware devices is the cheapest competent setup, around £400 in hardware. One key with you, one with a trusted family member or solicitor, one in a different city in a deposit box. Recovery requires any two; theft requires breaching any two. Practice the recovery flow at setup time and every 12 months. The single most common multisig failure is “I never tested recovery and now my custodians have moved house” — this is preventable and you should prevent it.

04 · Verifying a backup without exposing it

The single highest-value habit you can build is verifying your backup at least once a year without ever exposing the words to a screen connected to the internet.

The flow:

  1. Boot an old laptop with a fresh Tails USB stick (Tails is a Linux distribution that runs entirely from removable media and forgets everything when you power down).
  2. With Wi-Fi off and the network cable unplugged, install the wallet software offline (carry the installer over on the same USB).
  3. Type the seed phrase from your backup into the wallet’s “restore” flow. Confirm the addresses generated match the addresses you’ve published.
  4. Power down. Do not connect this machine to a network until the next time you do this check.

If you do this annually, you will catch transcription errors, water damage, and acid corrosion before you need the backup in anger. Set a calendar reminder.

bash
verifying-a-backup.sh — illustration only, not a real script
run this on an air-gapped machine; never on a connected one
tails-installer —output /dev/sdb
Tails 6.4 written to /dev/sdb · checksum verified
offline-restore —wallet electrum —derivation m/84h/0h/0h
first receive address: bc1q9z4f…h2vp
matches published address ✓
poweroff

05 · What to write on the card

People obsess over the words and forget to write down the context. In five years you may not remember which wallet software the seed belongs to, which network it derives addresses on, or whether you used a passphrase. Write the metadata next to the words:

  • Wallet software name and version (e.g. Sparrow 1.8.3)
  • BIP standard (44 / 49 / 84 / 86)
  • Derivation path (m/84h/0h/0h for modern bech32 Bitcoin)
  • Network (mainnet, testnet, signet)
  • Date created
  • “Passphrase: separate” if you’re using one (never write the passphrase itself)
  • A canary address — the first receive address, written below the words. If you can later regenerate that address from the words, the words are correct. If not, something’s wrong.

06 · Things I see people do that don’t work

  • Photograph the words for safekeeping. That photo is now on Google Photos, iCloud, the family WhatsApp backup, and a Lightroom catalog. Every one of those is a breach surface.
  • Encrypt the photo in a file vault. Better than nothing — but the vault password is now your seed, and you’ve added a software dependency to your recovery flow.
  • Split the phrase into halves and store each half separately. Reduces entropy more than you’d think; a 12-word phrase split into 6+6 is much weaker than 12 words held in one secured location. Use Shamir’s Secret Sharing if you want to split, not naive halving.
  • Send the phrase to yourself via encrypted email “as backup”. Your email provider has the encrypted blob and a strong incentive to crack it eventually. Don’t.
  • Use a “secure notes” cloud app. Best case: you trust the vendor’s encryption. Realistic case: you trust the vendor’s encryption, and the vendor’s threat model, and every employee who has access, and every state actor that has compelled access.

07 · The boring conclusion

Most people who lose self-custody funds lose them to a single point of failure — one paper backup that one event destroyed, or one hardware device with no recovery practiced, or one cloud account that was breached.

The fix is not to be clever. The fix is to use the cheapest method on the tier that matches your holdings, and test the recovery flow once a year. The annual test catches almost everything. Almost everyone who gets robbed by their own carelessness skipped this step.

If you’re going to do one thing differently after reading this: book the calendar reminder for next year’s recovery test before you close this tab. That single calendar entry is worth more than any storage product I could recommend.

S

AUTHOR

Steven

UK-based solo operator. Twelve years writing about crypto and cybersecurity. Runs the GetCryptoCoin pool, the GCC project, and a cybersec YouTube channel. Spends weekends benchmarking mining hardware.

YouTube · 84.2K All articles by Steven
184Articles
12Years

Keep reading

Related from security.

All security posts
Security

How a £40k Monero theft happened (and the one thing that would've stopped it).

Apr 6, 2026 15 min read

Risk warning. Cryptoassets are largely unregulated in the UK. Their value can go down as well as up, and you may not get back the amount you originally invested. Past mining returns do not guarantee future returns. You should not mine or hold cryptoassets with money you cannot afford to lose.

Read full disclosure