How to Store a Seed Phrase: 5 Safe Methods in 2026

A seed phrase is not just a set of words. It is the single key to everything you own in crypto. To every coin protected by that phrase. If you lose it — there is almost no chance of getting access back.
There are white hat hackers who recover access to lost wallets — there are known cases where they returned tens of millions of dollars to people. But those are isolated stories that require very specific conditions. In most real-life situations, losing your seed means losing all your funds.

According to Ledger analysts, as of the beginning of 2025, between 2.3 and 3.7 million Bitcoin are irretrievably lost due to forgotten seed phrases and passwords. At current prices, that’s tens of billions of dollars locked in the blockchain forever. That’s exactly why knowing how to store a seed phrase safely isn’t about paranoia — it’s about basic digital hygiene, something you should do once and do right.

Here are a few stories that show just how thin the line is between controlling your funds and losing them completely.

James Howells and the Newport landfill. A British IT specialist mined 7,500 BTC in the early days of Bitcoin and stored the keys on an old hard drive. In 2013, he accidentally threw that drive out during a cleanup — and it ended up at the city landfill in Wales. At current prices, that’s hundreds of millions of dollars. For over ten years, Howells tried to get permission to excavate: he assembled a team, hired experts, offered the city a percentage of whatever was found, took it to the High Court — and lost at every level. The landfill is now being prepared for closure and redevelopment into a solar farm. The wallet will almost certainly stay there forever.

South Korea, the photo from the tax office. The tax authority confiscated hardware wallets from a debtor, photographed them alongside the written-down seed phrases, and published the photo publicly. The result — $4.8 million in crypto stolen instantly while the image was live.

The United Kingdom, the CCTV camera case. A wife installed a CCTV camera at home and caught the moment her husband entered his seed phrase. 2,323 BTC stolen — more than $176 million.

Honestly, the scariest thing is the moment you realize the phrase is lost or in someone else’s hands. So I put together five methods I use myself and recommend.

What a Seed Phrase Is and Why It Is Your Money

A seed phrase is a sequence of 12 or 24 ordinary English words generated by your wallet following the BIP-39 standard. These words are drawn from a fixed list of 2,048 words and created using cryptographic randomness.

Modern crypto wallets work on the principle of hierarchical key generation (HD wallets). In plain terms: one seed phrase generates a master key, from which all private keys for every network and address are derived. One seed — dozens of wallets. Bitcoin, Ethereum, Solana, and so on.

That’s why your real wallet isn’t the app or the device — it’s the seed phrase itself. MetaMask, Trust Wallet, Phantom, Ledger, Trezor — all of these are just interfaces that read the seed and let you sign transactions. Uninstalled the app, lost the phone, your laptop broke — if you have the seed, you can restore everything in five minutes in any compatible wallet. And the opposite is true too: if someone gets hold of your phrase, they don’t need your app or device. They just type the words into any compatible software and get access to your funds.

Method #1. Passphrase (the 25th Word)

A passphrase is an extra word or phrase you enter on top of the standard seed. It is not the 25th word from the BIP-39 list. It can be any combination of characters you come up with yourself.

How it works: seed + passphrase produces a completely different master key. As a result, the private and public keys are different — you get a completely separate wallet, derived from your seed. To put it simply, it’s an additional password on top of the seed phrase — without which the funds can’t be accessed, even if someone knows the seed.

Why You Need It

Wrench attack. Someone physically forces you to open the wallet. You enter the seed without the passphrase — a wallet with a small amount opens up. The hidden wallet with the main funds stays invisible.

Extra protection for the seed phrase. Even if someone finds your seed — without the passphrase, they only get into an empty (or nearly empty) wallet. The main funds stay safe.

What to Keep in Mind

• The passphrase is stored SEPARATELY from the seed. Kept together — and the whole point is lost.
• Many people recommend simply memorizing the passphrase and writing it down nowhere — that’s precisely its main advantage: it can’t be found physically.
• But this is a double-edged sword: forget the passphrase = lose the hidden wallet forever. There is no recovery.
• If you don’t trust your memory — make a physical backup of the passphrase on a separate medium, in a different location from the seed phrase. This is a trade-off between reliability and security.

Method #2. Metal backup

If you’re storing crypto long-term — this is method number one. Storing the seed on metal appeared almost simultaneously with hardware wallets. It’s one of the most obvious ways to keep a backup. The idea gained popularity in the crypto community around the 2017 bull market, when balances became serious and the question of a reliable backup turned critical. People on forums (Bitcoin Talk, Reddit r/bitcoin) started discussing DIY options — manually stamping words onto metal plates using letter stamp kits sold in hardware stores. The first dedicated products appeared around the same time.

Metal backups are physical devices made of steel or titanium onto which you etch the words of your seed phrase. They survive fire, water, corrosion, and mechanical pressure. Everything paper gets destroyed by.

What’s Currently on the Market

Metal backups come in different types: capsules, plates, and so on. Each format has its own advantages.

Capsules

Cryptosteel Capsule Solo

Stainless steel, letters are inserted into the capsule. Officially recommended by Ledger. Supports BIP-39 and SLIP-39 (Shamir Backup). Holds up to 24 words in shortened format or 12 words in full. Withstands up to 1200°C, fully waterproof.

Trezor Keep Metal

The official metal backup from Trezor. Stainless steel, fire- and waterproof. Stores 24 words in the first-4-letters format (BIP-39 standard). A perfect match for any Trezor wallet.

Plates

SafePal Cypher

Stainless steel, letters are inserted into numbered slots. Supports 12, 18, and 24 words. Melting point 1398°C. Easy to assemble, convenient format.

Keystone Tablet Punch

304 stainless steel, the seed is applied with an automatic center punch (included in the kit). Three plates that stack inside each other: up to 24 words, first-4-letters format. Has holes for a padlock. Slightly larger than a credit card. Withstands over 1454°C.

Titanium Plates

CryptoTag Loki

A monolithic plate made of 3 mm aerospace-grade titanium. Words are applied with a center punch (included in the kit) in the first-4-letters-of-each-word format. Supports both BIP-39 and SLIP-39, compatible with Ledger, Trezor, and most other wallets. A solid plate with no moving parts — nothing to fall out or get mixed up. Titanium’s melting point ~1668°C, resistant to fire, water, corrosion, and mechanical pressure.

CryptoTag Thor

Titanium, formatted for BIP-39. Center punch, maximum durability. The same level of protection as Odin, but for standard seed phrases.

What to Look for When Choosing

• If you want to assemble a backup in 5 minutes without extra tools — go with a plate or capsule with metal letter tiles (SafePal Cypher, Ellipal Seed Phrase Steel, Cryptosteel Capsule). They’re the fastest to assemble, but have a weak point — individual letter tiles. In the event of a strong impact, explosion, or prolonged heating above 800–900°C, there’s a risk that some letters may fall out or get mixed up.
• If you need maximum durability and aren’t scared off by extra tools — go with monolithic solutions (Stamp Seed Deluxe Titanium, CryptoTag Thor, Loki, Keystone Tablet Punch). Here, the words are stamped into a solid plate — nothing to fall out or change order. In scenarios involving explosions, fire, or falls from height, a monolithic plate performs noticeably better than an assembled one.
• If you plan to use Shamir Backup (SLIP-39) — look at CryptoTag Loki or Cryptosteel Capsule Solo; they support this standard.

Method #3. Shamir Backup (SLIP-39)

I believe that anyone holding more than a few thousand dollars in crypto should know about this method.

Imagine you have a standard 24-word seed phrase. It’s one piece of paper, one plate, one backup. If someone finds it — they have full access to your funds.

When you use the Shamir Backup storage method, you don’t store the seed phrase in full. Instead, the wallet breaks the phrase into several separate parts — for example, three parts. And you choose how many of them are needed for recovery. This is called the threshold.

For example, a 2-of-3 scheme: you have three parts, and any two of them are enough to restore the wallet. The third one can burn, get lost, or be stolen — and it’s not a problem. But if an attacker gets only one part — they can do nothing with it. One part contains no useful information about your seed.

Technically, this works via Shamir’s Secret Sharing, an algorithm created by cryptographer Adi Shamir back in 1979. In crypto, it’s implemented in the SLIP-39 standard. An important detail: each part is not a piece of your original 24-word phrase. It’s a completely separate mnemonic phrase of 20 or 33 words, generated from its own wordlist. So even visually, a Shamir Backup share doesn’t look like a regular seed.

Why This Is Better Than a Regular Backup

• Theft protection: even if 1 share is found, access to the funds is still impossible. You need the threshold, e.g. 2 of 3 or 3 of 5.
• Loss protection: one share burned or got lost — the rest still restore the wallet.
• Flexibility: you configure it for yourself. 2 of 3 for a simple setup, 3 of 5 for maximum reliability.

Which Wallets Support It

Not all devices support SLIP-39. Currently it’s Trezor Safe 7, Trezor Safe 5, Trezor Safe 3, Trezor Model T (the first hardware wallet with SLIP-39), and Keystone 3 Pro. Among software wallets — Rabby, Electrum, Sparrow, BlueWallet.

A note on Ledger. On Ledger wallets, you can install the official Seed Tool application via Ledger Wallet. It allows you to generate Shamir shares from your BIP-39 seed directly on the device, without the key “leaking” outside the chip. But there’s a catch: this is not SLIP-39, but a different standard — SSKR (Sharded Secret Key Reconstruction) by Blockchain Commons. The idea is the same: Shamir’s Secret Sharing. The difference lies in the wordlist and format. That means SSKR shares from Ledger won’t work in Trezor or Keystone. And vice versa: Ledger Seed Tool won’t recognize SLIP-39 shares from Trezor. If you go this route — stay within one ecosystem.

Where to Store SLIP-39 Shares

Shamir shares themselves are the same kind of mnemonic phrases as BIP-39, just from a different wordlist (1,024 words instead of 2,048) and longer — 20 or 33 words instead of 24. They’re recorded the same way: paper, metal, titanium. There is no special magic here.

But there’s one product built specifically for this standard.

CryptoTag Odin

Titanium, designed for Shamir Backup. Instead of stamping words letter by letter, you punch them as numbers from the SLIP-39 wordlist onto individual hexagonal titanium rods. Each share — a separate set. Withstands up to 1665°C, bulletproof, resistant to acids. Has the highest rating in Jameson Lopp’s test among all backups he has ever tested. It’s the most specialized Multi-share solution on the market.

If Odin feels too expensive or too complex — CryptoTag Loki or Cryptosteel Capsule Solo also support SLIP-39 and cost noticeably less.

How to Organize This

2-of-3 scheme. Three shares on separate mnemonic plates. One at home in a safe. A second at relatives. A third in another reliable location.

The logic is simple: if the apartment burns down, the other two shares remain. If something happens to the relatives — there’s still the one at home and the one in the third location. The main thing — no two shares should ever be in the same place, and no two locations should go down at the same time.

Method #4. Paper Backup

After a discussion of titanium plates and Shamir’s algorithms, this sounds primitive. But a paper backup is where most people start, and there’s nothing wrong with it. As long as you do it right.

How to Do It Properly

• Write with a pencil, not a pen — ink fades, pencil lasts for decades.
• Use quality thick paper — or, if you have a hardware wallet, they usually include 2-3 backup cards in the kit.
• Store in a fireproof safe or a waterproof container.
• At least two copies in different physical locations, e.g. your house + your parents’ house (or another trusted person).
• Use a Passphrase. (this lets you not worry even if someone steals one copy)

What You Shouldn’t Do

• Photographing the seed on your phone — it instantly becomes vulnerable.
• Keep it in a drawer without protection — anyone with access to the apartment can find it.
• Making too many copies — every extra copy increases the risk.

Method #5. Hardware Wallet

This isn’t exactly a way of “storing” a seed phrase in the classical sense — but without it, the other four methods lose half their meaning. Because the basic rule of security is simple: the seed phrase should never exist in digital form on an internet-connected device. And the only way to work with crypto daily and not break that rule — is a hardware wallet.

The idea is straightforward. The seed phrase is generated directly inside the secure chip built into your hardware wallet. It never leaves that chip — not when you connect the device to a computer, not when you sign a transaction. You see the seed only once, at the moment of creating the wallet, when you write it onto your paper or metal backup. From then on, the chip performs all signatures internally and only exposes the finished result.

Why This Matters Specifically for the Seed Phrase

The seed never touches the OS. Even if your computer is infected with a virus, keylogger, or trojan — the phrase can’t be extracted. It simply isn’t in the machine’s memory. All the OS sees is a connected USB device that returns signed transactions.

The chip is designed to withstand physical attacks. The Secure Element carries Common Criteria certifications at EAL5+ or EAL6+ — the same standard used to certify bank cards and biometric passports. In practice, this means protection against attempts to read the keys with a laser, acid, freezing, voltage glitches, and side-channel analysis (where the attacker measures the chip’s power consumption during signing). A regular software wallet on your phone has none of these protections — there, the seed simply sits in the device’s memory.

The transaction signing happens offline, inside the chip. To steal your funds, an attacker would need to assemble three things: the physical device, your PIN, and — if you enabled passphrase — that too. This is a fundamentally different level of complexity than compromising a software wallet, where sometimes a single malicious browser extension or a phishing site is enough.

What a Hardware Wallet Does NOT Protect Against

It’s important to understand the limits. The hardware covers the risks related to the seed and keys, but doesn’t override common sense:

• Blind signing. If you don’t read what the device’s screen is showing, and just press “Confirm” — the wallet will sign anything, including a malicious transaction like setApprovalForAll on your tokens. That’s exactly how $1.5B was drained from Bybit in February 2025: signers were seeing one thing on the screen while actually signing something else.
• Phishing. The fake website of your DEX or bridge is no different from the real one. The wallet will display a transaction if you initiated it on a fake site, didn’t verify the data on the wallet screen, and signed — this can have fatal consequences.
• Buying second-hand or from an unofficial dealer. A scammer could sell you a device already initialized with their own seed phrase. Or a wallet with modified firmware that, instead of a random mnemonic, outputs one from a preloaded set. You can’t check for this, since there could be millions of preloaded phrases inside. It’s done by modifying the Rand function used during mnemonic generation.

What You Must NEVER Do With a Seed Phrase

Most stories about stolen crypto start with a simple everyday mistake by the owner. Chainalysis analysts document the same pattern year after year: the main loss channel for private users is a compromised or exposed seed phrase. A hacker doesn’t need to break anything if you hand over the private keys to your funds yourself.

Photographing the seed on your phone. The phone is permanently connected to the internet; photos usually auto-sync to iCloud or Google Photos. One cloud leak, phishing email, or even an unlocked screen left unattended — and the phrase is already in someone else’s hands.

Installing fake wallets from app stores. In Google Play and the App Store, clones of MetaMask, Trust Wallet, and Phantom appear regularly. With realistic icons and hundreds of fake reviews. On the very first screen, such an app asks you to “import an existing wallet,” meaning: enter your seed phrase. Once the words hit the input field, they’ve gone to the attacker’s server. Download wallets only via a direct link from the official project site.

Storing it in cloud services. Google Drive, iCloud, Dropbox, Apple Notes, Google Keep. All of these are vulnerable to account hijacking and phishing. One database leak or one successful attack on your email, and the seed ends up in someone else’s hands along with everything else in the cloud. It’s also worth remembering insiders. A Google, Apple, or Dropbox employee with access to storage can technically find a photo or file with a seed phrase via internal search. Cases where employees of large platforms get caught selling user data happen regularly. You don’t know who will look at your account from the inside, or when.

Sending it to yourself via email or messenger. Telegram, WhatsApp, Signal, Gmail — doesn’t matter. Any channel with remote access and device sync is a potential attack vector. Even Telegram’s “Saved Messages” are readable from any new device where you log in.

Taking screenshots. A screenshot instantly lands in the gallery, syncs to the cloud, gets indexed by system search. It might get accidentally shared with another screen capture or appear in a message preview.

Leaving any trace of the seed on your phone. Drafts in notes, messages to yourself, a text file in “Downloads”, words typed into the search bar. All of this sits on the device and syncs. From there, the scenario is predictable: the phone gets lost in a taxi, stolen in the subway, handed in for service without a full wipe. Unlocking by four-digit PIN or Face ID isn’t the level of protection you can rely on. If the seed has ever been on your phone in any form, move the funds to a new wallet with a new phrase, and consider the old one compromised.

Entering the seed on any website. No legitimate service — not an exchange, not a wallet, not a DeFi protocol — will ever ask you to enter the seed phrase for “verification,” “unlocking,” or “updating.” If you see such a field, it’s phishing. No exceptions.

Using your own ciphers and “smart” methods. Splitting the phrase by your own system, rearranging the words, replacing part of it with your own. All of this seems like a brilliant solution — as long as you remember the scheme. A year or two later, when you actually need to recover, you won’t remember the exact logic. Use standard tools like Shamir Backup or passphrase. They’re tested, documented, and work the same way on any compatible wallet.

Conclusion

The main thing I want to say: there is no ideal way to store a seed phrase. There is a combination that fits you specifically — for your amount, your level of paranoia, and your lifestyle.

If your wallet has an amount whose disappearance you wouldn’t even notice, a paper copy in a safe place is enough. Don’t spend more on protection than the thing you’re protecting is worth.

If you have $1,000+ on the wallet, a hardware wallet plus a metal plate in a safe and a paper copy in another location is enough. Building a Shamir with five shares here makes no sense.

When it comes to serious amounts, you need to think differently. Hardware wallet as the main home for private keys. Passphrase on top of the seed. Shamir Backup to distribute risks across multiple locations. Because the cost of a mistake grows with the amount, and a single line of defense is no longer enough.

Here are a few rules that work regardless of the amount:

• The seed phrase should never exist in digital form on an internet-connected device.
• A minimum of two physical copies in different places.
• Check once a year that the backups are in place and readable.
• If you have a family, think about how they’ll get access without you. The topic is unpleasant, but without it the whole setup loses its meaning at the worst moment.

And one last thing. The biggest threat to your seed phrase is you yourself. People lose crypto over simple things: forgot where they put it, accidentally threw it out, snapped a quick photo on the phone. Don’t overcomplicate where basic measures are enough. Don’t oversimplify where it’s dangerous.