This is a work in progress and not a release. We're looking for volunteers. See Issues and Contribution to know how to collaborate.

Private Key & Seed Phrase Management

The seed phrase (or mnemonic phrase) is the master key to a non-custodial wallet, granting complete control over all its derived private keys and assets. The management of this phrase is the single most important aspect of self-custody security.

⚠️ If you suspect for even a moment that your private key or seed phrase has been lost, viewed by another person, or exposed digitally (e.g., shown on-screen, copied to a clipboard on a connected device), you must consider it compromised. Immediately create a new, secure wallet and transfer all assets to it.

Secure Storage Practices

The goal is to protect the seed phrase from both physical threats (theft, fire, water damage) and digital threats (hacking, malware). The foundational principle is to keep your seed phrase offline at all times.

As soon as a new wallet is created, back it up using one of the following offline methods. Wallet providers do not have access to your seed phrase and cannot help you recover it.

  • Physical Written Copies: Writing the phrase on paper or a notebook is a common starting point. To mitigate risks of loss or damage from fire or water, store multiple copies in secure, geographically separate locations (e.g., a personal safe, a trusted family member's home, a bank deposit box).

  • Durable Metal Storage: For superior protection against physical damage, etch or stamp your seed phrase onto a metal plate (e.g., steel, titanium). Commercial products are available for this purpose. These should also be stored in secure, separate locations.

Prohibited Practices

Under no circumstances should you ever store your seed phrase in any of the following ways:

  • Taking a digital photograph of it.
  • Uploading it to cloud storage (iCloud, Google Drive, Dropbox).
  • Sending it via text message or any messaging app.
  • Sending it in an email, even to yourself.
  • Storing it in a plain text file on a computer or phone.
  • Sharing it with anyone. Wallet providers will never ask for your seed phrase.
  • Never use a device obtained from an untrusted source, such as a conference, hackathon, or third-party online marketplace, as it may be tampered with.

Ongoing Security Hygiene

1. Periodic Security Audits

On a recurring basis (e.g., every 6 months), conduct a security review by asking:

  • Do I know the physical location of all my seed phrase backups?
  • Are my storage methods still secure and uncompromised?
  • If my primary device were destroyed, do I have a clear plan to recover my assets?

2. Key Rotation

While you can use the same keys for years, it is a best practice to periodically rotate them by moving assets to new wallets.

3. Succession Planning

Establish a clear, secure protocol for a trusted next-of-kin to access your assets in case of incapacitation or death. This may involve sealed instructions stored with a lawyer or in a safe deposit box.