Signal & Noise #3: Seed Phrase Storage — What the Experts Actually Do

Your seed phrase is the most valuable piece of information you own. Twelve or twenty-four words that control every satoshi in your wallet. If someone gets them, your Bitcoin is gone. If you lose them, your Bitcoin is gone. If they degrade, burn, or flood — your Bitcoin is gone.

And yet, the majority of Bitcoin holders store their seed phrase on a piece of paper in a desk drawer.

This issue is about what serious holders actually do instead.

Paper: The Starting Point, Not the Destination

When you first set up a hardware wallet, the device generates your seed phrase and you write it down on the card included in the box. That paper card is a starting point. It is not a long-term storage solution.

Paper fails in predictable ways. It burns at 233°C (451°F). It dissolves in water. It fades with UV exposure. It’s fragile, it tears, and if your handwriting is anything like most people’s, it might be illegible in five years. A house fire, a flood, a spilled cup of coffee — any of these can destroy the only backup of your entire Bitcoin holdings.

Paper also has a subtler problem: it feels temporary. People treat it as temporary. They stuff it in a drawer, forget which drawer, move house, throw things away. The casualness of paper leads to casual storage habits, and casual storage habits lead to lost Bitcoin.

Metal: The Upgrade That Matters

The single most important upgrade a Bitcoin holder can make is transferring their seed phrase from paper to metal. Specifically, stamped or engraved stainless steel.

Threat	Paper	Steel Plate
House fire (up to 1,100°C)	Destroyed	Survives
Flood / water damage	Destroyed	Survives
UV degradation over time	Fades	No effect
Physical wear and tear	Tears, smudges	Negligible
Accidental disposal	Looks like scrap	Clearly valuable
Readability after 20 years	Questionable	Identical

Products like the Cryptosteel Capsule, Billfodl, and SeedPlate allow you to stamp or slide individual letters into a stainless steel device. The result is a backup that survives essentially any physical disaster short of an industrial smelter.

The cost is typically $50–$100. For something protecting potentially life-changing amounts of Bitcoin, it is the best money you will ever spend.

The Threat Most People Forget: Your Phone Camera

⚠ Operational Security Insight

Here is something almost nobody talks about: never have your phone anywhere near your seed phrase. Not while you’re writing it down. Not while you’re stamping it into metal. Not while you’re verifying it. Not ever.

A compromised phone is a camera. Both the front and rear lenses are potential surveillance tools. If malware has access to your camera — and this is not theoretical; mobile spyware like Pegasus operates exactly this way — then simply passing your phone over the table where your seed phrase is written is enough. The attacker sees what the camera sees. Your 24 words are photographed, transmitted, and your wallet is swept before you finish stamping the first plate.

Consider covering your phone cameras with physical privacy covers at all times — not just during seed phrase operations, but as a default posture. The camera lens is an attack surface. Reducing your attack surface is always good security practice.

Geographic Distribution: The Power of “Not All in One Place”

A steel seed backup in a fireproof safe is excellent protection against fire, flood, and decay. But it does nothing against a targeted physical attack. If someone knows (or suspects) that you hold Bitcoin and can access your home, a single-location backup is a single point of failure.

This is where geographic distribution changes everything.

The idea is simple: don’t keep all your security in one physical location. For a standard single-signature wallet, this might mean keeping a primary backup at home and a secondary backup in a bank safe deposit box in a different part of town. If your home is compromised, the safe deposit box survives. If the bank is compromised (extremely unlikely, but defence in depth means planning for it), your home backup survives.

But geographic distribution reaches its full potential with multisig.

Multisig: Where Geographic Distribution Becomes Transformative

A 2-of-3 multisig wallet requires any two of three private keys to authorise a transaction. This means you can place each key in a different physical location — and no single location being compromised can threaten your funds.

Key 1: Your home safe. Key 2: A bank safe deposit box across town. Key 3: With a trusted family member in another state.

Think about what this achieves:

Your home is burglarised. The attacker finds Key 1. They need two keys. Your funds are safe.
A fire destroys your home. Key 1 is gone. You recover using Keys 2 and 3. No Bitcoin is lost.
A natural disaster hits your city. Keys 1 and 2 might both be affected. But Key 3 is in another state entirely. You still have two keys and full access to your funds.
Someone threatens you physically. You can truthfully say you cannot move the funds alone — you literally need a second key that isn’t here. The attacker cannot get what doesn’t exist in your possession.

That last point is critical and under-discussed. Multisig with geographic distribution is one of the most effective defences against the so-called “$5 wrench attack” — the scenario where someone physically forces you to hand over your Bitcoin. If the keys required to move your funds are genuinely in different locations that you cannot immediately access, the attack fails at a fundamental level.

The Common Mistakes

Even people who take seed phrase storage seriously make predictable errors:

Storing the seed phrase digitally “just as a backup.” A photo on your phone. A note in iCloud. A text file on your laptop. An encrypted file on a USB drive. Every digital copy is an attack surface. One compromised device, one cloud breach, one piece of malware — and it’s over. Seed phrases should exist only on physical media, offline, always.
Telling too many people where the backup is. Trust is good. But every person who knows the location of your seed phrase is a potential point of failure — through coercion, carelessness, or changing relationships. Need-to-know basis only.
Not testing recovery. A backup you’ve never tested is a backup you hope works. Set up a small-balance test wallet, back up the seed, wipe the device, recover from the seed, and verify the balance. Do this before you trust any backup with serious funds.
Labelling the backup as “Bitcoin seed phrase.” If someone finds your steel plate, its purpose should not be obvious. A plain steel plate with 24 stamped words is meaningless to most people. A plate labelled “BITCOIN RECOVERY WORDS” is an invitation.

Quick Hits

Trezor Safe 5 adds passphrase display on device — The latest firmware update lets you view and confirm your passphrase directly on the Trezor’s touchscreen, reducing the risk of a compromised computer intercepting keystrokes. If you use a passphrase (and you should), this is a meaningful security improvement.

SeedSigner v0.8 released — The open-source, air-gapped signing device now supports BIP-85 child seed derivation. This lets you generate multiple independent wallets from a single master seed. A powerful feature for advanced users managing separate cold storage vaults.

Reminder: test your backups periodically — When was the last time you verified that your seed phrase backup is legible, accessible, and matches your current wallet? If the answer is “never” or “I can’t remember,” this week is the week. It takes ten minutes and could save everything.

Breach Watch

What happened

In December 2018, QuadrigaCX founder Gerald Cotten reportedly died while travelling in India. He was allegedly the sole person with access to the exchange’s cold storage private keys. Approximately $190 million in customer funds became permanently inaccessible. Subsequent investigations revealed significant mismanagement and potential fraud.

What went wrong

Single point of failure, in its most literal form. One person held the keys. One person died (or disappeared). No backup access existed. No multisig. No geographic distribution. No inheritance plan. The funds were gone because the key holder was gone.

The lesson

This case is often cited as a cautionary tale about exchanges, and it is. But it’s also a cautionary tale about single-key storage. If one person’s death or incapacitation can permanently lock funds, the security model has a fatal flaw. Multisig with distributed keys and a clear inheritance plan eliminates this exact scenario — for institutions and individuals alike.

One Thing to Do This Week

Order a steel seed phrase backup plate.

If your seed phrase exists only on paper right now, this is the week to fix that. Search for Cryptosteel Capsule, Billfodl, or SeedPlate — pick one, order it, and commit to stamping your seed the day it arrives. While you’re waiting for it to ship, think about where you’ll store it. Not the desk drawer where the paper card is now. Somewhere fireproof. Somewhere only you know about. Somewhere that isn’t the same building as your hardware wallet.

Next issue: Why Running Your Own Node Matters More Than You Think — trust verification, privacy implications, and the difference between asking someone else if your transaction is valid and knowing it yourself.

Previous issues: #1: Why Your Exchange Account Is Not a Wallet · #2: The Anatomy of a Bitcoin Phishing Attack

← All Newsletter Issues