Why a photo of your seed phrase is the worst storage method

Every year, a new wave of crypto holders takes a photo of their seed phrase "just in case." Every year, some percentage of those phones gets stolen, cloud-backed-up to a breached account, scanned by malicious apps with photo permissions, or simply forgotten in a charging cable at an airport.

A photo of a seed phrase is the single highest-risk place to store it. Higher than a notes app. Higher than a password manager. Higher than even a piece of paper in a desk drawer.

The five ways the photo gets out

  • Cloud sync. iCloud Photos, Google Photos, Microsoft OneDrive — all sync by default. Your seed phrase is now stored on a server you do not control, encrypted with a key derived from your account password. Breach the account, breach the seed.
  • App permissions. Any app with "photo library access" can read every image on your phone. A free flashlight app from 2019, still installed, is now reading your seed phrase.
  • Phone theft. Modern phones are not opened easily, but they are also not impossible. A determined attacker with a few hours and the right tools can extract photo storage even from a locked iPhone.
  • OCR by malware. Several Android malware families (SpyMax, BlackRock, more recently 2024-era variants) specifically OCR every image in the photo gallery looking for seed-phrase patterns: 12 or 24 lowercase words from the BIP-39 wordlist.
  • Cloud backup recovery. An ex-partner with your iCloud password can restore your photos to their phone. Without you ever knowing.

Where to store the seed instead

Paper, metal, or both. Paper goes in a fireproof safe. Metal — a steel plate stamped with the words — survives fire, water, and time. Brands: Cryptotag, Billfodl, Cryptosteel. Cost: 60–150 USD. Storage location: physically separated from where you keep the device. Ideally two copies in two locations.

If you absolutely must have a digital backup, encrypt the seed first with a long passphrase you remember in your head, store the ciphertext (not the plaintext) in a password manager, and never store the passphrase anywhere except your memory. This is more complex than paper or metal and adds new failure modes — recommend it only if you have a specific reason.

If you have already photographed it

Delete every copy: phone gallery, cloud backups, any other device that synced. Then generate a new seed on a fresh device, move all funds to addresses derived from the new seed, and treat the photographed seed as permanently compromised. The cost is one round of transaction fees. The cost of leaving it in place could be everything.