Two words people use interchangeably and shouldn't
"Private key" and "seed phrase" get used as synonyms in most US crypto journalism. They are not the same thing. The seed phrase is the recovery instruction — a sequence of 12 or 24 English words that, when fed through the BIP-39 algorithm, deterministically regenerates the entire wallet: every private key, every public address, every derivation path. The private key is one specific cryptographic file derived from that seed, usually a 32-byte number, used to sign one specific address.
If you lose the seed phrase, you lose access to every address ever derived from it. If you lose one private key but still have the seed, you can regenerate that private key. The seed is the root; the private keys are the branches. Treat them differently in storage, in backup, in inheritance planning, and in the conversation with anyone who claims they "need your private key" to fix something.
The BIP-39 mechanics, in plain English
BIP-39 is a 2013 specification that solved a real problem: random 256-bit hex strings are unmemorable, hard to dictate over the phone, and easy to miscopy. The spec maps a 128 or 256-bit random number to a sequence of 12 or 24 English words drawn from a fixed list of 2,048 entries.
The 2,048-word list is deliberately constrained. No word is a prefix of another (so dictating "abandon" can't be confused with "abandoned"). No word over 8 letters. No words with regional spelling variants. The last word in the sequence encodes a 4-bit (for 12-word seeds) or 8-bit (for 24-word seeds) checksum. If you write down 11 correct words and one wrong word, the checksum fails — which is how the Mnemonic Format Checker on this site catches transcription errors before they become unrecoverable losses.
From the seed words, BIP-32 derives a master private key, and BIP-44 walks down a tree of "child" private keys, one per address, one per chain. The standard derivation path for Bitcoin is m/44'/0'/0'/0/0 for the first address. Ethereum uses m/44'/60'/0'/0/0. Different wallets sometimes use different paths — which is why moving a seed phrase between wallets occasionally produces different addresses than expected.
What "control" actually means
In crypto custody, "you have control" is a binary state with no middle ground. Either the private key for an address exists in a place only you can reach, or it exists in a place someone else can also reach. There is no partial control, no "almost custody," no "I have it but the exchange also has a copy for safety."
An exchange account is not custody. Coinbase, Kraken, Gemini, Binance.US — all of them hold your assets in their own pooled wallets and credit your account a number. The number can be frozen, reversed, locked pending compliance, or wiped out if the exchange becomes insolvent. The 2022 FTX collapse made this explicit at scale: customers thought they "had" $8 billion in crypto on the platform; they had IOUs. A hardware wallet under your own pillow with a seed you wrote down is custody. Everything else is degrees of trust in someone else's custody on your behalf.
The IRS, the SEC, and the CFTC all draw the same line in their guidance: assets held on a regulated exchange are property of the customer in theory, but recovery in practice depends on the exchange's solvency and willingness. Assets in self-custody are unambiguously yours, and unambiguously your problem.
Where the seed phrase goes wrong
The single most common failure mode in retail crypto custody is not exchange hacks, not phishing, not market crashes. It is seed phrase loss — a holder forgets where they wrote it down, a fire destroys the only copy, a spouse cleans out a desk during a move, a hard drive crashes with the only digital backup. Industry estimates put this at 20-25% of all crypto ever issued, with Bitcoin alone showing roughly 4 million BTC believed permanently inaccessible.
The second most common failure: the seed exists, but it was copied to a place that turned out not to be private. Photos that synced to iCloud. Notes apps that backed up to Google Drive. Password managers that got phished. Pieces of paper in a sock drawer that got photographed during a casual house tour. A 2024 Chainalysis report estimated that of all "crypto stolen" losses, roughly 35% trace back to seed-phrase exposure rather than active phishing or exchange compromise.
The five-tier seed-phrase storage hierarchy
- Tier 1 — Two metal plates in two geographic locations. Stamp the seed onto two stainless-steel plates (Cryptotag, Billfodl, Cryptosteel). Store one at home in a fire-rated safe; the other at a bank deposit box, a parent's house, or an attorney's office. Survives fire, flood, theft of one location, and time. Cost: 120–300 USD. This is the default for any holder with $25K+ in assets.
- Tier 2 — Paper in two geographic locations. Same architecture, paper instead of metal. Acid-free paper, tamper-evident envelope, fire-rated safe. Acceptable for under $25K. Cost: 5 USD.
- Tier 3 — Shamir Secret Sharing (SLIP-39). The seed splits into N pieces; any M of them can reconstruct it. Trezor Safe 3 and Safe 5 support SLIP-39 natively. Defensive advantage: no single location holds the full seed. Operational risk: losing more pieces than the threshold permits.
- Tier 4 — Multisig with two or more hardware wallets. Funds held under a 2-of-3 (or 3-of-5) multisig address. Each signer device has its own seed. Coordinator software like Sparrow or Specter Desktop manages the addresses. Defensive ceiling: no single seed compromise loses funds.
- Tier 5 — Encrypted digital backup with passphrase in memory. Seed encrypted with a long passphrase you remember; ciphertext stored in a password manager. The passphrase never leaves your head. Operational risk: forgetting the passphrase is permanent.
The methods to never use: a photo on your phone (synced to cloud, scannable by malware), a notes-app entry (encryption tied to account that can be phished), a password-manager entry without encryption layer (plaintext to anyone who breaches the manager), memorization alone (memory is not durable enough across decades, head injury, or dementia).
The BIP-39 passphrase, also called "the 25th word"
The BIP-39 passphrase is a separate optional layer added on top of the 12 or 24 word seed. It is not stored anywhere on the device. It is not derivable from the seed alone. Together, the seed words plus the passphrase produce an entirely different set of addresses than the seed alone would produce.
The defensive logic is simple: if a thief gets your seed words but does not know your passphrase, they see the "decoy" wallet (the one derived from seed alone, with whatever small balance you optionally keep there). The real funds are at addresses derived from seed plus passphrase, completely invisible to the thief.
The passphrase rules: at least 12 characters, mixed case, ideally not in any dictionary, and absolutely never written down on the same medium as the seed. Common practice: memorize the passphrase, write a hint that only makes sense to you on the metal plate, never write the passphrase itself.
The trade-off: a forgotten passphrase loses access to the real funds permanently. Practice typing the passphrase in once a month. The muscle memory is the backup against forgetting.
The recovery rehearsal
Once a year, run a recovery rehearsal. Buy a cheap spare hardware wallet of any kind. Initialize it. Restore the seed from your metal plate or paper backup. Verify that the addresses on the restored wallet match the addresses on your live wallet (Bitcoin's address-1, Ethereum's address-0 — should be identical character-for-character).
If the addresses don't match, something is wrong: a misstamped letter on the plate, a damaged paper backup, a misremembered word. Better to find this during a rehearsal than during a real recovery when you've lost the live device.
If you use a passphrase, rehearse with the passphrase too. Make sure both decoy wallet (seed alone) and real wallet (seed plus passphrase) restore correctly. After the rehearsal, wipe the spare device. The point of the rehearsal is to validate the backup, not to leave a third copy of the seed laying around.
What a private key alone looks like, and when you might encounter one
Outside of contexts that explicitly use BIP-39 (which is most modern wallets), you occasionally encounter raw private keys. A Bitcoin private key in WIF (Wallet Import Format) looks like 5K... or L... or K... — a 51 or 52-character base58 string. An Ethereum private key is a 64-character hexadecimal string starting with 0x.
Older Bitcoin wallets (pre-2014) generated standalone private keys, one per address. Some smart-contract wallets generate session keys that are technically private keys but with limited scope. Brain wallets — the discredited practice of deriving a private key from a memorized phrase using a hash function — produce raw private keys. None of these are how modern wallets work, but they exist in the wild, and if you inherit a crypto setup from an older user, you may need to know how to import a raw private key into a modern wallet.
The import flow: most wallets have a "Import private key" option separate from "Restore from seed phrase." Importing a private key creates a "watch-only" or "imported" address that does not derive from your current seed. Move the funds from that imported address to an address derived from your seed as soon as possible — the imported address is an orphan in your wallet's tree and harder to manage long-term.
What to do when someone asks for your private key
The short answer: no one ever has a legitimate reason to ask for your private key. Not exchange support. Not "the Ledger customer service team." Not a project's official account on X. Not the FBI. Not anyone, ever, under any circumstance.
The longer answer is the same. There exists no scenario in which a legitimate service or person needs your private key. Exchanges manage your assets with internal wallets; they do not need your external private key to do anything. Hardware wallet manufacturers troubleshoot device issues without ever needing the seed — Ledger Live's diagnostic mode reads device serial numbers and firmware versions, not seeds. Law enforcement subpoenas exchanges, not individuals, for blockchain data.
When the conversation goes "we need to verify your wallet, please enter your seed phrase or private key on our portal," the conversation is a scam. Always. Without exception. The person asking is the attacker. Stop the conversation, screenshot it for evidence, and report it to ic3.gov if a payment has been requested or sent.
Estate planning: the conversation no one has
Most US-based crypto holders have not told a spouse, executor, or attorney where the seed phrase is stored or how to use it. When the holder dies or becomes incapacitated, the seed phrase becomes irrelevant — no one knows it exists, or where it lives, or what to do with it. The holdings effectively vanish.
The minimum estate-planning step: write a one-page "crypto recovery instructions" document, signed and dated, stored with your other estate-planning materials (will, deed, retirement-account details). The document does not contain the seed itself. It names: the device model, the safe location where the seed backup lives, the safe combination or location of the key, the wallet software needed to interact with the seed, and a list of every exchange account with login credentials stored in your password manager.
The document should not name the BIP-39 passphrase. The passphrase is the layer that protects against the executor going rogue or the recovery document leaking. The passphrase is communicated only to the spouse (verbally) or stored in a separate sealed envelope at a different attorney's office, with instructions to release it only on death certificate + court order.
For larger estates (over $500K in crypto), consider a multisig setup with one signer key in the hands of an attorney who specializes in digital asset estates. The attorney's key alone cannot move funds — but combined with the spouse's key or executor's key, it can. This is the defensive ceiling for crypto estate planning: irreplaceable on death of any single party, recoverable on cooperation of any two.
The five rules to internalize
- Rule 1 — The seed phrase is the recovery instruction. Treat it like a passport with no expiration: keep it physical, keep it in two locations, never let it touch the internet.
- Rule 2 — The private key is one branch of the tree the seed grows. Lose a private key, you can regenerate it from the seed. Lose the seed, you lose everything.
- Rule 3 — No one ever has a legitimate reason to ask for either. The request itself is the proof of fraud.
- Rule 4 — A BIP-39 passphrase adds a defense layer that thieves cannot reach with the seed alone. Use one if your holdings exceed five figures.
- Rule 5 — Run a recovery rehearsal once a year. The cost is one afternoon. The cost of not doing it is potentially everything.
Further reading on this site: Five seed storage methods, Hardware wallet comparison, Private key leak recovery, 30-item self-check.