NEOAcademy
Lv 100
Security BasicsLesson 5 of 9

Your crypto wallet and recovery phrase

Your recovery phrase is the single string of words that controls all your crypto, on any wallet, on any device. Losing it is worse than losing a password. Where to write it down, and where never to put it.

7 min read4 quiz questions +1 +10 on pass

In the Crypto Basics module we said a wallet is just a pair of keys: an address you share, and a private key you keep secret. In practice you almost never touch the private key directly. The piece you actually handle is called the recovery phrase, and it deserves its own lesson because of how often people lose money to mistakes around it.

A recovery phrase is a list of twelve or twenty-four ordinary English words shown to you when you first set up a wallet. From those words the wallet derives every private key it needs. If someone has the phrase, they have everything in the wallet, on any device, anywhere in the world. If you lose the phrase and the wallet itself, the money is permanently gone.

Why the recovery phrase is the whole game

A traditional bank password is one factor. The bank can reset it. The bank knows it is you because of your identity documents. A crypto recovery phrase works differently. There is no bank, no support line, no identity check. The phrase is the proof of ownership. Whoever holds it is the owner, full stop.

This is the single biggest mindset shift from regular finance. With a recovery phrase:

  • Anyone who sees the phrase can drain the wallet. They do not need your device, your phone, or your face.
  • There is no way to "reset" the phrase. If you lose the phrase, the funds are unrecoverable.
  • There is no way to "freeze" the wallet if someone else has the phrase. They will move the funds and they are gone.
  • A photo of the phrase is as dangerous as the phrase itself. So is a text in a chat. So is a note in a cloud-synced app.

Where to write it down

Paper, written by hand, is the standard starting point. A clean sheet, no shorthand, easy to read. Keep it somewhere it will not get wet, lost, or thrown out by accident. A small home safe is ideal. A drawer is acceptable if you live alone and the drawer does not have a tendency to be cleaned out by other people.

Once a wallet is holding more than you can afford to lose, upgrade from paper to metal. Specifically, a stamped or engraved steel plate. Paper survives most accidents. Paper does not survive fire or flood. A metal plate does. There are products designed for this (Cryptotag, Cryptosteel, Billfodl) but a plain steel plate and a number-and-letter punch set works fine.

  • Twelve or twenty-four words, in order. Order matters; do not shuffle them.
  • Two copies, stored in two different physical locations. If your house burns down with the only copy, the wallet is gone.
  • Never the actual words on a device you connect to the internet.
  • Never a photo. Phone galleries get backed up, shared, and accessed.

Where never to put it

These are the places where recovery phrases most often leak. The patterns are so consistent that you can use them as a checklist of "do not do this."

  • A photo on your phone. Phones get stolen, sold, photo libraries get backed up to clouds, and clouds get compromised.
  • A note in any cloud-synced notes app (iCloud Notes, Google Keep, Notion, Evernote). If your account leaks, the phrase leaks.
  • A document in your email drafts or a chat with yourself.
  • A screenshot during the setup process. Some wallets warn you about this; many do not.
  • A password manager, unless you understand exactly what that means. The convenience trade-off is real and the attack surface is larger than paper.
  • A "support agent" who needs it to "verify your wallet" or "help recover funds." This is always a scam.

Hot wallets and cold wallets, briefly

You will hear two categories repeatedly. We will go deeper on the cold side in the next lesson, but the basic distinction matters here.

A hot wallet runs on a device connected to the internet: a browser extension, a mobile app, a desktop app. It is convenient for daily use. It is also exposed to whatever your device is exposed to: malware, malicious websites, a phishing extension. Hot wallets are right for small amounts and active use.

A cold wallet keeps the private keys on a device that never touches the internet. The most common form is a hardware wallet (a small USB-shaped device). It is right for amounts you do not need to touch every week and that would seriously hurt to lose.

A practical split for amounts
  1. Small spending
    hot wallet, easy access
  2. Medium savings
    cold wallet, less convenient
  3. Long-term core
    cold wallet, rarely touched

You can have multiple wallets. Most people who hold crypto seriously do. A hot wallet for the small "cash" balance you actually use. A cold wallet for the part you are holding long-term. The numbers can be small. The point is segmentation: one mistake on a hot wallet should not be able to take everything.

Setting up your first wallet, carefully

If you have never set up a self-custody wallet, the careful version of the process looks like this:

  • Download the wallet only from the official site or official app store. Do not click an ad. Type the URL or search the app name carefully.
  • When it shows you the recovery phrase, write it down on paper, by hand. Read each word back to confirm.
  • Verify the phrase when the wallet asks (it will ask you to retype it). Do not screenshot the phrase at any point.
  • When you first move crypto into this wallet from an exchange or another address, send a tiny test amount first. Confirm it arrived, then send the rest.
  • Save the paper phrase somewhere offline. Once the wallet is holding amounts that would hurt to lose, consider a metal backup.

Inheritance and "what if I die" planning

A topic most people avoid until it is too late. If you are the only person who knows where your recovery phrase is, and something happens to you, your family loses access to the funds permanently. This is one of the largest categories of "lost" crypto.

You do not need to solve this fully today. You do need to be aware of it. A simple first step: leave a sealed envelope with a trusted person (a spouse, a parent, a lawyer) containing instructions, and store the phrase itself in a separate, secure location they could reach if needed. Whole books and services exist for more sophisticated setups. For now: think about it before the rest of life thinks about it for you.

The recovery phrase is the whole wallet. Treat the paper the way you would treat the cash itself.

The next lesson goes into the most reliable physical defense for serious amounts: hardware wallets and what people usually mean when they say "cold storage."