BitcoinSecurity Intermediate

Twelve Words That Hold Every Bitcoin You Own

How 12 or 24 words stand in for an unlimited number of Bitcoin keys. BIP-39 mnemonics, BIP-32 HD wallets, derivation paths, and the practical rules for backing up a seed safely.

26.05.11 · 5min

A Bitcoin private key looks like this:

e9873d79c6d87dc0fb6a5778633389f4453213303da61f20bd67fc233aa33262

Could you copy a 64-character hexadecimal string onto paper exactly, and store it without getting a single character wrong? On top of that, for privacy you are encouraged to use a new address - a new key - for every transaction. That means dozens or hundreds of keys. Backing each one up separately is simply impractical. Seed phrases and HD wallets exist to solve exactly this problem.

The Seed Phrase: A Human-Readable Backup

Almost every modern wallet shows you 12 or 24 English words when you first create it:

witch collapse practice feed shame open despair creek road again ice least

This is called a seed phrase, or a mnemonic, and the standard is BIP-39. Here is how it works:

The wallet generates random entropy of 128 bits (12 words) or 256 bits (24 words).
It maps that number onto a fixed list of 2048 words to turn it into words.
The last few bits are a checksum, so if you write a word incorrectly the wallet can detect the error.

In short, a seed phrase encodes a huge random number into a form that is easy for a human to copy down. Words are easier to memorize, write by hand, and error-check than raw hexadecimal.

HD Wallets: A Tree of Keys Grown From One Seed

A seed phrase is not just a backup. It is the seed from which all keys are born. This structure is called an HD wallet (Hierarchical Deterministic Wallet), and the standard is BIP-32.

Seed phrase → master seed → master private key
From that single master key, child keys are derived deterministically, without limit

The word "deterministic" is the key. From the same seed, the same keys always come out in the same order. So even if you delete the wallet app or lose the hardware, just the 12 words let you restore every address and balance on a new device. You do not need to back up each key individually. One seed, and the whole tree grows back.

Seed phrase (12/24 words)
   ▼
Master key
   ├── Address 0
   ├── Address 1
   ├── Address 2
   └── … (unlimited)

Derivation Paths and Extended Public Keys

Each child key is identified by an address called a derivation path. A common format (BIP-44) looks like this:

m / 44' / 0' / 0' / 0 / 5
│    │     │    │   │   └ address number
│    │     │    │   └ external (receive) / internal (change)
│    │     │    └ account number
│    │     └ coin type (0' = Bitcoin)
│    └ purpose (44' = BIP-44)
└ master

Each wallet uses a default path, so restoring the same seed into a different wallet produces the same addresses, keeping wallets compatible.

One powerful but dangerous tool here is the extended public key (xpub). An xpub lets you precompute all of a wallet's future addresses without the private key. This makes it possible to build a watch-only wallet that can see balances but cannot spend. But put another way: publishing your xpub exposes your entire transaction history at once. Never share an xpub carelessly.

The Passphrase: The 25th Word

BIP-39 includes an optional passphrase, often called the "25th word." By adding a secret phrase that only you know on top of the seed, you create an entirely separate wallet.

Even if the seed phrase is exposed, funds cannot be accessed without the passphrase.
Under coercion, you can reveal a "decoy wallet" with no passphrase (plausible deniability).

But forget the passphrase, and that wallet's funds vanish forever. The stronger the security, the greater the responsibility.

Practical Rules for Protecting a Seed

Whoever holds the seed phrase is the owner of that bitcoin. Seed storage is therefore the heart of Bitcoin security.

Write it down offline only. Record it by hand on paper, and for long-term storage a fireproof metal backup is recommended.
Never store it digitally. Photos, screenshots, cloud, notes apps, and email are all hacking targets.
Never type it into any website. A legitimate wallet never asks for your seed again. Any site asking for it is 100% phishing.
Verify recovery once. Confirm with a small amount that the words you wrote actually restore the wallet before relying on it.
Do not use a "pre-set seed" from a used hardware wallet. Always generate the seed yourself on a new device.
Plan for distribution and inheritance. Keep it in one place and it is vulnerable to fire and theft; tell no one and it is locked forever upon death.

Connected Concepts

Public-Key Cryptography - the private and public keys that the seed gives birth to
The Complete Bitcoin Wallet Guide - the types of wallets that hold a seed
Backup and Inheritance - strategies for long-term storage and passing it on
Multisig - multi-key security that spreads the risk of a single seed
How Bitcoin Addresses Work - how a derived key becomes an address

ideas Multisig (Multisig) - Multi-Signature Security ideas CoinJoin ideas Node (Node) - Bitcoin's Sovereign Verification ideas Backup & Inheritance Planning