Latest

Ledger Stax and Ledger Nano X Wallets: Which is right for you?

Vault12Art Krotou

Ledger Stax and Trezor Model T: two strong wallets compared

Vault12Art Krotou

Voice-Level Security: A New Dimension of Digital Trust

Vault12

How to choose between the Ledger Stax and Trezor Safe 5 Wallets

Vault12Art Krotou

Basics

Learn about how the risks of holding cryptocurrency are different than those of traditional investments, and how to move ahead with confidence and safety.

View all articles

What happens to your Crypto when you die?

Understanding your choices when it comes to inheritance of digital assets


Your estate planning should include any cryptocurrency, NFTs, digital art, and other digital assets that you own. The Vault12 Guard app makes that planning easy, so you can rest assured that your crypto will live on when you die.

"Quite simply, if you don't record all of the details about your assets and communicate them to the people who will be the beneficiaries, those assets will likely be lost forever." -Wasim Ahmad, Chief Crypto Officer at Vault12

What should you know about how to pass on your crypto assets?

If you're at all involved in or curious about investing in digital assets, you've probably wondered "Can digital assets be inherited?" The answer is yes! Vault12's Chief Crypto Officer Wasim Ahmad shares his thoughts about the most important things to know about Web3 asset inheritance and passing on your crypto.

Inheritance: What will happen to your NFTs, digital art, and crypto when you die?

What will happen to your NFTs, digital art, and crypto when you die? You need to understand the fundamentals of inheritance, and how to pass on your Web3 assets to your children or heirs.

How is Crypto Inheritance different from traditional Inheritance? 

Hello. My name is Wasim Ahmad, and I'm with Vault12, the pioneering creators of the digital inheritance mobile app Vault12 Guard. Today we're going to talk about inheritance for Web3 assets.

We should carefully consider Web3 inheritance because it is fundamentally different from the relatively straightforward steps for a traditional inheritance. With traditional assets, you go to the bank or the broker, you tell them that someone has passed on or is incapacitated, and then you get access to those assets. But in the Web3 world, as the owner of those assets, you are responsible for the security and safekeeping of those assets.

How can NFT Collectors pass on Web3 assets? 

Who cares the most about Web3 asset inheritance? The most conspicuous group is NFT collectors. People have an emotional attachment to NFTs. They're buying NFTs that they love, often regardless of the value. These are cherished assets that they fully intend to pass on to others.

How can Web3 Creators pass on Web3 assets? 

The second group that cares a lot about passing on Web3 assets is creators. Creators usually keep an inventory of NFTs, often in the form of an inventory of art. They also have royalty wallets, so that every time an NFT is transferred or sold, a portion of that sale's proceeds goes into that wallet. These are wallets that need to be protected for the long term!

How can crypto enthusiasts pass on their assets? 

The third group that needs to pass on Web3 assets is, of course, crypto enthusiasts who have purchased cryptocurrency and want to make sure that it will be passed on. Crypto inheritance can include Ethereum, Bitcoin, and tokens from other blockchains.

How to ensure that your Web3 assets will be inherited as you wish

The most essential part of making sure that your Web3 assets will be inherited is making sure that you have a bang up-to-date inventory of all of your assets.

We've all purchased NFTs and cryptocurrencies on different blockchains, which are stored in a myriad of different Web3 wallets. The number of possible ways to acquire digital assets means that there's not going to be just one thing that needs to be inherited; there will be multiple components. Each of these needs to be documented, and that list needs to be bang up-to-date.

How should an asset inventory list be communicated? 

One of the main elements of risk relates to the protection of your asset inventory. And then somehow, you need to actually pass that inventory list on. Consider what Web3 wallets tell you to do from a security perspective: they say to write down the seed phrase, write down your private key, back up your private key and your seed phrase so that you have it. Often you're doing this on paper, and typically with inheritance-related things, you're writing things down on paper and giving them to your lawyers. Every time you write stuff down on paper, although you might also store it in a safe, or some other safe place, the minute that you hand your asset inventory over to a law firm, a lawyer, or any set of people, you are exposing that information, which initiates a potentially unacceptable risk. After all, it will hopefully be a long time before anyone will need to use those credentials!

In contrast, Vault12 Guard does not disclose your asset inventory to anyone until it is needed.

Does storing assets in a secure wallet mean that Inheritance is set up? 

The second risk is that many people have relied solely on technology like hardware wallets, and other types of cold storage device to store their seed phrases and their private keys. And yes, these technologies can offer secure access to Web3 wallets. However, just storing assets on a hardware wallet does not mean that everything is set up for inheritance in the future! Secure storage protects your assets from internet-based threats and from casual exposure or hacking. But for inheritance, you actually need to communicate what the assets are and how to access them.

You still need to back up your hardware wallets, but you also need some kind of solution - like Vault12 Guard - that will take that information and pass it along to your beneficiary.

Who should be the beneficiary of your Web3 assets? 

It is very common to assign beneficiaries or legacy contacts to all kinds of accounts, from bank and insurance accounts to social media accounts like Facebook. Assigning a beneficiary for your NFTs, art and crypto should be just as easy - and with Vault12 Guard, it is.

Introducing Vault12 Guard: How to ensure your NFTs, digital art, and crypto pass on to your heirs when you die

Introducing Vault12 Guard: Ensure that your NFTs, digital art, and crypto pass on to your heirs when you die. Vault12 Guard protects your assets today and in future generations.

What is Vault12 Guard?

Our latest technology release Vault 12 Guard is a mobile phone app designed for ordinary people who are collectors, creators creating digital art and NFTs, and crypto enthusiasts buying cryptocurrency. Vault12 Guard is designed to make it as simple as possible to back up all of your Web3 assets and then assign a beneficiary who can receive those assets in the event of incapacitation or death of the owner.

How to get started with Vault12 Guard

With Vault12 Guard, it's very simple to back things up. It's very simple to activate Inheritance. And it's very simple for your heirs to retrieve those assets when needed.

How does it work? Very easy: Download the app from any of the app stores (iOS or Android), install it, create a digital vault, and then you can immediately start adding assets, which will be stored locally on your phone device for full, distributed, decentralized backup and inheritance.

Who are Vault12 Guardians? 

With Vault12 Guard, you can add and assign your own Guardians. These are people that you know: they could be business partners, family members, or friends who will guard your vault. Your Guardians will grant access to your Web3 assets in the event of your passing.

How will your beneficiary use Vault12 Guard? 

Once you've designated a beneficiary in Vault12 Guard, then everything's set for inheritance. You don't really need to do anything else apart from every time you add an asset, make sure that you put it in the Vault, with a backup, for your beneficiary to use when the time comes. To activate inheritance, all the beneficiary needs to do is make the request, the Guardians review and approve it, and then the beneficiary is granted access to all of the assets. The beneficiary can then access those assets and transfer them to whoever is the Rightful heir as defined in your will.

What are the key takeaways for Crypto inheritance?

One key takeaway is that first, you should work with an attorney to plan your Trust & Estate strategy.

Secondly, you need to understand the risks associated with backing up and planning the inheritance of Web3 assets. Given those risks, you'll need to choose a solution that works for you. We think that Vault12 Guard is the best solution, and that it can do an excellent job for you. Use it, or an alternative Inheritance solution ... or risk losing everything forever.

Why should you care about Cryptocurrency Security?

Five risk categories that everyone should know, tales of staggering losses, and recommendations to protect your digital assets.


Learning about crypto security may seem daunting, since cyber threats are complex and ever-evolving. As a crypto investor, you don't need to become a crypto security expert, but there are a few very important concepts that you should understand. This article offers a summary of what you need to know about crypto security, reveals the biggest risks, and suggests a few things that you can do to best protect your assets.

Key Highlights: Crypto security considerations

Here are some of the main considerations when it comes to crypto security:

  • Retain your independence: If you trust any institution to protect your seed phrase for you, you are not taking advantage of the greatest feature of cryptocurrency: independence.
  • Theft is usually permanent: If someone steals your seed phrase and takes your crypto, you will probably never get it back.
  • Your best protection is a private, secure backup: If you lose your seed phrase, and you don't have a backup, your crypto is gone.
  • Don't forget about inheritance: If you don't share access to your seed phrase with anyone at all, your heirs will never be able to access it.
Some simple best practices can help you protect your crypto — let's dive into them.

What are the security threats to cryptocurrency?

To be brutally honest — and this goes for all kinds of valuables — if you don't pay attention to security, hackers or accidents will likely take your hard-earned assets from you.

There is a big difference between using traditional financial institutions to trade stocks and manage your bank accounts, and the world of buying and selling digital currency.

The key difference is:

If you forget the password to your bank account, you can obtain a password reset from the bank, but if you forget the "equivalent to a password" for crypto that you hold, there is no one who can restore your access to your funds.

Why? Because crypto is protected with a digital key represented by a list of words known as a seed phrase, and without this seed phrase, you cannot access your funds. This means that protecting your seed phrase is the same as protecting your funds.

You could avoid the responsibility of protecting your seed phrase by relying on a centralized exchange like Coinbase or Gemini to hold your crypto wallet for you as your custodian. When a custodial exchange controls your wallet, they are responsible for protecting the keys, and if you forget your exchange password, they can give you access to your cryptocurrency again. Although this is very convenient, whatever entity controls your keys or codes also controls access to your cryptocurrency, and that comes with downsides ("third-party risk"). In uncertain times, a primary benefit of owning cryptocurrency is the ability to "be your own bank" and to control your own funds — this is the very promise of the Blockchain and cryptocurrency. To realize this benefit, you must control your own keys, and thus, your own security.

The threats to your seed phrase — and hence to your cryptocurrency — range from hackers attacking centralized exchanges and stealing millions of dollars worth of cryptocurrency, to fraud by the owners or employees of exchanges, to the theft of your own local physical storage drives with seed phrases on them. However, the most likely threat is simply that you will lose access to the seed phrase because you lost the paper that you wrote it on. (Many crypto wallets advise you to just back up your seed phrase onto a piece of paper.)

Other threats include the seed phrase being lost in an accident (e.g., floods and fires that plague certain regions like California), or even — despite your diligent efforts to back everything up — you could simply forget the password to an encrypted drive where you stored your seed phrase.

Why is crypto loss so common?

What are the biggest risks to crypto security?

Let's examine the most common risks to crypto loss.

Don't worry — none of this is "rocket science." Moreover, cryptographic protection (and the "key management" that it requires) is not unique to crypto or Bitcoin, but is essential for your security on the Internet in general.

The best way to reduce these risks is to make sure that you carefully back up your seed phrase.

Supplementing this guidance, Vault 12's Wallet Guides show you how to create wallets in a secure and safe manner, and suggest when you should follow default instructions. We hope that these articles, written by security experts, help you to navigate crypto security in a simple way so that you can enjoy participating in the exciting and empowering world of crypto.

Let's explore in a little more detail.

"Safeguarding money is necessary for the crypto economy to flourish."

Cameron Winklevoss, Winklevoss Capital

What "owning your own money" really entails

In a traditional banking scenario, clients don't have to worry about the theft of their account funds, or incorrect transactions. This is because banks work to block potentially fraudulent transactions, and to issue chargebacks for unintentional transactions. The role of the traditional bank is to provide and ensure such security.

A distributed ledger on a blockchain network is also secure and resilient, though it uses different mechanisms. Blockchain transactions are extremely secure in the validation, resilience, and integrity that they provide.

However, points of failure associated with a blockchain network migrate towards the user's end of the spectrum: by managing your own money, you become the potential single point of failure in protecting your funds. How? As a cryptocurrency owner, your access to this resilient network is through your crypto wallet, and that access is granted through your seed phrase. Your seed phrase can restore your private key if your wallet is lost or damaged. Therefore, your careful storage and use of this private key — and your seed phrase backup — determines whether your crypto funds remain secure, or are exposed to loss or theft. In this way, you are fully responsible for the safety of your funds.

Blockchain transactions are fast and permanent

The decentralized finance (DeFi) movement has introduced a new paradigm in which owning your own money and participating in a decentralized financial network creates a whole new form of economic mechanics. Instead of central authorities solely determining an economy's fate through monetary policies, an economy is also affected by how blockchain software evolves, and by how people interact with it.

How a blockchain network settles and records transactions for a cryptocurrency is determined through the exercise of its operational protocols. Completed transactions remain immutable forever. Immutability is a characteristic that offers great security to monetary transactions: once a transaction is completed, it is committed permanently, and can not be reversed for any reason.

Transaction settlement is very fast compared to traditional banking, where charges may be reversed long after the transaction has been completed. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.

The challenges of crypto key management

Poor key management is by far the most common way that crypto is lost. Given that many of us need to rely on "forgot password" functions to recover simple 9-character passwords, it's unrealistic to believe that we can be trusted to casually maintain a digital key or seed phrase.

Key management is difficult for those that are tech-savvy — and even harder for those who aren't. Because of this predictable difficulty, estimates show that between 17 and 23 percent of all bitcoin have been lost as a result of losing a private key!

Taking control of your own crypto keys also puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. If this happened, your funds would be abandoned on the blockchain forever.

Hackers and crypto

Hackers pose one of the most serious threats to cryptocurrency holders. In 2017, 13.7% of the world's population reported a hack of some type digital asset — including both bank account balances and cryptocurrency. This indicates two important points: One: hackers are rampant, and will relentlessly continue to steal from consumers. Two: consumers are not effective at personal digital security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this will be a far greater threat than it is today.

Hacking attacks are possible through targeted malware or virus attacks, and through other deliberate compromises. In 2017, a virus attack named "WannaCry" yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a Chrome browser VPN extension was hacked and used to retrieve private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2 million from average consumers. In 2018, a MyEtherWallet browser plugin DNS hack let hackers steal over US$365,000 from users.

Exchanges have also not been left out of the fun — see Risk 1 below, showing that numerous major exchanges have seen thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges covered the losses that exchange users faced. This all goes to show that hackers indeed pose a risk to both cryptocurrency holders and cryptocurrency custody handlers.

How to secure your crypto: Risks and recommendations

Below are some poignant examples of loss, a summary of risks, and some common-sense recommendations.

Risk 1 - Leaving cryptocurrency on an exchange

When many people first start trading cryptocurrency, they end up leaving their crypto on an exchange. It's convenient, and the coins are conveniently available to use in transactions — but unfortunately, hackers love the fact that so much crypto is in one central place, ready for the taking.

According to to Inside Bitcoin, more than $11 billion (and counting) has been stolen not only from supposedly secure crypto exchanges, but also from other custodial wallets and mining platforms, mostly due to hacking incidents.

The number of exchange hacks is not declining over time. According to NASDAQ, Cyber-attacks and hacking incidents on digital assets netted $1.8 billion in the first 10 months of 2020 alone.

A large hack happened on the KuCoin centralized exchange in September 2020, with hackers stealing $275 million from the Singaporean exchange.

Hackers have gotten their hands on $11 billion in stolen cryptocurrency since 2011. More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets, and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed. - July 2020

Exchange hacks are not just limited to third parties - employees, and even founders of exchanges have perpetrated massive frauds, as demonstrated by the now-infamous FTX exchange fiasco.

In addition to the famous QuadrigaCX case in 2019, another top10 exchange, OKEx, suffered an outrageous hack by a founder who went missing, absconding with exclusive access to users' private keys. This led the exchange to freeze withdrawals on all users' assets for more than five weeks.

This is why it is essential that you not leave your crypto assets on exchanges, regardless of assurances to the contrary.

Recommendations:

Exchanges are the main target for hackers. Those are the biggest honeypots. So the number one rule in Crypto is, do not keep your money on an exchange, and if you're going to custody that money, you need to do it off of the exchange..."

Joe DiPasquale, BitBull Capital

Risk 2 - Storing Cryptocurrency locally

There are many, many stories of seed phrases being backed up onto local devices and then getting lost or stolen, or the PIN/Password being forgotten. The trouble with local storage is that it's easy to lose, or even for someone to target and steal the storage device.

Recommendations:

Risk 3 - Being targeted by criminals

With so much of our personal information available to anyone who wants to target us, the risk of your crypto being targeted is very real. Personal attacks include email phishing attacks, SIM Swap attacks that can sidestep 2-factor authentication, and various other ingenious social engineering attempts. The majority (50%) of crypto thefts in 2020 occurred on Defi protocols.

"We know how some hackers passed away their time during the lockdown: By running Bitcoin-related hacks and potentially netting "nearly $3.78 billion" in 2020," according to a report from Atlas VPN. - Jan 2021

Recommendations:

Risk 4 - Accidental loss and natural disasters

Data on cryptocurrency lost due to accidents and natural disasters is hard to come by, but estimates indicate it is north of $10 Billion. Accidents - whether losing your hardware wallet, or leaving your paper seed phrases behind because you had to evacuate California wildfires and earthquakes, have contributed. Many believe that the biggest loss comes from simply forgetting PINs and passwords - something that can happen even if you take precautions.

Tens of billions worth of Bitcoin has been locked and effectively lost by people who lost or forgot their key. Of the existing 18.5 million Bitcoin, around 20 percent appears to be in lost or otherwise stranded wallets, according to the cryptocurrency data firm Chainalysis. - Jan 2021.

James Howells, a Welsh I.T. worker, began mining Bitcoin on a personal computer in 2009. By 2013 he had mined 7,500 Bitcoin which is worth about $270 million in Jan 2021. In 2013 he stopped mining and sold the computer he was using for parts on eBay. He kept the hard drive with the hope that Bitcoin would rise in value. In 2013 when cleaning his house he accidentally threw the drive away and it, along with the rest of his trash was taken to the local landfill in Newport, South Wales and buried. Asked how it ended up in landfill, he explained that it was "thrown out into a bin bag during a clear-out in a case of 'mistaken (hdd) identity' in summer 2013. There were two HDDs in the same drawer, the wrong one got binned? s*** happens."

The landfill reportedly contains about 350,000 tons of waste and 50,000 more tons are added every year. An article reported that "a council spokesperson said their offices have been "contacted in the past about the possibility of retrieving a piece of IT hardware said to contain bitcoins," but digging up, storing and treating the waste could cause a "huge environmental impact on the surrounding area."


Recommendations:

Risk 5 - Loss of Generational wealth

We usually don't think of death or incapacitation while contemplating how to enter the brave new world of crypto, yet the consequences of how crypto is secured means that to ensure the accessibility of funds by future generations, specific protective steps must be taken. This starts with talking to a trust and estate lawyer to draw up a will and a plan for how beneficiaries can access assets. This can be a convoluted process. As a result, companies like Vault12 have identified solutions to provide simple and easy-to-use solutions for digital inheritance.

There is a steady drumbeat of these stories happening with worrisome regularity:

In December 2018, Gerald Cotten, the founder of the bitcoin trading exchange QuadrigaCX, died (under somewhat mysterious circumstances) resulting in the loss of $250M and the exchange going bankrupt. Gerald was only 30 years old and had not created an inheritance plan, nor were instructions of how to access the centralized assets ever found.

In April 2018, Matthew Mellon, heir to Mellon family banking fortune and former chairman of the NY Republican Party finance committee, and cryptocurrency proponent, died. Prior to his death, he held an estimated $1B in Ripple (XRP) - all of this remains were inaccessible as he left no instructions, even though he protected the cryptocurrency via cold storage in multiple locations around the US in different people's names.

In 2017, an unidentified young crypto investor in Colorado died with a small fortune in cryptocurrency held in a coinbase account. The family, however, had no access to the account and eventually had to petition Coinbase directly. Eventually the assets were released after a lengthy process. If the account holder had not been a U.S. Citizen, this would have been a much more complicated process.

Recommendations:

What is a Seed Phrase or Recovery Phrase?

Why a seed phrase is so critical to protecting your crypto assets, and how it works with your crypto wallet.

A seed phrase is one of the most important concepts in cryptocurrency security. It can be alternatively referred to as a recovery phrase, backup code, or mnemonic phrase.

To fully understand this guide, you should first familiarize yourself with wallets and private keys to understand the basics of what seed phrases protect. Then you will see why seed phrases are so important to properly backing up your crypto assets.

Key Highlights on Seed Phrases or Recovery Phrases

Seed phrases are a series of words that are used for the backup and recovery of cryptocurrency wallets. They are defined by the BIP39 standard, which is implemented by most crypto wallets.

Here are some important facts about seed phrases or recovery phrases:

  • Your seed phrase can be used to restore your crypto wallet.
  • Your seed phrase must be backed up and kept secret.
  • Writing down your seed phrase on paper is not a very robust way to protect it.
  • An additive "passphrase" could add some security, but it could cause problems - it is an advanced feature with potential pitfalls.

What is a seed phrase?

In cryptocurrency wallets, the all-important private encryption key that secures crypto transactions is a long string of hexadecimal characters (a mix of letters A through F and numbers zero through nine) that is not possible to memorize, and is tricky to transcribe in any form. For example, "A5CD7462F..." could be just a small part of a 64-character private key. Instead of having to deal with such a long string of meaningless characters, the wallet seed phrase is made up of a much smaller set of words (often 12, 18, or 24) that can be used to generate your wallet's private key.

Crypto wallets handle these complicated transformations for us so that we humans can just deal with simple seed phrases rather than encryption keys.

This seed phrase can be used to back up and later regenerate your private key in case you ever need to restore your wallet. The order of the words is critical: if your seed phrase starts with the words "state, tiger, collect, license...," for instance, they must remain in exactly that order.

When creating a seed phrase, it's important to use a reliable form of random word generator rather than simply selecting words based on your preferences. A random number generator will ensure that your words are chosen more randomly than you could choose, making your seed phrase as secure as possible.

Where did the idea for seed phrases come from? Seed phrases are part of the BIP39 standard, which is an industry-accepted way to generate crypto wallet private keys from seed phrases. Because it is a standard, you can use your seed phrase with any BIP-39-compatable wallet manufacturer, rather than being "locked into" just one wallet.

How does a seed phrase protect your crypto assets?

A seed phrase is essentially a backup for your private key. Because your seed phrase is a secret that no one else knows, and it is so random that it is impossible to guess, losing your private key effectively means losing your crypto assets.

If you lose access to your crypto wallet, re-entering your exact seed phrase into a new BIP39 software wallet is the only way to get your cryptocurrency back. This is why it is so important to back up your seed phrase securely and privately.

Where can you get a seed phrase?

Hardware, software, and desktop wallets can generate a seed phrase for you, or there are methods that you can use to choose a series of random numbers that can be associated with the BIP39 dictionary. There are a variety of techniques you can employ, including using Vault12 Guard. Here is a comprehensive list of ways to generate a seed phrase.

How do you use a seed phrase and passphrases in your crypto wallet?

Most digital wallets will have a "Restore from Backup" option, which will ask you to type in your 12, 18, or 24-word seed phrase. As long as you have your seed phrase backed up, it is simple to restore your wallet: just enter the words in the correct order, and your assets will be recovered.

In addition to relying on your seed phrase to secure your wallet, you could also add an additional "passphrase" to your seed phrase. That way, if someone gains access to your seed phrase, your assets have another layer of protection. For wallets that support the addition of passphrases, like the Trezor hardware wallet, passphrases can be long strings and can even include spaces. However, forgetting this passphrase would also mean you lose access to your cryptocurrency forever, even if you have the seed phrase.

Given the added risk of loss, experts do not agree that the use of a passphrase is helpful, especially if you are confident in your method for securely storing your seed phrase. Most wallet vendors counsel that passphrases should only be used by advanced users. Additionally, not all wallets support passphrases in the same way, so not only do passphrases come with added risks of loss and error in transcription, but they can complicate wallet migration or restoral.

How should you back up your seed phrase?

The most common way to back up a seed phrase is to write it down on a piece of paper - which is not recommended. And while it's also possible to memorize the phrase, it is very risky to rely on memory for such an important piece of data. Each copy must be securely and thoughtfully protected ... do not retain "extra" or temporary copies of your seed phrase anywhere.

How can you restore your seed phrase from Vault12 Guard?

If you backed up your seed phrase in Vault12 Guard, Vault12 does not have access to it, but each of your selected Guardians uses Vault12 Guard to store just a piece of an encrypted form of it.

To gain access to your seed phrase backups, just follow simple steps to restore your Vault.

Vault12 offers much more guidance to help you properly back up your seed phrase and protect your crypto.

How To Back Up Your Crypto Wallet

Backing Up Your Crypto Wallet With Vault12 Guard Preserves Your Personal Crypto Security

Crypto can be difficult to store securely, but backing up your crypto wallet is essential so you can recover funds if your crypto wallet is ever lost, stolen, or damaged. A proper crypto wallet backup is also important for inheritance purposes so your assets live on, even after you die.

Why should you back up your crypto wallet?

Proper crypto wallet backups protect you from threats ranging from criminal actors and accidents to natural disasters and damage. Once securely backed up, you can recover your assets in times of need.

A proper backup of your crypto wallet involves recording:

  • Each crypto wallet asset
  • Seed phrases and passphrases
  • Any supporting files for your assets

All crypto backup solutions should be physically secure, digitally secure, and resilient to degradation – but unfortunately, not all of them are.

What are some limitations of common crypto backup methods?

These are some common backup methods, but each has drawbacks:

  1. Back up to metal plates - This method sounds simple, but to do it right takes some planning, cost, and time.
  2. Back up to a local drive - This method is quick, but fraught with risks!
  3. Back up to the Cloud - This method is also quick, but it has significant risks related to the involvement of third parties.
  4. Back up to “brain wallet” - This method is slow, unreliable, and only justifiable in cases of extreme limitation or duress.
  5. Back up to paper - This method is extremely vulnerable and surprisingly subject to error.

How does Vault12 back up your crypto wallet?

The video demo below shows you how Vault12 Guard is used to back up a crypto wallet, making sure your assets live on, even after you pass:

YouTube

Vault12 Guard crypto backup is decentralized, resilient, and secure.

Vault12 Guard allows you to breathe easy, as it avoids the pitfalls of other backup methods:

  • Guard's backups are decentralized. There is no single point of failure, allowing you to recover even if your phone is lost or stolen.
  • Guard does not rely on Cloud servers. Your assets remain private from third parties and resilient to Cloud outages.
  • Guard implements post-quantum encryption - giving your assets the highest possible level of security.

Vault12 Guard is the most advanced yet simple crypto backup solution

Not only is Vault12 Guard secure and resilient, but it is also simple to use. It allows you to back up all types of wallets, as well as NFT-related files, to construct a full inventory of your crypto assets. This includes multi-wallet management, which Vault12 simplifies with an integrated backup and inheritance solution. When you need to restore your Vault, Vault12 makes the process easy by requesting access from your most-trusted Guardians.

Of all your choices for backing up a crypto wallet, Vault12 Guard uniquely backs up your crypto wallets in a manner that is physically secure, digitally secure, and passes the test of time.

Why does privacy matter?

Privacy is especially important for owners of digital assets - understand how to protect yours.


TL;DR

Keeping your crypto transactions private is important for your safety and confidentiality.

Be very careful who you share personal or financial information with.

Your personally-identifying information (PII) is a target for thieves.

"Know Your Customer" (KYC) information is collected by banks and many crypto-related service companies.

Public blockchain ledgers can be analyzed for clues about who controls which addresses.

HD wallets are recommended to generate a unique wallet address for each spend and receive transaction.

Privacy-enhancing wallets, strategies, and coins exist, but require at least an intermediate level of knowledge.

Bitcoin mixers offer an increasingly-popular way to gain privacy by combining together many users' unrelated transactions, then recording them on the blockchain as blended, more-anonymous transactions.

It is much easier to establish privacy of your crypto assets when you first buy them, rather than to make assets that are associated with you later look like they do not belong to you.

Privacy is important to crypto owners

It is easy for new crypto investors to overlook the importance of protecting their privacy when purchasing digital assets. At first, privacy may seem like a minor detail, since the initial purchase motivation may be just to "dip a toe into the crypto waters" with a nominal sum of money.

However, when you create an account on a crypto exchange, or start to use some other convenient "on-ramp" to crypto ownership, you are creating a digital footprint that can be attributed - by some party - to you. Once that footprint is established, you will likely be tempted to increase the size of your holdings by topping up your investment, or the value of your small investment might just skyrocket. Either way, an investment that you did not expect to be worth much suddenly could be worth a significant amount.

Although an increase in the value of your crypto holdings is great news, it reveals an important reason to be concerned about privacy from the very inception of your crypto journey: if anyone learns that you hold large sums of crypto, you are at risk of becoming a target of crime and theft. Privacy is important to cryptocurrency owners primarily because of the potentially high value that crypto holdings can have.

Privacy is also important because even for small crypto holdings, if your transactions are revealed to an audience that you did not intend, you could face potentially negative social impacts: you might use crypto to pay for sensitive products, financial accounts, or information subscriptions that you would rather not tell others about - in some cases, its discovery could make you a potential target for blackmail or harassment.

It is very difficult to restore privacy of crypto ownership after it has been attributed to you, and depending on how you choose to move existing digital assets, there may be profit-taking tax implications when you appear to be moving your crypto.

Smart crypto investors consider privacy before performing their very first transaction, no matter how you purchase your first digital assets.

Blockchain addresses can identify you

Anyone can track blockchain address transactions on public blockchain ledgers by analyzing transactions with a blockchain explorer such as Blockchain.info, etherscan.io, or solscan.io.

There are several ways that your crypto transactions could be identified as related: For example, if someone re-uses a blockchain address (like a single-address paper wallet), then all transactions that have been associated with that address can be identified as being linked to the same owner. Other types of transactions (like spending multiple tiny sums of crypto "dust" from different addresses at the same time) can also reveal connections between multiple addresses, showing that they are controlled by the same person or entity. Curious individuals, as well as professional companies specializing in blockchain analysis, puzzle together clues like these to gain more understanding and data about transactions.

Reused or associated addresses may reveal about the address owner:

  • what companies the person bought from
  • what causes they sent assets to
  • what income was received

Observers may not immediately know who controls a given address, but some day, they may see a clue that allows them to identify who the owner is. For example, if you reuse an address that you have shared with someone like a service provider, they could know who you are, and could watch other transactions that you perform at that address.

If someone can identify you personally as connected with a blockchain address that has received large sums of money, you could be targeted for blackmail, kidnapping, theft, or any number of threats.

People or organizations with a known Bitcoin receive address could also be blacklisted: for example, a payment-related organization like Paypal could decide that they do not want to support transactions sent to a given address.


HD wallets offer "fresh" addresses every time

A popular type of crypto wallet that helps you to preserve your crypto privacy is a Hierarchical Deterministic (HD) wallet. HD wallets are designed to give you as many spending and receiving wallet addresses as you want - a fresh one every time, completely avoiding blockchain address reuse.

To retain your privacy when spending or receiving crypto, you should allow your HD wallet to provide you with a new Send or Receive address every time you perform a transaction.

To create many unique addresses, an HD wallet uses the wallet seed phrase to generate a master key pair: an extended private key (XPRIV) and an extended public key (XPUB). Then it can create many individual private and public keys that are hierarchically below the master ones. If you want to know more about XPUB addresses, swanbitcoin offers a nice explanation.

Your XPRIV should obviously always be protected, since it can be used to sign transactions and spend your crypto! Your XPUB also should be kept secret, since it allows read-only access to all of the "receive" addresses in your wallet - an XPUB can be used to configure a "watch-only" wallet. In fact, the Vault12 Digital Vault has an "Address Explorer" feature that can use an XPUB to build a watch-only wallet for you.

What you can and should share with others is a unique, freshly-created send or receive address that your HD wallet will generate for you every time you want to spend or accept crypto. By using a new address for each transaction, the "outside world" does not know which transactions are associated with a given wallet - each of the transactions appears on the public ledger to be independent.

Diagram showing the secure exchange of dollars and bitcoin

An abstracted crypto transaction through a secure exchange

Limit who has your Personally-Identifying Information

Personally-Identifying Information (PII) is generally defined as any information or combination of information that could be used to identify you as an individual.

Common forms of PII include your name, government identification numbers (passport, drivers license, Social Security number, etc.), payment card numbers, birthday, physical address, email address, and telephone number. Even an IP address can be considered PII, although different countries have different privacy laws that vary on that point.

You should be very careful to only share your PII with reputable organizations, and only through secure, encrypted communication channels (like the main corporate https web site of the firms that you have chosen to work with). PII is a prime target of digital thieves. If your personal information were acquired by bad actors, it would be abused for fraudulent purposes, and then likely resold on the black market.

To protect your PII, be particularly wary of links in emails, since they are a common source of cleverly-crafted phishing attacks that target your PII. It is much safer to open your web browser and directly navigate to a reputable company's web site than to click on a link in an email, even if the email looks legitimate to you. Educate yourself and learn how to recognize and avoid being tricked by phishing attacks.

It is not directly related to crypto, but Facebook's ongoing challenges with leaked PII data demonstrate the high appetite for PII abuse - and keep in mind that PII attained from any source could be used to try to target crypto investors.

Exchanges, hardware wallet vendors, and all sorts of crypto-related firms are under constant attack as hackers try to steal PII. The hardware wallet vendor Ledger succumbed to one such high-profile attack in 2020, for which they had to issue a public apology.

Crypto exchanges know your Personally-Identifying Information 

Cryptocurrency has a veneer of anonymity, but due to connections with financial accounts that are used to exchange currency for cryptocurrency in "on-ramp" crypto purchases and "off-ramp" crypto sales, your identity is often able to be associated with your crypto transactions. By default, your personally-identifying information is known to exchanges and to other crypto-related service providers with which you establish accounts. Pay attention to what information is solicited from you when you register for any services.

We are accustomed to trusting reputable organizations with our PII, and usually they do a good job of protecting it. But we should be conservative with our judgement of which organizations we give our information to, and should be aware that when we sign up to use a crypto exchange or other crypto-related service provider, they, as well as government regulatory entities, have the ability to associate our identity with crypto wallet addresses that we use.

Exchanges use "KYC" information for Anti-Money Laundering

You may wonder why you have to give your personal information to crypto exchanges.

Financial institutions and many crypto exchanges support governments in their enforcement of anti-money laundering (AML) regulations. When large sums of money or other assets are moved, governments have the right to scrutinize transactions to ensure that no money laundering or other criminal activity is underway. The acronym KYC stands for "Know Your Customer," and it is standard for banks and other financial institutions to require KYC information.

If you buy your crypto through a KYC-compliant exchange, you give up some privacy. However, if you do not buy your crypto through a KYC-compliant "on-ramp," governments tend to perceive transactions as less legitimate, since they do not know as much about the participants - as a result, there may be even more scrutiny of non-KYC transactions.

As crypto regulations evolve, there are personal choices to be made about tradeoffs with respect to privacy and perceived legitimacy. There is no "right" level of anonymity for your transactions, but you should be conscious of the level of privacy that you choose, and you should be conservative about which institutions and individuals you expose your information to.

Your currency-to-cryptocurrency transactions (crypto "on-ramps"), and your cryptocurrency-to-currency transactions (crypto "off-ramps") are some of the most important financial events that you will conduct. Be informed and cautious in which organizations you trust with an awareness of these transactions.

Privacy regulations offer limited protection

Different countries and municipal regions have varying privacy protection laws that offer you legal rights to control who can access or use your personally-identifying information, for what purposes, and for how long. Some of these laws include the European General Data Protection Regulation (GDPR), the U.S. Gramm-Leach-Bliley Act, the California Right to Financial Privacy Act, and the California Consumer Privacy Act.

However, you still have to provide your KYC information to major crypto exchanges if you want to do business with them, and it is still up to you to be conscious not to leave clues about your spending patterns on public-facing blockchain ledgers.

Additionally, there are significant privacy risks that regulations can not protect you from: unplanned problems such as cyber attacks, institutional misconfigurations, or insider leaks from exchanges.

You can acquire crypto anonymously

If you would like to maximize your crypto privacy, there are ways that you can acquire crypto that do not rely on KYC-compliant exchanges:

  • Peer-to-peer trading platforms, which may use an escrow service to guarantee trouble-free payments.
  • Crypto ATMs (although some require identification, and if you use a credit or debit card at them, you have lost any anonymity).
  • Earning transaction fees as a crypto miner.
  • Earning freelance income from customers who pay you in crypto. (Usually they would know who you are, but perhaps you provide services pseudonymously.)

You can spend crypto anonymously

The crypto world offers technology known as "mixers," or tumblers, which increase privacy by combining crypto coins from many sources and redistributing them in such a way that it is impossible to say which coins came from which origin. Similarly, a Bitcoin privacy improvement called CoinJoin increases privacy by producing multi-party transactions, rather than having all involved transactions identify which party performed transactions with which other party - in this way, it blurs the visible line of who actually transacted with whom for how much.

For Ethereum, there is a smart contract called Tornado that makes it harder to identify which tokens are being sent from which addresses. However, technologies such as Tornado are complex to use, and work best in the hands of "power users" who understand the nuances of timing and other techniques of obfuscation for their transactions. Additionally, the United States Treasury's Office for Foreign Assets Control has prohibited U.S. entities from using Tornado Cash.

Crypto wallets like Wasabi and Samourai are easier to use, and offer tumbling features that can help users leverage mixing technologies.

Regulators do not particularly like these forms of privacy protection, but they are becoming more widely used nonetheless by users seeking to keep their privacy as robust as possible.

Crypto wallets that prioritize privacy

A few crypto wallets specialize in providing features that support you in protecting your privacy. These wallets tend to have fast-changing feature sets as they implement new technologies like mixers.

Some high-privacy wallets are best for intermediate to advanced users. Privacy features are a little more complex to use than "default" transactions. Your wallet's documentation is the best place to learn more about the specific privacy features that are available to you.

To help you understand all of the choices among crypto wallets, Bitcoin.org offers you a handy interactive tool to compare features among many privacy-conscious wallets. (Keep the criterion checkbox "Privacy" checked.)

Running your own Bitcoin node offers extra privacy 

If you run your own Bitcoin full node, you send your pending Bitcoin transactions to your own server to perform required checks against consensus rules, instead of sending them to a random node for those checks (which would reveal information about which transactions were requested from your IP address). Similarly, if your crypto wallet makes a request for your past transactions, your own full node could fulfill that request, rather than transmitting it to a random node for the information.

There are many guides about how to set up your own node to increase your privacy. Some wallet vendors provide instructions for how to run full nodes that integrate well with their products. Bitcoin.org offers a wealth of additional general information about how to get started with full nodes.

If you don't run your own full node, it is a good idea to use a VPN to obfuscate your IP address when you run crypto-related applications like your crypto wallet software.

"Privacy coins" may offer extra privacy  

Privacy Coins are cryptocurrencies that are designed to keep transactional details private through various identity-cloaking mechanisms such as one-time addresses, ring signatures, and confidential transactions. There is much more to be considered than privacy when choosing which cryptocurrencies to invest in, but privacy features are a valid consideration.

Bitcoin used with CoinJoin can be considered to be a form of privacy coin. Altcoins that are making a name for themselves as privacy coins are Monero, Grin, Zcash, and Dash (which uses PrivateSend, an implementation of CoinJoin).

Privacy Best Practices

Privacy best practices include:

  • Be conservative about which institutions you share your PII with.
  • Keep quiet about your personal crypto holdings and use.
  • Avoid blockchain address re-use.

Privacy advanced practices include:

  • Run your own node.
  • Purchase and sell crypto through anonymous platforms (brokered or peer-to-peer).
  • Use coin-mixing wallet features.

Diving deep into crypto privacy

Crypto investors who want an extremely high level of privacy need to stay on top of multiple fast-changing technologies and services. No set of references will remain current or comprehensive for long, but these sites offer a wealth of further detail about options to secure the highest levels of privacy for your coins:

How do Crypto Wallet Passphrases work?

Whether and why you might consider using a crypto wallet passphrase.


A crypto wallet passphrase is an optional feature that can be used in addition to your seed phrase to restrict access to your crypto wallet. The BIP-39 standard defines both the passphrase and the seed phrase. This comprehensive guide summarizes the usefulness as well as potential risks of passphrases, how Vault12 securely stores your passphrases, and goes into all of the specifics you need to consider to make an informed decision on how you want to approach wallet passphrases.

Key Highlights on Wallet Passphrases

  • While it is an optional feature, passphrases offer extra security in the event that your seed phrase is exposed, or if someone else gains access to your hardware wallet.
  • Passphrases also allow you to create multiple crypto wallets from a single seed phrase - in this way, you could even create a dummy wallet that would provide "plausible deniability" of your true holdings.
  • If you lose your passphrase, you will likely lose access to your crypto!
  • Because of the added risk of passphrase loss, passphrases are recommended only for experienced users.

Any and all passphrases must be carefully included in your crypto backup plan!

Vault12's distributed, encrypted backup technology makes it safe for you to store both seed phrases and passphrases in your Digital Vault.

The Vault12 Digital Vault securely stores your passphrases

Fortunately, you can keep all of your backup codes in one place if you store them in your Vault12 Digital Vault. Vault12 offers a uniquely safe way to store these sensitive pieces of data together because of how it distributes encrypted shards of your digital vault in multiple places. You have the flexibility to organize and describe your backup strategy in your choice of formats, whether in a simple way (with a single seed phrase), or in a complex way where you describe multiple wallets with unique seed phrases, passphrases, and other codes. Once your backup is safely stored away, you have the peace of mind of knowing that you or your choice of beneficiary will be able to access your vault and your crypto when needed.

Please keep in mind all of the following considerations as you make a decision on whether and why you might consider crypto wallet passphrases.

A wallet passphrase is one more layer of security for your crypto wallet

Crypto wallet passphrases can be added during your wallet configuration as an extra layer of security. Passphrases are different from seed phrases, and different from wallet app PINs. Its mechanism is defined by the Bitcoin Improvement Proposal (BIP) BIP39 standard.

To recap where passphrases fit in: you already know that when you have a self-custody crypto wallet, your wallet seed phrase (also sometimes called a mnemonic code, recovery phrase, or mnemonic sentence) is a secret that can be used to reconstruct your crypto wallet, and to perform transactions. A well-chosen seed phrase offers excellent wallet protection, since it is not able to be guessed ... but If someone is able to use some other clever method to steal your seed phrase, then they could reconstruct your wallet, and take all of the crypto out. Unless, that is, your wallet is protected with a passphrase.

Unlike a seed phrase, if you set a passphrase, you need to enter that passphrase every time you run your wallet app in order to see your crypto. In this way, having a passphrase is very much like having 2-factor authentication for your wallet (although it leverages "two things that you know," rather than "something that you have/are" plus "something you know").

Note that your crypto wallet should not store passphrases - so even if there were a known or unknown vulnerability in your wallet, your passphrase could not possibly be extracted. Trezor highlights this fact on their security page.

If you'd like to refresh your memory about the basics of how crypto wallet seed phrases and passphrases work, consider reviewing the Vault12 article about the BIP39 standard.


Be aware that some wallets use words other than the term "passphrase" that comes from the original BIP39 standard. You may see passphrases called a "seed extension," "extension word," "extension phrase," "13th word," or "25th word." For the sake of clarity, we will stick with the term "passphrase" here.

Passphrases increase both your protection and your risk too

Passphrases increase the complexity of your crypto wallet and your backups, because if you lose your passphrase, you will probably lose your crypto. Setting a passphrase burdens you with the risk that you could fail to properly back it up, or that your backup could fail. Your passphrase must be backed up just as carefully as your seed phrase.

Also, depending on how you have chosen to back up your seed phrase, it may be advisable to back up your passphrase in a different place or way than your seed phrase. Consider that if both the seed phrase and the passphrase are sitting together in your physical safe, and your safe is broken into, the thief will have both secrets, and the passphrase wouldn't offer any added protection.

If you were to back your seed phrase up in one place and your passphrase in another place, it would be critical for both of those storage locations to be reliable (so not just a magnetic disk in your closet, or your memory). Additionally, each of your separate chosen storage mechanisms would likely have a unique set of passwords, PINs, or other identifiers to access them ... making the complexity of storing your seed phrase and your passphrase separately very high.

The core reason that it is safe to store both your seed phrase and your passphrase together in the Vault12 Digital Vault is because Digital Vault contents are stored in a distributed way as encrypted shards of data - no individual besides you can access a copy. This gives you both redundancy and personal control at the same time as the convenience of a single easy-to-use interface.

Because the concept of passphrases is tricky, and because some people would not carefully back it up, many crypto wallet vendors do not expose the passphrase feature by default ... it may need to be enabled in wallet Settings. Some wallets don't support passphrases at all. Like a sharp knife, a wallet passphrase is an excellent tool in careful hands - but experts recommend that users do not set a passphrase unless they have spent the time to fully understand the risks and responsibilities that go along with setting one and backing it up. No matter how careful you are with your crypto, your passphrase is a single point of failure (SPOF) if lost. There is a lot at stake!

Passphrases should be hard to guess

As you would expect, any passphrase that you set should be strong. A passphrase acts like an extra-long password, and contains multiple words. Because they can contain multiple words, and even space characters, passphrases can be both long and more rememberable than a regular password.

A simple passphrase could be brute-force guessed within a few hours, days, or weeks. Many experts point out that the practical defensive benefit of a passphrase is to buy you extra time to move your crypto funds if you discover the theft of your seed phrase or hardware wallet. The longer and more-complex your passphrase, the more time you have to move your funds before the bad actor does.

For more guidance, you could review this article about password management that includes a specific section about how to choose a good multi-word passphrase. You should also keep in mind that different wallet vendors allow different length limitations (e.g., Trezor: 50 characters; Coldcard: 100 characters; Ledger: 100 characters). These differences in allowed passphrase length become important if you think that you may want to change hardware wallets in the future to one with a shorter maximum passphrase length. A 50-character passphrase, assuming that it contains sufficient unpredictability, offers very strong protection.

By default, wallets use a blank passphrase


If you do not set any passphrase when you configure your wallet, a blank passphrase is used by the wallet to determine where your crypto is stored on the blockchain network. If you do set a passphrase, your wallet stores your crypto at a different place on the blockchain.

What this suggests is that if you set a passphrase when you configure your wallet, and then you put some crypto into your wallet - all is well; you see your crypto! But then if you decide to install a second wallet, using just your seed phrase and no passphrase, the wallet with no passphrase would show you a zero balance! This behavior can lead some beginners to think that they have lost all of their crypto, when actually, they just did not configure their second wallet with the same passphrase that they used when they set up their first wallet. All they would need to do to correct this situation is to re-open the second wallet and provide the correct passphrase.

Wallet passphrases can be used for multiple purposes

Now that we've reviewed the basics, now let's consider the main ways that wallet passphrases can protect your crypto.

  1. A passphrase adds an extra authentication step: If you set up a crypto wallet with a seed phrase and a passphrase, you have extra protection if your seed phrase is exposed, or if your hardware wallet is exposed or lost, since both the seed phrase and the passphrase are needed to access the wallet.
  2. A passphrase-protected wallet can act as a "hidden" wallet: If you set up a crypto wallet with a seed phrase and a passphrase, you really have two wallets: one uses a passphrase, and one does not. You could switch between them by exiting and re-opening the same wallet application, based on whether you entered the passphrase or not. Or you might choose to use only the passphrase-protected wallet and not use the passphrase-free wallet at all.
  3. Multiple passphrases could be used to create multiple wallets: If you configure a more complex setup with one seed phrase and multiple passphrases, you create multiple wallets. As described above, you have the ability to choose which of the wallets is shown when you enter the passphrase to open your wallet application. In this way, you could choose to have several wallets, each with a different mix of crypto funds.
Read on to explore more detail about these uses.

It is easy for beginners to become confused when creating multiple wallets from a single seed phrase. Do not attempt this advanced functionality unless you thoroughly understand the concepts!

BIP-39 Passphrases help if your seed phrase or hardware wallet are stolen

Whether you plan to use multiple crypto wallets or not, setting a passphrase is sensible protection if you are not able to keep your seed phrase or hardware wallet perfectly secure (for example, maybe you can not fully control who may come or go from your home, hotel, office, or room due to shared accommodations or staff access). Because of the chance that your seed phrase or hardware wallet could be stolen or examined by an unauthorized person, it can be very helpful to add a passphrase in order to reduce this risk of illegitimate access.

Would you know whether your wallet or seed phrase were compromised? Maybe ... your physical safe might show signs of forced opening, or you may realize that you absentmindedly left your seed phrase lying around unprotected. Maybe your hardware wallet is missing from where you normally keep it. If you are not sure whether your seed phrase was leaked or taken, but you think that it could have been, it is best to assume that it was compromised, and quickly take action!

If your wallet may be compromised ... sweep it!

If you have a passphrase-protected wallet and you suspect that your hardware wallet or your seed phrase backup was compromised, your passphrase will hopefully protect your crypto until you move your crypto to a different wallet. As long as you move your crypto before the potential thief cracks your passphrase, you get to keep your crypto. To move your crypto into a new wallet, create a new wallet with a different seed phrase, and then send all of the crypto stored in your old wallet to the Receive address of your new wallet.

Moving crypto funds to a different blockchain address that you generated with a new seed phrase is called "sweeping," or key rotation.

Beware of the $5 Wrench Attack! 

The following image humorously demonstrates what has come to be called a "$5 wrench attack." It shows that a bad actor could just threaten you with a cheap wrench to physically force you to open your wallet for them.

This kind of attack serves as a reminder of why you should be very careful who you allow to know that you own any crypto - it can make you an appealing target for all kinds of thieves. This is one of the major reasons that privacy is so important for crypto owners.

Illustration depicting how people imagine security versus the pragmatic reality

Inspired by original https://xkcd.com/538/

Protecting against the Wrench Attack with passphrases

To protect against the $5 wrench attack, you could establish a "dummy wallet" by using an "extra" passphrase with your hardware wallet. The ability to show someone a "fake wallet" instead of your real crypto holdings if you are under duress is a form of "plausible deniability."

To understand how this works, remember that when you open your crypto wallet application, you only see the assets associated with the wallet that corresponds with the passphrase that you entered.

For example, you could configure three wallets with the same seed phrase and different passphrases. If you access the wallet using no passphrase, it could show you a small amount of crypto that you might use for day-to-day spending. If you access the wallet using passphrase "My$trongW0rd," it could show you a moderate balance that you might choose to sacrifice to a physical attacker. But if you access the wallet using passphrase "My$trongW0rd_real," it could show you the majority of your crypto holdings. In this example, as shown in the image below, if you were subject to physical attack, you could allow the attacker to have one or two small wallets, but not let them know that you have the larger wallet hidden with a different passphrase.

Chart showing strategy for obfuscating details of actual wallet using a passphrase.

This example shows how one could use pass phrases to generate a dummy wallet that one could show an attacker instead of the actual wallet. Everyone should devise their own personal strategy.

Multiple passphrases can be helpful in more than one way

Generating multiple wallets from the same seed phrase might come in handy in a few scenarios:

  • Defense against a physical attack (as described above): You can have a "dummy wallet" that you plan to offer if you are forced against your will to open your wallet.
  • Categorization: You might want to set up several crypto wallets as multiple "buckets" that you use for different purposes (maybe based on whether you intend to save it or spend it, whether you have held it for long enough to qualify for capital gains taxation, whether it is shared with your family, etc.)
  • Privacy: You might not want to keep a significant amount of crypto value in any one wallet address for privacy purposes.

Passphrases and your crypto backup strategy

Your backup strategy needs to include all passphrases that you use, and, if you have multiple seed phrases, it needs to indicate which passphrase goes with which seed phrase.

It is becoming more common for people to maintain multiple separate crypto wallets for various reasons. Some of these reasons are described above. You might have decided to keep multiple hardware wallets in order to perform multisig transactions. Or you might be trying out a new wallet or service ... there are many reasons that you could find yourself juggling multiple wallets. However you may have ended up with multiple wallets, it is critical that your backup strategy keeps track of which passphrases should be combined with which seed phrases!

When deciding how to organize your crypto backup strategy, think about each wallet backup "bundle" as if you were starting with zero knowledge and zero trusted devices (like your smartphone). What would you need to know to access each wallet? Accessing any individual wallet might require someone to know how to access your seed phrase backup (which might include a safe vault or decryption code), passphrase(s), and possibly 2FA backup codes. The exact information to be stored depends on what forms and methods you chose to protect your secrets.

Think your unique situation through carefully.

View all articles

Inheritance Management

Managing digital assets like cryptocurrencies can be complex, especially when it comes to inheritance.

View all articles

$6 Trillion of Crypto Assets to Be Inherited by 2045

How will you manage your crypto inheritance?

Over the next two decades, up to $6 trillion in crypto could be inherited, as younger investors favor digital assets over traditional stocks and bonds. Learn how this shift is reshaping wealth transfer and the future of investing

Unprecedented Asset Transfer via Inheritance by 2045

A recent report, the 2024 Bank of America Private Bank Study on Wealthy Americans, reveals key trends related to inheritance, and particularly how younger generations view the future of wealth, including crypto and estate planning.

An astounding $84 trillion of wealth transfer is projected over the next 20 years from current generations to Gen X, Millenials and Gen Z. Renowned expert Matthew Sigil, head of digital assets research at Van Eck (a prominent issuer of Bitcoin ETFs) has estimated that of this amount, $6T in crypto assets will be passed on via inheritance.

This transfer will be successful only if care and attention are paid to crypto inheritance planning and management, and if the right approaches are in place to support the technical transfer of these funds. Crypto assets are technically different in a number of ways to traditional assets, so inheritance needs to be carefully choreographed between asset owners, Trust and Estate Lawyers, and intended crypto beneficiaries.

Despite the fact that important steps must be taken for the safe, secure, and private transfer of crypto assets, none of the participants in the crypto ecosystem have offered inheritance plans or services. The pioneer of crypto inheritance management since 2015 has been Vault12.

Vault12 has built and continues to innovate a comprehensive solution that is easy to use for non-technical participants, yet incorporates a highly secure architecture and technology that is designed to preserve your crypto wealth and ensure successful transfer to your heirs. Learn more at vault12.com.

The Bank of America Private Bank Study

This report by Bank of America Private Bank analyzes financial outlooks, investing habits, and estate planning practices of wealthy Americans. The study reveals a generational divide, with younger wealthy individuals exhibiting different investment preferences than older generations. Younger individuals tend to be more skeptical of traditional investment strategies, and favor alternatives like cryptocurrencies and private equity. The study highlights the challenges facing wealthy families as they navigate wealth transfer, including the emotional strain of inheritance and the increasing burden of serving as trustee or executor.

Takeaways

  • Great Wealth Transfer: Approximately $84 trillion is projected to transfer from seniors and baby boomers to Gen X, millennials, and their heirs by 2045.
  • Crypto Inheritance Surge:Matthew Sigel of VanEck Investments estimates that up to $6 trillion could enter the crypto market through inheritance in the next 20 years.
  • Investment Shifts: Millennials and Gen Xers will inherit $84 trillion, with a growing proportion of cryptocurrencies.
  • Young Investor Participation: To reach the $6 trillion estimate, young investors (ages 21-43) need to allocate 14% of their inherited wealth to crypto: about $300 billion annually.
  • Broader Investment Preferences: Many young investors view traditional stocks and bonds as insufficient for superior returns, preferring high-growth assets like cryptocurrencies.
  • Risk Appetite by Generation: Younger investors show a higher risk tolerance, with significant crypto allocations (14%-17%) compared to older investors, who remain conservative.
  • Crypto Exposure: Younger investors hold the highest average exposure to crypto, highlighting a shift in how the next generation approaches digital assets.

Sources:
2024 Bank of America Private Bank Study of Wealthy Americans

VanEck: $6 Trillion Could Pour Into Bitcoin, XRP and Crypto via Inheritances Over 20 Years

Crypto and Digital Asset Allocations

Younger generations ranked Real estate (31%), Crypto/digital assets (28%), Private Equity (26%), Personal company/brand (24%), Direct corporate investment (22%), Companies focused on positive impact (21%), and bonds (17%) ahead of US stocks (14%) as the greatest opportunity for growth.Older generations (age 44+) ranked US stocks as the best growth opportunity (41%), followed by Real estate (32%), Emerging market equities (25%), International equities (18%), Private Equity (15%), Direct corporate investment (15%), Bonds (12%) and Crypto/digital assets (4%).

Bank of America 2024 Private Bank Study on Wealthy Americans

Crypto, Inheritance, and Wealth Management in Younger Generations

The 2024 Bank of America Private Bank Study on Wealthy Americans focuses on several key trends related to inheritance, particularly how younger generations view the future of wealth, including crypto and estate planning.

1. Crypto and Digital Assets

Younger generations (ages 21-42) are more inclined to see digital assets like cryptocurrency as a key growth opportunity. Around 28% of younger respondents ranked crypto as a promising investment vehicle, significantly higher than older generations, where only 4% expressed the same confidence. This highlights the generational shift towards embracing newer financial instruments like blockchain and decentralized finance.

2. Inheritance and Estate Planning

Interpersonal family dynamics can create tension during wealth transfers. For both younger and older wealthy individuals, unequal distribution of assets and a lack of clear instructions or communication were common sources of strain. Younger generations are more focused on including hard assets like jewelry and heirlooms — which are frequently overlooked in formal planning — in their estate plans.

3. Generational Differences in Wealth Management

Younger heirs are more likely to pursue alternative investment strategies, such as private equity and digital tools, reflecting their broader interest in controlling their wealth. These individuals also prioritize sustainability and impact investing as part of their inheritance planning, distinguishing their approach from older generations.

These insights demonstrate the ongoing generational divide in attitudes toward wealth management and the evolving role of digital assets in estate planning.

Inheritance and Estate Planning "Strain Points"

Reasons for strain. 41% of younger, 65% of older and 59% of total respondents say the reason for strain is interpersonal family dynamics. 29% of younger, 41% of older and 38% of total respondents say it's the unequal distribution of assets. 36% of younger, 20% of older and 25% of total respondents say it's a lack of clear instructions and documentation. 32% of younger, 22% of older and 24% of total respondents say it's a lack of communication. 33% of younger, 12% of older and 18% of total respondents say it's a lack of trust/transparency in the executor/trustee.

Factors driving strain on inheritance-related issues

Bank of America 2024 Private Bank Study

What you need to know about Crypto Inheritance Planning

Unlike traditional assets, crypto assets need to be managed differently from an inheritance standpoint. In fact, the only similarity between traditional and digital assets is that you must maintain an update inventory of them. The main challenges associated with crypto inheritance are:

  1. Inventory of crypto assets: You must carefully maintain an inventory of crypto assets. This means backing up seed phrases and/or private keys of all crypto wallets, across all blockchains, and all types of devices or places where those wallets exist, e.g., mobile phones, hardware wallets, cloud, and paper backups. Any assets that are not documented in your backup are liable to be lost.
  2. Privacy of all information:You must ensure absolute privacy of the backup information. Anyone with access to private keys or seed phrases will be able to compromise the funds. This includes ensuring that any documentation left with your lawyers is strongly protected.
  3. Critical Points of Failure: You must eliminate personal devices and cloud services as critical points of failure. The most significant risk in inheritance is reliance on individual devices, which can be stolen, lost, or damaged. The second risk is the dependency on one or more cloud servers. We have seen what happens when business relationships between cloud partners face legal challenges, or cloud services are disrupted by malware or bad software updates.
  4. Technical Beneficiary awareness: As the varieties of crypto assets expand over time, staying aware of them becomes important. You will need to designate someone technically fluent in this area. They may not be the ultimate beneficiary; however, you will need to trust them to distribute the assets per your wishes.
  5. Trust & Estate Attorney: You must consult with experienced lawyers who are well versed in inheritance of crypto assets. A great resource is "A Practical Guide to Estate Administration and Crypto Assets" by Richard Marshall from Hill Dickinson LLP.

Why Choose Vault12 Guard for Crypto Inheritance Management?


Vault12 is the pioneer of crypto inheritance management, and Vault12 Guard is the first solution to offer a simple, direct, and secure way for all types of investors to ensure that all of their crypto assets can be accessed by future generations.

Consider that:

  • Traditional approaches to the inheritance of assets, when applied to digital assets, create complexity and risk.
  • Your portfolio of digital assets is continually changing — you cannot rely on doing an inventory once, or for that matter continuously, without assistance.
  • A simple and direct approach like Vault12 Guard reduces the uncertainty around assets not being available to the designated recipient. It also avoids having to approach and petition each service individually during probate to gain access.
Vault12 Guard offers you:
  1. Inventory of crypto assets: The first step in inheritance is backing up all your crypto wallets. Vault12 makes this as easy as possible - despite the appalling lack of usability in current hardware and software wallets. There will always be new crypto assets on new blockchains, and Vault12 can manage any crypto asset on any device, on any blockchain, now and in the future.
  2. Privacy of all information:Your crypto assets are protected via a Secure Element (Secure Enclave in iOS, and Strongbox on Google Android phones), and the encryption used is Quantum-safe. With this security, no one knows what assets are part of your Vault.
  3. No Critical Points of Failure: No assets are stored locally, no assets are stored in any cloud, and no assets are stored at Vault12. There are no devices to lose, no paper backups, and no need to manually give encrypted assets to a subset of people. The Vault12 system is decentralized, making it a difficult target for hackers — and in fact for any type of failure.
  4. Confidence in a Technical Beneficiary: With Vault12 you get to designate a trusted technical beneficiary. Should you change your mind, you can swap them out at any time.
  5. Flexibility in Trust & Estate Attorney: While regulations and guidelines for inheritance planning can vary from state to state and country to country, Vault12 Guard is designed to be independent of whatever legal framework you choose to govern the inheritance of your assets. Vault12 Guard is simply a transfer mechanism that ensures all your crypto assets are passed from your control to a designated technical beneficiary.

Key Product Features of Vault12 Guard

The Vault12 platform provides your crypto assets with the highest security and strong backup resilience. Vault12 Guard Inheritance enables you to designate a beneficiary (an executor, trustee, or other chosen beneficiary) who can inherit the entire portfolio of digital assets that you choose to store in your Vault. There is no need to update an inventory continually or to issue updated instructions.

  • Unified Digital Vault: Use Vault12 Guard Digital Vault to store digital assets, including cryptocurrency, financial login information, legal documents, medical records, and more.
  • Guardian Network: The Vault is protected by your network of Guardians: friends, family, and/or business associates — people that you know and trust.
  • Beneficiary Designation: Designate a beneficiary from your chosen Guardians. A declaration is then digitally signed, and can be emailed to other parties, such as lawyers.
  • Trigger-Based Access: As a Vault Owner, you can configure a legally-defined trigger such as incapacitation or death. When the trigger occurs, the beneficiary indicates they are ready to access the digital assets. Assets are unlocked and transferred to the beneficiary only when a designated number of Guardians approve the request.
  • Preemptive Veto Option: Should the beneficiary attempt to access the assets before they are intended to, the owner can veto the request before any of the Guardians receive an approval request.
To learn more about Vault12, please visit vault12.com.

.

2024 Bank of America Private Bank Study, focusing on inheritance trends and the role of digital assets. They symbolize generational wealth transfer, incorporating elements like cryptocurrency and estate planning.

Crypto Inheritance Planning vs. Traditional Estate Planning

Both types of planning work hand in hand to protect your digital and traditional assets

Crypto Inheritance Planning is a specialized subset of general estate planning that deals with the unique challenges of digital assets such as crypto wallets, cryptocurrencies, NFTs, and other blockchain-related assets. As you invest more in these assets, planning for what happens to them when the time comes is just as important as planning for traditional assets.


Why Crypto Inheritance Needs Special Attention

Crypto assets don’t work the same way as traditional financial assets when it comes to inheritance, nor are they like physical assets.

  • Traditional financial investments usually include a beneficiary as part of the financial institution account: institutional processes will manage inheritance distribution.
  • Physical assets might be located on your property (or even at a marina, stable, or airport), and are often registered or insured in your name, leaving a clear “paper trail” of ownership. Generally, your beneficiaries are aware that you have them, and they will be easily discoverable when you eventually pass. These assets will be sold or distributed among your beneficiaries according to your wishes as expressed in your will.
  • Crypto assets are generally not discoverable by others unless you make a specific effort to make them so. This is why making an inventory of your crypto assets and setting up a plan to redistribute them as part of your inheritance plan is so critical.

For each asset type, you should consult with experts to consider legal and tax issues relative to transferring ownership of the assets when needed.

For crypto assets, you also need to consider the security of your digital holdings while you are still alive, and a safe mechanism for transferring access to your crypto wallet after you pass. This is where Vault12 Guard can help you.

Legal and Tax Considerations

Crypto inheritance is affected by many of the same jurisdictional issues that affect traditional inheritance, such as laws surrounding wills, probate, and executors. Depending on your area, rules on taxes and transfers can affect how your crypto assets are inherited. This is why it’s crucial to consult legal, financial, and tax professionals who understand both traditional and crypto-specific inheritance planning. They can help you navigate those rules and make sure that your plan is both effective and legally compliant.

Security Before and During Inheritance

You already know that you need to keep your guard up to protect your crypto investments while you are alive. There are risks seemingly around every corner! One of the unique risks to cryptocurrency holdings is that you should not trust anyone or any institution with seed phrases to your crypto wallets while you are alive. Also, due to several types of threats, your privacy is of utmost importance - you don’t want many people to know that you have crypto holdings.

How can you keep your seed phrases secret from everyone, yet still make them securely available to your beneficiary after you pass? Vault12 Guard solves that problem.

What to Consider in Your Crypto Inheritance Plan

Be sure to cover these steps when adding digital assets to your estate planning:

1. Consult inheritance experts: Choose an estate planner or inheritance professional who knows crypto. They can guide you through the following:

    a) Tax implications of digital asset transfers.

    b) Legal frameworks that govern the inheritance process for digital assets, including how trusts and sales of these assets might affect beneficiaries.

2. Consider your need to secure and protect your private keys and/or seed phrases: These are the gateway to your assets, so keep them secure.

3. Consider your need to document your digital assets: When you implement your inheritance plan, you will need to create a detailed inventory of all your assets including every wallet and other blockchain-related holdings. For NFTs, you will need to make sure both wallets and original media files are backed up.

4. Include a technically-minded beneficiary. Choose someone you trust who can manage the technical aspects of accessing and potentially transferring the assets in your wallets. You might have a simple scenario where you store a small number of wallet seed phrases (which might not require a particularly advanced technical beneficiary). But your crypto holdings might be complicated, or sprawl across multiple platforms. Each individual situation is unique.

Crypto inheritance planning is an essential part of securing your digital legacy which is better done sooner rather than later. By planning now, you’ll avoid costly mistakes, and gain peace of mind from knowing that your assets will be conveniently passed on as you intend without risk or confusion.

Inheritance planning with Vault12

How Vault12 Guard Helps You Manage Your Crypto Inheritance

Managing digital assets like cryptocurrencies can be complex, especially when it comes to inheritance—but it doesn’t have to be. Vault12 Guard ensures that your digital inheritance is securely managed, and that only the right people—your chosen Guardians—can approve your beneficiary’s access at the right time.

Implement Your Inheritance Plan

Vault12 encourages you to create a carefully considered inheritance plan that covers all of your digital assets. Once your inheritance plan is set, Vault12 Guard will help you manage access to these assets and ensure everything is handled as you intended.

A Comprehensive Digital Vault

Vault12 Guard isn’t just for backing up crypto wallets. It’s a comprehensive solution for backing up all types of digital assets and storing sensitive information:

  • Seed phrases from any type of wallet and even private keys including Bitcoin, Ethereum, and other cryptocurrencies. Vault12 Guard allows you to select from a pre-determined list of wallets or add your own.
  • Non-fungible tokens (NFTs).
  • Digitized copies of legal documents, medical records, or any other personal records.
  • PINs and instructions for accessing devices and password managers.

Vault12 keeps everything safe and organized in one digital vault.

Backed up and Protected By Trusted Guardians

Your digital assets are protected by your most trusted people: your chosen Guardians, who can use Vault12 Guard for free.

In the event that you lose a device like your mobile phone that holds crypto wallets, Vault12 Guard offers you and your Guardians a straightforward process to restore your assets.

In the case of inheritance, your Guardians must approve the beneficiary’s request to access your Digital Vault.

Manage your Digital Inheritance with Vault12 Guard

Vault12 Guard is available on iOS, Android, MacOS, and Windows. For detailed guidance on setting up your digital inheritance with Vault12 Guard, including step-by-step app screenshots, check out our guide here.

Here’s a brief overview of the essential steps after you download the app:

  1. Set Up Your Vault: Implement your digital inheritance plan by adding your digital assets and designating Guardians (including your beneficiary).
  2. Manage: Use Vault12 Guard to do the heavy lifting:
    1. provide truly high-security storage for your data
    2. add or remove wallet seed phrases and other digital assets
    3. add or replace Guardians, and verify their “active” status
    4. securely transfer access to your Digital Vault with your Guardians’ approval.

Regular Asset Reviews

As with all assets, it’s a good idea to periodically review your digital assets to check for legal or regulatory changes that may affect your holdings, related technology or product updates, and current market value. Adjust your digital inheritance management strategies as needed.

Check in with your Guardians, too, to confirm their continued readiness to help guard your digital assets.

Vault12 Guard makes managing and inheriting digital assets simple and secure. Whether you’re new to cryptocurrency or looking to safeguard your digital legacy, Vault12 provides an easy-to-use solution for modern estate planning and inheritance.

How Vault12 Guard Helps You Manage Your Crypto Inheritance

Backup and Inheritance for Bitcoin Runes

Understanding Runes: how to protect your ownership and future inheritance.


What are Inscriptions, Ordinals, and Runes?

We recently shared the story about how in 2023, the Ordinals protocol was added to the Bitcoin network. Users began to use Ordinals to inscribe unique data (NFT "inscriptions") directly onto Bitcoin satoshis, and soon thereafter, Ordinals inscriptions enabled the creation of fungible BRC-20 tokens on the Bitcoin blockchain. Inscription-based Bitcoin NFTs and BRC-20 tokens expanded the Bitcoin landscape to encompass both fungible and non-fungible tokens. BRC-20 tokens became fairly popular, achieving a market cap exceeding $2 billion.

Then in September 2023, just as Ordinals was reaching peak popularity, the same developer behind Ordinals, Casey Rodarmor, proposed another new protocol for tokens on Bitcoin: Runes. Runes introduces a fresh token standard for Bitcoin, streamlining the process of creating fungible tokens and enhancing efficiency for users. The motivation behind Runes was to improve upon BRC-20.

Runes launched at the same time as the April 20, 2024 Bitcoin halving event, at network block 840,000.

What makes Runes better than BRC-20?

Runes aligns more closely than BRC-20 with the Bitcoin community’s values and unwritten rules, like protocol simplicity, independence of off-chain data, and using unspent transaction outputs (UTXOs) as a state model. Runes also uses a smaller blockchain footprint, thus avoiding the perception that it is filling up the Bitcoin blockchain with “garbage” data.

In contrast to the complexity of BRC-20, the simple rules of Runes tokens allow the tokens to be included in many wallets, requiring only relatively minor modifications by wallet developers.

If you are interested in learning more about how the Runes protocol works, you can read more about it in the Ordinals documentation.

Why do Runes have such long names?

Runes have a unique, forward-looking characteristic of ticker naming: shorter names for individual Runes will be unlocked (allowed) over time. This rule is intended to prevent a rush of front-running and "squatting" more attractive, shorter names. At first, only Rune names of thirteen or more characters are unlocked, which is why (depending on when you read this article) you might only see Runes with long names avaliable for mint and sale. An example of an early Rune name is "UNCOMMONGOODS." How quickly are shorter names unlocked? Runes was unlocked at block 840,000, and after that, the completion of every 17,500 blocks (which takes about four months) unlocks the next-smaller length of Rune name availability.

What will Runes be used for?

Initially, we will inevitably see a lot of meme Runes traded, since they are so simple to create. There are more "serious" Runes projects in the works, but it’s hard to predict which will be successful, and when more value-added Runes-based projects will be available.

What are some popular Bitcoin Rune projects?

You can follow along with which Runes projects are new and most popular at several online Runes explorers, including Ordiscan.

How can you mint, buy, and sell Runes?

Platforms like Ordinalbots can make the process of "etching" and minting Runes simple. "Etching" sets the properties of Runes, and “minting” creates new ones that may then be transferred.

Trading platforms like Magic Eden already support Runes purchases and sales. OKX is another.

Always do your own research and/or consult with a professional if you're unsure about anything.

How do you use a wallet to back up and protect your Runes?

Runes-capable wallets operate like other crypto wallets. To buy some Runes and back them up:

  • Create an account, secure your seed phrase backup, and deposit funds into your choice of Runes-capable wallet.
  • Create or purchase Bitcoin Runes on your platform of choice.
  • Use a Runes-compatible Receive address in your wallet to receive the Bitcoin Runes from the marketplace or trading platform you've chosen.
Back up the recovery phrase for your Runes wallet in the same way as you would for any other wallet. If you were to lose access to your wallet without backing up the recovery phrase, you would lose your Runes and anything else in that wallet.

How do you ensure inheritance of Bitcoin Runes?

You must protect your long-term storage and the inheritance of Bitcoin Runes in the same way as you would any other Web3 digital asset.

Web3 asset inheritance is different from the relatively straightforward steps for a traditional inheritance, where you go to the bank or the broker, you tell them that someone has passed on or is incapacitated, and you are given access to those assets. In contrast, with Web3 assets, you, the owner, are responsible for the security and safekeeping of those assets. If you haven't recorded all of the details about your assets and communicated them to the people who will be the beneficiaries, your assets will likely be lost. Even if you did record the details correctly, there are still a lot of ways for heirs to go wrong with complex technical things during the succession process.

Take the risk out of your web3 and Bitcoin asset wallet backups by storing your wallet seed phrases in a specialized digital vault.

How can Vault12 Guard protect your Bitcoin Runes?

Image of Vault12 Guard app on mobile phone

Our latest technology release Vault12 Guard is a mobile app designed for ordinary people who are collectors, Web3 creators, and crypto enthusiasts buying cryptocurrency. Vault12 Guard is designed to make it as simple as possible to back up all of your digital assets and then assign a beneficiary who can receive those assets in the event of incapacitation or death.

With Vault12 Guard, it's very simple to back things up for your own wallet recovery. It's very simple to activate Inheritance. And it's very simple for your heirs to retrieve those assets when needed. Download the app from any of the app stores (iOS or Android), install it, and create a digital vault. You can immediately start adding assets, which will be stored locally on your phone device for full, distributed, decentralized backup and inheritance.

With Vault12 Guard, you can add and assign your own vault Heirs and Guardians. These are people that you know: they could be business partners, family members, or friends who will guard your vault. Your Guardians will grant access to your Web3 assets on the event of your passing.

You can learn more about Crypto Inheritance here, or jump right into learning how to quickly set up your vault to bring longevity and resilience to your digital assets journey.

How to Self-Custody, Back Up, and Inherit NFTs with Vault12

NFTs enable creators to revolutionize art, but they also support additional use cases, including digitization of many types of unique physical and digital goods (such as concert tickets and identity documents). Learn how you can protect these valuable assets with Vault12.

TL;DR

An NFT ("Niftie") is a blockchain token that is associated with a specific physical or digital asset that has a unique form and value. In contrast, cryptocurrencies such as BTC, ETH, or other altcoins are interchangeable with others of the same type (for example, 1 bitcoin (BTC) = any other BTC).

NFTs can be linked to unique physical assets, e.g., a diamond, a piece of physical art, a digital asset like an online concert ticket, or digital art.

NFTs can be tracked on a blockchain as they are transferred or sold to other people. As an added twist, NFTs can even be programmed so that when they are sold on the secondary market, a portion of the proceeds are automatically sent to the creator, thus creating a whole new motivational value chain for the creator economy.

NFT functionality is still in its infancy, but has the potential to fundamentally change how all types of assets are traded.

You should protect the NFTs you own by using Vault12 to securely back up the wallet that holds the keys to your NFTs. It is especially important for creators, who may have authored a myriad of NFTs, to protect the keys to their NFT wallets, since all proof of ownership revolves around protecting those keys.

What is an NFT?

NFTs, or Non-Fungible Tokens (also known as "Nifties"), are digital assets tracked on a blockchain like any other digital token. The term "non-fungible" means that each token is unique. An NFT and its trading history can be tracked on the blockchain. Unlike Bitcoin, where each BTC is valued the same as any other BTC, NFTs can have different values depending on their attributes, and depending on their unique market demand.

NFTs come in all shapes and sizes, but all of them have two key properties:

  1. They are linked to actual assets - either physical or digital. Effectively, NFTs express the immutable right of possession. This right is cryptographically fixed in a blockchain as an advanced digital version of a "certificate of ownership."
  2. They are tracked on the blockchain so that their ownership history can always be verified. This means that not only digital items can be tracked, but physical items that have been tokenized and represented as an NFT can be tracked as well.
This opens a wide range of use cases for NFTs:

Art: Both digital and physical art can be tokenized, traded, and tracked via a blockchain. In a famous example from March 2021, a JPG image produced by digital artist "Beeple" fetched $69 million (lol) in an auction run by famous auction house Christie's. Other high-profile artists, musicians, and creators are creating new art, as well as tokenizing their historical catalogs.

Plane Tickets: Yes, plane tickets (in fact, tickets of all kinds) can be issued, tracked, transferred, and even bought and sold, optionally with a percentage of the ticket price going back to the original issuers.

Baseball Cards: Cards and other collectibles, including limited edition items, can be registered, traded and collected.

Real-world physical assets: Real-world valuable assets like diamonds or real estate can also be tokenized, and then traded! As long as there is clear provenance (a known source, or history of ownership) for the physical items, they can easily be traded on a global market, once they are registered as NFTs.

As for the future of NFTs, there are some incredible possibilities for how Smart Contracts will increase the utility of NFTs even more by supplementing them with real-world, dynamic data. Just consider the possibilities for NFTs beyond their usual function (serving as a record of the chain of custody and ownership): GPS location data can show the physical location of an NFT-tokenized object; real or virtual sports outcomes can offer additional token "rewards" to NFT owners; economic data can be used to automatically modify interest rates used for NFT-tokenized mortgage agreements. A dynamic NFT becomes a trackable asset that can be used for various contractual relationships besides just collectible trading.

How are NFTs different from Cryptocurrency?

Most NFTs live on the Ethereum blockchain, although some other blockchains also offer NFT support. Unlike cryptocurrency coins like Ether, which are interchangeable with other coins of the same type (fungible), NFTs are unique (just like snowflakes)! So what gets tracked on the blockchain for any given NFT captures its unique properties, as well as its trading history.

How do I create an NFT?

To create an NFT, first choose a blockchain network. Ethereum has the widest range of NFTs today, but some other blockchains that support NFTs include Binance Smart Chain, Flow by Dapper Labs, Tron, Polkadot, Tezos, Cosmos, and WAX, to name a few. Your choice of NFT blockchain network will determine which exchanges and crypto wallets will interoperate with your NFT.

If you choose to use Ethereum for your NFT, you will need a crypto wallet that supports the associated ERC-721 standard. Examples of these wallets are MetaMask, Trust Wallet, Coinbase Wallet, or Rainbow. In addition, you will need some funds in Ether (ETH). All Ethereum transactions will cost a transaction processing fee (also called a "gas" fee).

The NFT trading platforms that enable you to create NFTs include OpenSea, Rarible, and Mintable. To use these NFT platforms, connect your crypto wallet to the platform, click the "Create" button, upload your digital art or other NFT format, and accept the contract terms and details. Once your NFT is signed with your wallet, your NFT is ready to go and can be listed on the blockchain.

How do I buy an NFT?

There are lots of sources to buy NFTs, and there are more coming online every day. The most popular platforms include:


Here's a livestream of the first-ever authenticated Banksy art burning:

How do I secure, protect, and back up my NFTs?

NFTs are registered on the blockchain and linked to your wallet address, so backing up your NFTs follows the same process as backing up a wallet's seed phrase.

If you own the digital art source file itself (regardless of its format), you can also back this up in a Digital Vault. This ensures that your copy of the art is also protected from being accidentally deleted or lost. This is especially important for NFT art that may happen to pass through many hands (e.g., auction houses), and is also important for insurance purposes.

Read on for step-by-step instructions for how to protect your NFTs and original artwork using Vault12.

How to back up from an NFT Platform

Once a creator or developer has created an asset, it needs to be "minted" on an NFT platform. Minting is the process of registering the asset on the blockchain and activating the smart contract that governs the NFT (e.g., these terms can include what percentage of future sales are credited back to the creator). Once minted, the NFT can be made available for purchase. Buyers will purchase from the NFT platform directly, using their crypto wallet.

NFT Platforms support wallets in different ways. Some wallets can display NFT records, others cannot (we're still in early days of this technology).

In the following example, we will use Opensea.io (a leading NFT platform), and the Metamask mobile wallet:

 

Image of an NFT at OpenSea

Opensea.io

 

Image of an NFT Metamask wallet

Metamask mobile wallet

With NFTs (as with standard cryptocurrency), the wallet seed phrase becomes the most important piece of information to back up and secure.

Here's how to reveal the seed phrase in our Metamask Wallet so that it can be backed up:

 

Image of navigating to Metamask Wallet settings

1. Settings

 

Image of Metamask wallet settings

2. Security & Privacy

 

Image of Metamask wallet Security settings

3. Reveal seed phrase

 

Image of Metamask seed phrase screen

4. Seed phrase displayed

Backing up your Crypto Wallet

Once you have access to your seed phrase, you can back it up with a Digital Vault from Vault12.

In the following sections, we will demonstrate how owners of NFTs, as well as creators, can utilize a Digital Vault as the mechanism to store seed phrases, as well as secure the original asset.

How can NFT Owners Use a Digital Vault to back up NFTs?

A Digital Vault has the advantage of being focused on a singular purpose: securely storing digital assets for long term use. While there are many types of "digital vaults" available for cryptocurrency storage, for NFTs it is better to use something that is independent of any one blockchain and can store any type of digital asset.

Here we will use Vault12 to demonstrate how an NFT can be backed up, and how digital assets can also be stored in a Vault:

Step 1: Create and configure a Digital Vault

 

Step 2: Add a new asset to your Vault: in this case an NFT. First, switch to the Vault screen by tapping on the vault icon on the bottom navigation pane. Tap Add an Asset, and choose NFTs.

 

 

Image of an empty Digital Vault

 

Image of Vault12 "Add NFTs" screen

How can you back up your NFT seed phrase in Vault12?

Start by choosing "Add a Seed Phrase" to add your NFT wallet's seed phrase. For convenience, the name of the software wallet type that you use to control the NFT will be suggested, but you can use any name.

Entering the seed phrase could be done by choosing either "Enter each word," or "Free format text." If you want to refresh your memory about the details of seed phrases, you can do that here.

 

Image of adding an NFT wallet type in Vault12

 

Image of adding a Metamask seed phrase

 

As soon as you finish entering the seed phrase words, choose the name for the asset (or use the one proposed by the application), and choose between storing whether you want to hold the local copy, or only store a backup with your Vault Guardians.

 

Image of Saving an NFT asset in the Digital Vault

Finally, you will be returned to the Digital Vault screen that will display your added asset and indicate the status of its distribution to your Guardians.

Image of Digital Vault sending assets to Guardians

Creators: Use a Digital Vault to back up NFTs and original artwork

For creators, in addition to backing up wallets that contain NFT collections, there's also the option to back up the original artwork itself - this could be the form of an image, video or some other file format.

To add the artwork to your Vault, simply tap the "Add an Asset" option on your Vault screen, then choose "Add Media."

Screenshot of Add NFT screen

In this simple way, you can add files, images, or other media from files on your device or from your Photo Library to back up the source files of your highly valuable media.

Screenshot of choosing a media type to add
Screenshot of selecting a photo to add to your Vault

The final step is to give a name to your selected asset (you can associate it with the seed phrase name, to ease tracking of inventory), and choose whether you want to keep a local copy.

Screenshot of saving your NFT asset with a local copy

How to unlock and access assets in the Vault?

To gain access to your asset or artwork, select the asset in your Vault, and tap the "Unlock Asset" option.

To learn more about accessing the assets that are locked in your Vault, please read How to access your Seed Phrase or asset stored in Vault12.

The NFT market is new and constantly evolving, and there have already been hacking attempts on several platforms where owners and creators ended up having their accounts drained. Please make sure that you are using well-known and highly trusted wallets to associate with your collection of NFTs. Follow the guidelines laid out in this article to make sure you are able to robustly secure and back up your NFTs - whether you bought them or created them yourself.

View all articles

Backup

Vault12 Guard provides inheritance, and secure decentralized backup of seed phrases and/or private keys, giving Bitcoin (BTC), Ethereum (ETH).

View all articles

Risks of backing up your seed phrase on paper.

Paper is inherently vulnerable as a medium for long-term storage of any information - but the risks can be somewhat reduced if you counteract its weaknesses.


Cryptocurrencies are fueling a fundamental financial shift by allowing individuals to use cryptography to secure their own digital assets. Surprisingly, given the criticality of keeping safe backup copies of the encryption keys that control access to these digital assets, most cryptocurrency holders rely on paper as their chosen medium to back up their cryptocurrency access keys.

TL;DR (concentrated takeaways)

Paper backups of seed phrases are subject to a large array of threats, including loss, theft, and destruction.

Relying on paper backups is the leading cause of lost crypto assets.

Even safe deposit boxes may not fully protect paper backups.

Certain precautions, such as added physical protection, and having an equally-secure copy in a different location, can make paper backups less vulnerable.

Paper is a popular default backup medium because it is convenient for both consumers and wallet manufacturers. The use of paper to back up the all-important "seed phrase," or "private key," was for some years the assumed de facto backup mechanism described by cryptocurrency wallet manufacturers. In a survey of the 20 top wallets, 18 of them offered only one mechanism to back up the seed phrase: to write it down on a piece of paper and store it securely. The other 2 wallets surveyed also provided a paper backup option, and added the ability to generate an encrypted digital copy to be kept in a location such as a USB device, off-network laptop, or in the Cloud.

If you must write down your seed phrase or private key on paper, please do it temporarily, then use one of these methods to create a reliable backup, and then destroy the temporary paper backup. This article explains why these steps are necessary to preserve your investment.

The weakest link in crypto.

Storing your valuable backup key or seed phrase on a piece of paper carries unique risks for the crypto owner. Paper is delicate, and its threats include:

  • Gradual deterioration of legibility over time
  • Catastrophic destruction due to natural disasters like floods or fire
  • Accidental destruction by insects, animals, or people

Additional threats that are common to nearly all forms of backup include:

  • Loss or misplacement
  • Theft
  • Lack of awareness of backup location to family or heirs

The list of threats can go on and on. While designed with good intentions to protect crypto owners' assets from loss, paper backups actually have become the leading cause of lost crypto assets. Having a paper backup creates a false sense of security, because when an unplanned event causes a loss of the user's main wallet, they realize they do not remember or cannot access the paper backup they thought they had. As the number of cryptocurrency owners grows, this problem, with its devastating losses and resulting customer dissatisfaction with securing cryptocurrency assets, is also growing — with users often directing blame at wallet vendors.

The lesson of how fragile paper backups are was recently learned by the many residents of Los Angeles, California, as they had to evacuate their homes quickly to escape rapidly-spreading fires. How many left their paper crypto seed phrase passwords behind?

Risks of using Paper backups.


Paper backups and wallets are often kept in the same location and are therefore subject to the same risks as the owner's main wallet: fire, natural disasters, burglary, etc.

Casual owners are likely to forget the "secret storage location" of their piece of paper after few years.


In the case of an owner's accidental death, there is no way for their inheritors to recover the assets, which in the case of cryptocurrency keys makes those assets permanently inaccessible.


By nature, paper is not a long-term storage medium, and can easily become unreadable after years through natural wear and tear.


Casual users are confused about the role and function of paper backups and often blame the wallet vendor for any incidents regarding wallet backup and recovery. That creates a significant load of unresolvable cases for customer service and increases customer dissatisfaction with the wallet brand.


Further, in financially-unstable countries where cryptocurrency ownership is crucial, access to bank safe deposit boxes (a common storage location for paper backups) is often restricted during any bank crisis, exactly when users might need immediate access to their crypto-assets.



Inheritance.

Beyond restoring cryptocurrency access that may have been lost in a damaged wallet, one of the times when a seed phrase backup is most desperately needed is in the event of inherited crypto assets. Sadly, there have been many instances when the inheritor has been unable to access assets after the owner has passed away, because no one knows about any paper backup copy.

What can be done to reduce risk to Paper Backups?

If a cryptocurrency owner chooses to store their backup seed phrase on paper, they should at a minimum take care to:

  • Ensure that when they wrote the seed phrase down, their writing was not captured on camera, and any underlying pages in a pad were not imprinted from writing pressure.
  • Carefully destroy (for example, by burning) any temporary or interim copies that they may have created while producing a permanent paper copy.
  • Carefully ensure that no electronic copies remain on computers or printers that were used in generating the seed phrase, key, or QR code representation on paper. (This may require expert assistance.)
  • Understand the expected durability of the pen, pencil, or printer ink chosen. (Pencil is often recommended.)
  • Laminate the paper copy with waterproof, fade-proof, high-quality plastic.
  • Ensure physical safety of the backup paper in a vault. Consider keeping a second copy in a separate, equally-secure vault.
  • Let at least one other trusted person know about its existence.

Even if the protections above are followed, paper backups have limited reliability.

A better way.

Some crypto owners will not understand why they can't simply rely on the convenience of recoverable passwords like those used in traditional banking services. In the near future, as more types of transactions occur on blockchain networks, the security levels that we expect for today's cryptocurrency storage will also apply to fully-digital house keys, car keys, real estate titles, and a variety of personal property and documents that are currently secured by cryptographic keys. A better solution is needed to bring security and backup options to consumers at the forefront of this digital economy.

Illustration of a digital paper airplane with seed phrase words streaming behind it

How to securely destroy your paper seed phrase backup.

You should remove all traces of temporary seed phrase backups.


TL;DR (concentrated takeaways)

You should not keep any temporary paper copies of your crypto wallet seed phrase.

The Vault12 Digital Vault is perfect for permanently and safely storing your seed phrase backup.

Disposing of your temporary paper seed phrase is easy, but the details are very important.

You could dispose of it by burning it in your kitchen, and then flushing the ashes.

You could dispose of it by erasing, shredding, and then flushing the pieces.

Remember that your wallet seed phrase allows access to your crypto

By now, you know that your crypto wallet seed phrase is the most important thing to protect in order to guard your crypto assets. You have read about the need to use randomness to generate your seed phrase, and then how important it is to back it up to ensure that it is not lost or stolen. In this article, we will assume that you have already decided on which wallet to use, how to generate your seed phrase, and how to back it up. With your wallet set up and your seed phrase safely and permanently backed up, now you find yourself with a piece of paper that holds a "spare copy" of your seed phrase scrawled on it. How should you dispose of that precious piece of paper?

Why would you have a paper copy of your seed phrase? 

You probably ended up with that piece of paper containing your seed phrase as a result of your seed phrase generation and/or wallet setup steps. Until you are sure that your wallet configuration is complete, and your permanent seed phrase backup is complete, you likely wrote down your seed phrase on paper along the way.

If you generated your seed words incrementally with dice, you likely calculated them one by one, capturing each one on paper after it was chosen.

Similarly, if you let a crypto wallet choose your seed phrase for you, you likely wrote it down in order to confirm the words back to the wallet during the configuration process. In any case, you probably did not transcribe each word directly into permanent storage the instant that it was generated - you wrote it down offline, on paper, in order to have a copy to use to help you complete the steps of saving it to its permanent storage medium. Then you saved your seed phrase to a permanent medium such as your Vault12 Digital Vault, a steel card, or a limited-access, backed-up encrypted file. You might even have chosen to use two of those forms of secure, permanent backup.

Congratulations! But now you also have this extra piece of paper that you don't need - and it would be silly to leave it lying around waiting to be stolen, or to just throw it into your trash can.

Planning to destroy your temporary seed phrase copy

You need a foolproof way to destroy the now-unnecessary, temporary paper copy of your wallet seed phase, such that it can never be reconstructed. Here are some things to keep in mind as you plan to destroy it:

  • Don't put the task off. If you do not keep the temporary copy in a high-security safe until it is destroyed, every moment that it remains readable holds some risk that you could misplace it, or that it could be otherwise accessed. Properly disposing of it is not hard to do, and it does not take long - finish the task.
  • Meanwhile, be aware of cameras that could record the seed phase from the paper. Your smartphone, laptop, tablet, or security camera could all capture an image of your seed phrase without your realizing it. We have all become so accustomed to cameras around us all of the time, especially when they are part of our home security system, that we lose our awareness of what is being recorded. Don't take the chance of accidental image capture.
  • If you wrote down the seed phrase on a pad of paper, ensure that the page below the one that you wrote on does not have impressions that could be used to detect and reconstruct the words. Tap into your spy novel knowledge to imagine that possibility! If necessary, destroy the page underneath as well to remove all traces.
  • Be absolutely sure that you did not make any errors in backing up your seed phrase to permanent storage.

Now you are ready.

Illustration of person burning a paper seed phrase

Option #1: Destroy your seed phrase copy with fire and water

For all activities related to fire, you should of course carefully take appropriate safety precautions.

It is possible to burn your seed phrase outdoors, but we recommend doing it indoors, since indoor space is more controllable. (Outdoors, you may be more conspicuous, the paper could blow away partially-burned, or worst of all, you could accidentally start a larger fire.)

Indoors, you have a ready-made seed phrase burning area: your kitchen stove. When you are ready:

  • Just in case, know where your fire extinguisher is located!
  • Survey the area around the stove to ensure that there is nothing flammable.
  • Turn on the ventilation fan near your stove to prevent setting off the smoke detector.
  • Have a lighter handy.
  • Put a metal pan that you will use to contain the burning paper onto the stove.
  • Fold your seed phrase paper in half so that it makes a V-shaped "tent."
  • Place the folded paper into the pan, pointy side up (as an upside-down "V") - this will allow oxygen to circulate underneath it for a complete burn.
  • Carefully light the paper on fire, and wait for the flame to completely consume it.
  • Wait for the paper to cool. Crumble the ashes.
  • Flush the ashes down the toilet to avoid any chance of reassembly.

Option #2: Destroy your seed phrase copy by shredding and flushing

To destroy your paper seed phrase without fire:

  • First, if the words are written with pencil, completely erase them.
  • Shred the paper into extremely small pieces, such that even if any letters could still be read, no more than one letter would be shown on any piece. (This could be done using your hands, scissors, or a shredding machine.)
  • Flush the shredded pieces down the toilet to avoid any chance of their reassembly.

Your Vault12 Digital Vault is secure and convenient for your seed phrase backup

It is a good feeling to know that your seed phrase is safe and secure without having to keep paper copies lying around. Your Vault12 Digital Vault is the perfect place to store your sensitive digital assets including your seed phrase. Congratulations on being an informed, responsible holder of your own crypto assets.

Photo of shredded paper

How to back up a Seed Phrase

There are many ways to back up a seed phrase. This article summarizes for you the advantages and disadvantages of each method.

A seed phrase, or recovery phrase, is a sequence of words that a cryptocurrency wallet uses to access your cryptocurrency holdings. Securely backing up your seed phrase is a very important step, because knowledge of the seed phrase effectively serves as ownership of funds.

Cryptocurrency wallet documentation often offers limited advice about best practices to securely back up your seed phrase. A common recommendation made by wallet providers is to write down your seed phrase on paper and then store it in a safe place — but in itself, this is not sufficient protection.

For example, the official documentation on managing a Coinbase Wallet highlights the importance of securing your seed phrase but lacks detailed guidance, particularly on security options. We offer comprehensive guides on how to protect a Coinbase seed phrase, a Trust Wallet seed phrase, and other crypto seed phrases to keep your digital assets secure.

Keep reading...Show less
Futuristic vault

How to back up your seed phrase on Cryptosteel.

A highly secure way to backup your seed phrase is by recording it onto indestructible metal plates. This type of backup strategy is one of the most likely to pass the "test of time."


TL;DR (concentrated takeaways)

Backing up your seed phrase to steel plates offers a robust solution that is subject to only a few threats.

Don't give a steel plate vendor your seed phrase to stamp or engrave for you! This is a "DIY" task.

Once created, protect it well from discovery and theft.

Some options are Cryptosteel, Ledger CryptoSteel Capsule, Crypto Key Stack and Hodlinox (engraveable options), ColdTi (titanium), and Billfodl.

​When it comes to a decision about how to back up your seed phrase, you have to consider your personal circumstances, and weigh the pros and cons of the many options that exist. 

For offline, long-term, cold storage backups, utilizing steel is one of the most secure options. Steel requires no software, is nearly indestructible, and the backup process is completely manual and offline. Furthermore, the steel devices that are on the market today don't look like a seed phrase backup to those not already familiar with crypto seed phrases - this offers a degree of "security through obscurity" that could deter a common thief. (However, you should not rely on that protection! Always keep your backup in a safe or lockbox.)

Steel backups exist in a variety of formats. If you are handy with metalworking, you could even create a steel backup yourself. This review showcases Cryptosteel, which is produced from the original blueprints of the open-source Cryptosteel steel backup solution that was the first metal backup solution on the market. Cryptosteel sells its original model as the Cassette and has since added a Capsule version. Since the blueprint is open-source, the "cassette-type" steel wallet backup solution may be available from a variety of providers. If you consider several different steel backup solutions, consider the quality of each before making a purchase, since the place of manufacture, the grade of steel, and other characteristics may vary.

How is the seed phrase recorded onto the card?

A few companies offer ready-made steel plates, and all you have to do is input your seed phrase onto the steel. Different companies offer different ways of doing this, from sliding metal tiles into locking slots, to engraving, or using a metal punch. If you are handy and have the tools, you can even make a steel plate backup yourself.

There are 2 rules that you must follow if you are considering using metal plates as a backup:

1. Simplicity is the win-win! Some solutions are way too complicated. Fewer pieces = less chance for failure.

2. You should never ever provide the card manufacturer with your private key or seed phrase for "engraving" or whatever process they use. Unfortunately, some reckless manufacturers expose their customers to this severe risk ... pease keep your seed phrase safe by avoiding them.

What risks are steel cards still subject to?

Backing up to a steel plate is great - but don't forget about the importance of keeping that plate in a safe location. There is no "data security" layer present on a steel plate, so it becomes critical to implement steps to prevent unauthorized people from accessing the seed phrase or steel plate.

  1. Consider encrypting your seed phrase before committing it to steel - that way if the plate is exposed, you still have a layer of protection.
  2. Keep it in a safe place! If the plate is exposed, then your seed phrase is exposed, and you become at risk of your funds being drained.
Even if you keep your steel plate in a safe place, don't forget that if it is in your home or some other building, but your that building is devastated by fire, you may not find the steel plate amidst the ashes ... or even if it is findable in the rubble, you may not be allowed back onto the property to find it once you have been evacuated. Analogous risks exist in tornado-prone areas. The 2025 California fires in Los Angeles taught this hard lesson to its unfortunate residents.

Why protect Your Seed Phrase?

In the world of cryptocurrency, you are your own bank, and with great power comes great responsibility. Public blockchain cryptocurrencies are run on open, permissionless systems, where transactions are irreversible. There is no credit card company or bank to call and dispute the charges.

Your seed phrase provides full access to your wallet, and because of this, protecting your seed phrase is critically important. You can think of your seed phrase as equivalent in legacy finance to someone having all of your online banking information. Anyone with your seed phrase can access your wallet, just as anyone with your online banking information can log in to your banking account.

Protecting/backing up your seed phrase serves two purposes: First, it backs up your Wallet, allowing you to reconstruct your wallets in cases of device failure, new devices, etc. Second, it secures your Wallet by preventing bad actors from gaining access to your seed phrase, which would allow them to steal funds.

What is the Cryptosteel

Cryptosteel was the first steel seed phrase backup solution on the market. The concept was developed in 2013, and the blueprints were later released as open-source software. The rectangle block resembles a cassette deck, as suggested by its model name "The Cassette." The frame is a little bigger than a credit card and will fit easily into your pocket (although the pocket is a poor choice of locations for safekeeping).

The purpose of steel backup solutions like Cryptosteel is to safeguard your seed phrase from extreme scenarios. The Cryptosteel Capsule will survive fire up to 1400C/2500F degrees, and the Cryptosteel Cassette up to 1200C/2100F. (For reference, a house fire is around 600C/1100F degrees.) It will survive physical damage from flooding, electric shock, corrosion, magnetic shockwaves, and extreme pressure.

The form of the device does not appear to the untrained eye as a seed phrase backup solution - it appears simply as a block of metal. However, someone who is familiar with the devices will recognize what it is. After you have backed up your seed phrase, choose a proper location for storage, such as a safe or a lockbox.

The device is made from 100% AISI 304 grade stainless steel - the Capsule form also incorporates AISI 303 grade steel - and the company says that it can go undetected by many scanners and metal detectors. Since tech is always advancing, this is not a safe long-term reliance if your objective is stealth and your threat profile involves entities searching your house with metal detectors. If this is the case, embed the device onto a stainless steel object, preferably inside a wall, and your Cryptosteel will become masked and invisible to metal detectors.

How to use the Cryptosteel

When you first open the Cryptosteel, you will notice that the instructions are printed on the inside top of the cardboard box, along with pictures for each step. The device and the engraved steel tiles are neatly embedded into cushions.

0. Cryptosteel Unboxing

Cryptosteel unboxing

Remove the Cryptosteel device from the box, and the plastic container holding the engraved steel tiles. Printed on the box, underneath the plastic container, is an outline that maps out where each letter can be found in the plastic container. Each box shows 2 letters because the engraved steel tiles have one letter on each side.

Do you notice the elongated box in the middle, with numbers and symbols? BIP39 seed phrases do not contain numbers and symbols, but BIP39 does support adding a passphrase to the end of your seed phrase: this is sometimes referred to as the 13th or 25th word. However, the steel wallet only has 24-word options to fill, so if you have a 25th word, it won't fit. If you have a 12-word seed phrase, it will fit.

Cryptosteel outline and steel tiles

Cryptosteel device

1. Setup Cryptosteel

​Now that you are familiar with the device and have had a chance to look everything over, let's back up your seed phrase.

Step #1 - "Open the case by sliding upper and lower containers like a fan."

When you first hold your Cryptosteel, the device frame is closed and locked, and it appears as a rectangular block of steel. To back up your seed phrase, first, you need to open the device.

To open the device easily, place your fingers near the top of the device, and slide each side in opposite directions.

Identify the top of the Cryptosteel by looking for the side that has a thin rectangular opening, which separates the two blocks of metal. In contrast, the bottom of the device will be completely closed and solid.

You shouldn't have to push too hard to open the Cryptosteel. If you are pushing hard, you are likely pushing near the bottom of the device.

Opening Cryptosteel

2. Unlock the frame by turning the screw counter-clockwise

Now that the Cryptosteel is opened, notice that the device frame is actually 2 plates of steel, with each steel plate holding 12 words, so that you can store your seed phrase.

The way that you store your seed phrase is by sliding engraved steel tiles into the Cryptosteel and then locking it. By default, the device comes locked. To unlock it, you will need to use a flathead screwdriver, or something similar, to turn a screw counter-clockwise. In our testing, we were also able to use a credit card and a fingernail to turn the screw.

It is easy to identify the screw, because it is the only screw on the device that has an opening to be turned. If you lay the Cryptosteel horizontal, the screw is on the top right.

Unlocking the Cryptosteel

3. Release the safety lever by pressing inside the long slot with a small tool.

Before you can open the frame, you need to release the safety lever. The safety lever prevents you from accidentally opening the frame and having your steel tiles fall out.

To identify the safety lever, look for the thin rectangular opening with a small half-oval inside of it. On the 1-12 word side, it is underneath word 12. On the 13-24 word side, it is underneath word 24.

To release the safety lever, you need to push out the metal piece inside the long slot. It's possible to push it out using your finger, but it's much easier to use something like a screwdriver or similar object.

Releasin safety lever

4. Open the frame while safety lever is released

Once the safety lever is released, you can easily open the frame by sliding it open. When the frame is shut, it protects the steel tiles from falling out by keeping them locked in place. After you have opened the frame, you are ready to start placing your seed phrase in the Cryptosteel.

Opening the frame on the Cryptosteel

5. Insert the slots with the first 4 letters of each word

With the frame open, you will be able to slide the engraved steel tiles into the Cryptosteel. Notice the numbers engraved on the device. It is extremely important to follow the correct order! The Cryptosteel has 3 rows, each with 4 words.

Due to the way BIP39 works, you will only need the first 4 letters of each word. This is because each word of the 2,048 word list has unique first 4 letters. If you have a word that only has 3 letters, feel free to use a steel tile from the numbers and symbols box to represent the "extra" space.

Now, it is time to open the plastic case containing your letters, and put them into the Cryptosteel:

- Identify word 1 of your seed phrase, and identify the position of word 1 on the Cryptosteel.

- Gather the engraved steel tiles of the first 4 letters of your word.

- Insert the 1st letter first, position it in the slot, and slide it to the bottom.

- Insert the remaining engraved steel tiles to complete your 4 letters.

- Repeat the process for the rest of your 12 words.

*If you have a seed phrase that has more than 12 words, keep following this guide till the end, and then repeat the same steps for the second steel block that contains words 13-24.*

Sliding the engraved steel tile into the Cryptosteel

First 4 letters of the first word in the Cryptosteel

When you are finished sliding in the steel tiles, this is what it will look like

6. Close the frame and bend the safety lever back inside the slot

Now that all the slots are filled, the next step is to close the frame and close the safety lever. When doing this step, be very careful to keep the Cryptosteel flat and horizontal. If you tilt it too much, it is possible for the steel tiles to slide out!

Before you can close the safety lever, you have to close the frame. Closing the frame is super-simple: just push it back down into place, and it should naturally fall into place without much resistance.

To close the safety lever, you need to push it back inside the slot. This requires a little more resistance than closing the frame. If the safety lever doesn't want to bend back into the slot, just give it a good push.

7. Lock back the frame by turning the screw clockwise

Recall Step 2, when you had to unlock the frame by turning the screw counter-clockwise? This step is the opposite of that: you are going to lock the frame by turning the screw clockwise.

This is what your Cryptosteel will look like once you have locked the frame

8. If you have a seed phrase more than 12 words, repeat these steps for the other side

​The Cryptosteel is made up of 2 steel plates, with each steel plate containing 12 words. You have just completed setting up the Cryptosteel for a 12-word backup ... congratulations!

But what if you have an 18, or 24-word seed phrase? If so, repeat these same steps for the 2nd steel plate to back up the remaining words of your seed phrase.

When you are done, slide the 2 steel plates together so they form 1 steel plate. When finished, it will look like this:

The Cryptosteel, closed and locked

The advantages of using Cryptosteel

Using this method to backup your seed phrase provides protection from destruction via disaster. In today's world, you do not need to look far to see natural disasters happening around the world. From Texas freezing over, to fires in California, Cryptosteel ensures that your seed phrase is protected, and comes out completely intact on the other side.

The ideal solution

​Cryptosteel is near-perfect as a long-term backup and storage solution. Since the steel wallet is a physical device, storing it in a safe place that is under your control is crucial. The best place to store the Cryptosteel would be in a safe, lockbox, or cleverly hidden - for example, embedded in a steel object.

The Cryptosteel is not without downsides. For starters, recovering your seed phrase requires physically retrieving the device, which could be tricky, depending on your chosen hiding place.

Today, next-generation digital backup solutions are available that utilize military-grade encryption, providing the same level of security as the Cryptosteel, and incorporating high levels of fault-tolerance and ease of access to your backups. You could choose to have the best of all worlds by using the Cryptosteel to provide protection against disaster and destruction, combined with next-generation tools like Vault 12 for your day-to-day use - with the same level of security.

Back up your Recovery Phrase or add an asset using Vault12.

If you already have a Guard Digital Vault and a Seed Phrase, these steps show how to store your Seed Phrase as an Asset.

There are many ways to back up a seed phrase, and here we will show you how you can use the Vault12 Guard app to back up a seed phrase from your preferred wallet.

To back up a seed phrase using the Vault12 Guard app, you will need to complete the following steps:

  1. Using the Guard app, create and set up a Digital Vault.
  2. Add an Asset to your Vault, e.g., "Add Web3 Wallet."
  3. Using the Web3 Wallet, generate your Seed Phrase.
  4. Using the Guard app, save the Seed Phrase or backup code into your Vault.

Confirm your Digital Vault setup

In order to back up a seed phrase, you must have a working Digital Vault. If you have not created a Digital Vault and assigned Guardians to protect it, you can easily do that by following these instructions first.

After you have created a Vault, from the Guard app's Home screen, add an asset to your vault by tapping on "Add a Web3 Wallet."

 

Vault app main Welcome screen

Add an Asset to your Digital Vault

Alternatively, you could start from the app's "My Vault" screen, by tapping the Add an Asset button, or the [ + ] button in the upper right corner, and then choosing Web3 Wallet.

 

Vault app "My Vault" screen (empty vault)

Choose your Wallet type

On the next screen, you will be able to choose the wallet vendor you are backing up from (or which you plan to use). By identifying the wallet vendor, it is easy for you to distinguish multiple seed phrases and private keys that you may accumulate in your Vault in the future.

When you select a wallet type, you can choose from all major vendors of software and hardware wallets.

 

Vault app "Add a Web3 Wallet" screen

Choose a display format for your Seed Phrase backup

Now, you need to select the format in which you want to store your seed phrase - word-by-word or free-text format. The 'Enter each word" option presents the words in your seed phrase as a formatted list. The "Free-form text" option allows you to enter your seed words in whatever way you choose.
There are also Advanced options in case you want to securely generate a new seed with the Vault12 Guard app, or import your seed backup as a file or as a photo of your paper backup.

 

Vault app "Add seed phrase" screen

Prepare to add a Seed Phrase to your Vault 

Create or open your Web3 wallet, and display your seed phrase. Often, right after you set up your wallet, it will ask you to back up your Seed Phrase - this is the best time to add it to your Vault. Confirm how many words your seed phrase contains (for example, 12), and select that option in the Vault12 app.

 

Example 12-word recovery phrase in a wallet

 

Wallet configuration screen with 12, 18, 24 word options

Carefully enter your Seed Phrase into your Vault

Carefully enter your Seed Phrase into your Vault, word by word, in order, until all words have been entered. You can copy/paste the whole seed phrase if your wallet provides such an option. Be sure to double-check your entry against what you see in your wallet. (You may even want to triple-check! )

"Enter each word" option

Wallet recovery phrase entry screen word-by-word"Enter each word" option

"Free-form text" option

Wallet recovery phrase entry screen freeform"Free-form text" option

Name your Asset, and store it in your Vault

Once you have entered all of the words and clicked the "Done" and "Continue" buttons, you have the option to give your Wallet's Asset a unique name (otherwise it will be stored with the name of the Wallet vendor chosen before).

Also, if you already set up the Guardians for your Vault, there will be a choice between creating an Asset Backup using your Guardians only, or "Guardian Backup + local copy" of the Asset too. Having a local copy might be convenient in case you need regular and prompt access to this seed phrase, however choosing "Guardian Backup only" is more appropriate for cold storage and higher security needs.
Finally, press the "Add to Vault" button, to store the Asset.

 

Vault app "Save your Asset" screen

Your Vault distributes a Backup of your Asset to your Guardians

After you tap "Add to Vault," the app will bring you to the main "My Vault" screen, showing you the newly added Asset. You can check the status of the backup by tapping on the Asset.

After the seed phrase is stored in your Vault, it will be encrypted, split, and distributed to your Guardians (if you already set up the Guardians for your Vault). In case you choose not to store a local copy, the asset will be locked after distribution to Guardians is complete.

"My Vault" with added Asset

Vault app showing list of Assets"My Vault" with added Asset

Asset Details: Backup status

Vault app showing Asset detail"Asset Details" and backup distribution status

Access and unlock Seed Phrase Asset

By default, your Asset will remain locked. To unlock and access your Seed Phrase, check out this article.

Once unlocked, your Asset's Seed Phrase will be temporarily displayed so that you can enter it into a new wallet.

Note: The asset will automatically lock after 2 hours.

View all articles

Get Started Now.

Vault12 Guard is now available from the iOS and Android App stores.
Download Vault12 on App StoreDownload Vault12 on Google Play

How-Tos

Articles on crypto security how to's e.g how to secure, back up, and inherit all your cryptoassets such as Bitcoin, Ethereum, crypto, private keys, seed phrases, NFTs, digital art, DAOs, and DeFi tokens.

View all articles

How to generate a Seed Phrase.

Here are five ways to generate a seed phrase, with an in-depth discussion on the importance of randomness in ensuring security.

Your seed phrase is the very foundation of a modern digital wallet, and it is no exaggeration to say that seed phrases are at the heart of the cryptocurrency universe generally. But what is it? A seed phrase is a mnemonic code consisting of 12-24 words used to create or recover your crypto wallet. You may have heard it referred to as a backup phrase, recovery phrase, or mnemonic sentence.

Where do they come from? This article explains some common ways to generate seed phrases.

Key Points on How To Generate A Seed Phrase

When you have your own crypto wallet, you have a few choices for how to generate your seed phrase:

  • The Vault12 Guard app can generate a secure seed phrase for you.
  • You could let your digital wallet generate a seed phrase for you.
  • Or for very high security, you could "roll your own" seed phrase with dice or a calculator as offline methods.

It is extremely important that your seed phrase be randomly generated, so that it cannot be guessed or reverse-engineered.

1. How to generate a seed phrase with Vault12

Vault12 can help you to easily create an encrypted and distributed digital vault. The Vault12 Guard app secures all sorts of digital assets including cryptocurrency seed phrases, and can also generate your seed phrase for you. You can be absolutely sure that your seed phrase is generated safely and automatically backed up in a secure manner. To learn more about it, please read our guide.

2. How to generate a seed phrase with a calculator

Generating a seed phrase by using a calculator is done offline, which requires a bit of extra effort but eliminates the risk of some classes of potential online attacks. This introduces a small number of new risks, however: instead of using one device to generate your seed phrase, you'll need to use two devices: the calculator and an air-gapped computer. To create a seed phrase this way, you'll need a calculator that has a RANDOM function (for generating entropy). Learn more about generating a seed phrase using an offline calculator here.

3. How to generate a seed phrase with dice

A humble pair of dice can be used for a non-digital and completely offline method of seed phrase generation. To do this, you'll need dice, a pen and paper, and the BIP39 word list. This method is not for the faint-hearted - be prepared to do some math! You can use a single die if you want, but it is recommended to use multiple dice. You'll be creating entropy by generating a large set of random numbers by using the dice. Learn how to generate a seed phrase with dice here.

4. How to generate a seed phrase with software crypto wallets

With very few exceptions, most modern wallets will create your seed phrase for you when you create your wallet. This process is usually automatic, with limited options for setting the parameters of your seed phrase. For most users this one-time approach is sufficient, and it won't be thought of again.

Please take a look at the article, "Using crypto wallets to generate seed phrases" to get an overview of how seed generation is done inside wallets during the set up phase.

Optionally refer to our Crypto Wallet Guides for step-by-step instructions on how specific wallets accomplish this.

Please keep in mind, that in any potentially high net-worth use case, generating seed phrases manually on your own - especially offline - is an excellent choice since it offers much higher security and greater control over the process.

5. How to generate a seed phrase with hardware wallets

Hardware wallets provide an extra level of security compared to software wallets, and provide methods to generate a seed phrase locally (within the wallet itself). Hardware wallets strike an excellent compromise between usability and high security. Feel free to check out Vault12's "How-to" wallet guides to bring you through the steps needed to securely generate and back up seed phrases using hardware wallets.

Here are some hardware wallets that we recommend:

What goes on behind the scenes of generating a seed phrase?

In a nutshell, the process of generating a seed phrase starts with generating random data, called entropy. The entropy is then run through a hashing function - specifically SHA256 - to generate a checksum. Part of the checksum is then added to the random data. The resulting output is then split into chunks of 11 bits, where each 11-bit chunk maps to a single word on the BIP39 word list.

Confused about anything in the above paragraph? Don't worry, each step will be explained in an easy to understand format below. You can also get a higher-level understanding of seed phrase construction by checking out the article "What is BIP39?".

How much entropy should your seed phrase have? 

Generating a seed phrase HAS to begin with a RANDOM SOURCE OF DATA, otherwise an attacker could possibly steal funds by guessing or regenerating your seed phrase. Entropy is a measure of how random a set of data is.

Which offers more randomness: rolling 1 die, or rolling 2 dice? Since 2 dice have more possible outcomes, the randomness is higher. It is the same for your seed phrase. The more words that are in your seed phrase, the higher the entropy.

To successfully generate a seed phrase, the entropy generated has to fit certain parameters. The random data must be between 128 bits and 256 bits of entropy, and divisible by 32.

128 bits of entropy maps to a 12 word seed phrase

160 bits of entropy maps to a 15 word seed phrase

192 bits of entropy maps to an 18 word seed phrase

224 bits of entropy maps to a 21 word seed phrase

256 bits of entropy maps to a 24 word seed phrase

How are SHA256 and BIP39 word lists used to generate a seed phrase?

A hash function is a computer program that takes an input of data and returns a verifiable result, called a checksum. The input can be any source of data. Running the same hash function again on the same input data will always return the same checksum as the result.

For example, running your randomized source data of 128 bits of entropy through a hash function will always return the same result, so it can be used as a checksum. If the source data changes, you will get a different result from the hash function.

In this step, the random source data is run through the SHA256 hash function. The first X digits of the checksum are then added to the random source data/entropy, where X is equal to: (amount of bits of entropy / 32).

256 bits of entropy (256/32 = 8) - add the first 8 bits of the checksum to the random data

224 bits of entropy (224/32 = 7) - add the first 7 bits of the checksum to the random data

192 bits of entropy (192/32 = 6) - add the first 6 bits of the checksum to the random data

160 bits of entropy (160/32 = 5) - add the first 5 bits of the checksum to the random data

128 bits of entropy 128/32 = 4) - add the first 4 bits of the checksum to the random data

It's important to note that BIP39 generates the seed phrase from binary code, which is made up of 0's and 1's. However, the SHA256 hash function returns the checksum as a sequence of numbers and letters, called a hexadecimal. So in order to get the seed phrase, you have to convert the checksum from hexadecimal format to binary format.

Here's the next step: We slice the result into 11-bit chunks of data. Each 11-bit chunk of data will map to a word from the BIP39 word list

You have seen the word "bit" used a few times in this article. A bit represents 0's and 1's. It is the smallest representation of data we have, and it is expressed in a language our computers understand.

Your original source of random data (or entropy) plus the SHA256 checksum is divisible by 11. The BIP39 word list contains 2048 words, and each word on the list maps to 11 bits of data. In this next step, you break your entropy+checksum combo into sequential chunks of 11 bits.

It is important that you slice the 11-bit chunks in sequential order. This means going from left to right, every 11 bits is grouped together. Every 11 bits represents a word in your seed phrase, and the order of the words has to be correct.

The next step is to convert your 11-bit sequence into decimal format. This will give you a number that maps to the BIP39 word list. Now, in the correct order, map each 11-bit sequence to the matching word in the BIP39 word list. Finally, this is your seed phrase!

It's important to highlight that some word lists for BIP39 might start with 1. In code, the first number is always 0. This means that 2048 words are listed as 0-2047, not 1-2048. If your BIP39 word list starts with 1 instead of 0, you will need to subtract 1 from the word list numbers to get the correct word.

What are some different ways to perform Random Number Generation (RNG)?

Going back to generating your initial source of randomness: Once you generate the needed entropy, the remaining process of getting the seed phrase is simply math and cryptography. In practice, this means that when generating a seed phrase, the initial source of entropy is both the most important step, and also the step in which you have the most control over the result.

There are many ways to generate entropy: flipping a coin, rolling dice, dealing a deck of cards, recording ambient sound, and many more. The goal here is to get as close to true randomness as possible. If you are using a process that is not sufficiently random, an attacker could possibly recreate your seed phrase.

In the following sections of this article, we will cover different approaches for how to generate entropy, and thus generate your seed phrase.

What are the security considerations of generating your own seed phrase?

Taking control over the generation of your seed phrase provides an opportunity to increase the entropy of your seed phrase, thus increasing the security of your entire wallet. This does not come without risks - a single mistake can result in a less secure wallet, or even lost funds.

When generating your own seed phrase, security must be top-of-mind throughout the whole process. The most crucial part of generating your seed phrase rests with the generation of entropy, which is the first step of generating your seed phrase.

Your seed phrase can have 12, 15, 18, 21, or 24 words. Remember that the more words in your seed phrase, the higher the entropy, which results in higher security. A correctly generated 24-word seed phrase will ALWAYS produce a wallet that is more secure than a 12-word seed phrase. Many wallets today only produce 12-word seed phrases in their built-in wallet creation workflow - and given today's technology, 12-word seed phrases are still very secure. But a key concept here is 'correctly generated.' The only parameter that can be changed is the source of entropy. This is very important because if the source of entropy is corrupted, an attacker could potentially regenerate your wallet and steal your funds.

Generating entropy can be done manually or with a computer. Both methods have pros and cons, but when generating entropy, care must be taken to ensure that the process is done correctly and is free from outside manipulation or observation.

One example of manually generating entropy would be flipping a coin. But if an attacker gives you a coin that is weighted slightly in favor of heads, your initial source of entropy will have been corrupted.

When using a computer to generate entropy, the attack vectors (or corruption attempts) could be both over the internet and physically in-person. The computer being used should not be connected to the internet, as that could offer an opportunity for attackers to compromise the process. However, even if the device was ever connected to the internet, it could allow the possibility for this process to be compromised.

Part of being in a security mindset means limiting opportunities available for bad actors. A device not connected to the internet is considered to be air-gapped, and an attacker generally would have to be physically present at the device to be successful at manipulating its entropy generation capabilities.

Lastly, if you don't have a spare device that you can airgap, don't worry - you could use a "live" Linux environment. Many Linux operating systems are able to be run off of a portable USB stick or flash drive. These are called `live` distributions and they're released with verification signatures, so you can easily verify that the operating system has not been tampered with. We recommend Tails OS - a portable OS that protects against surveillance and censorship. To run the operating system, just plug in the flash drive and boot it up. When you're done, simply remove the flash drive and return to your normal operating system. This very temporary lifecycle of a "live" Linux distribution reduces the window of opportunity for even the cleverest bad actor to access and compromise it.

Generating a seed phrase is key to the modern digital wallet

How to access your Recovery Phrase or asset stored in Vault12.

If you need to access your Seed Phrase or other assets from your Vault, this article shows how you can ask your Guardians to unlock them to grant you access.

There are many ways to generate and back up seed phrases, and a superb choice is to use Vault12 Guard.

If you used Vault12 Guard to back up your seed phrase, this guide describes how you can access that seed phrase by unlocking your asset.



To access a seed phrase that you have stored in your Vault, you will follow these steps:

  1. Confirm that your seed phrase is backed up in your Vault, and that your Guardians are active.
  2. In the Vault12 Guard app, request that the asset be Unlocked.
  3. Wait for Guardians to confirm your request.
  4. View the asset.

1. How to confirm your Digital Vault setup?

In order to access your seed phrase or backup code that has been stored in your Vault, first check that you have a working Vault in your Vault12 Guard app, and that your Guardians are available. In general, it is a recommended practice to do a Vault "health check" regularly.

If you don't have a Vault because you changed phones, then you can recover your entire Vault - see instructions for Vault recovery. After recovery, your Vault and its stored assets will again exist on your phone, and you can proceed with these instructions to unlock the stored seed phrase or other asset.

If you have not created a Digital Vault and assigned Guardians to protect it, please follow these instructions (since you did not have a Digital Vault, the new Vault created will be empty).

Are your Guardians active?

Once you have confirmed that your assets are stored in the Vault installed on your phone, ensure that your Vault Guardians are available. You can do this by switching to the "My Guardian" tab from the bottom navigation pane. If all of your Guardians are shown as active, you can proceed to request an Unlock.

If not enough of your Guardians are shown as active, you may want to call your inactive Guardians in advance and ask them to open the Vault12 Guard app on their phone, to refresh the encrypted connection between your apps.

  

Image of Guardians with active status

2. How to use Guard to request that your asset be Unlocked?

First, jump to the Vault section of your Guard app by using the bottom navigation pane.

On the "My Vault" screen, you will see your asset inventory, with the current state of each asset shown below its name. As you can see, there may be a variety of different states for the same asset:

  • Blue icon - asset has a local copy on the device
  • Grey icon - asset only saved with Guardians
  • Recovering badge - the asset is requested for Unlock, and Guardians' responses are pending.
  • Recovered badge - the asset was unlocked by Guardians, and a local copy is temporarily available.
  • Sent to Guardians badge - the newly-created asset is in the process of backup and distribution to Guardians.

   

Image of asset inventory in Guard

 

To Unlock an asset, choose the asset that you wish to unlock from the inventory list, and tap to open the Asset Details screen.

Then click on the "Recover from Guardians" button.

In the image above, there are two assets in a locked state (with grey icons). Let's unlock one of them (Metamask-wallet.txt) for illustrative purposes.

 

Image of Asset Details for metamask-wallet.txt

How do Guardians confirm recovery requests?

When the "Recover from Guardians" button is pressed, all of your Guardians will be notified with your Vault unlock request.

You have significant privacy even from your Guardians, since none of your Guardians can see which assets you are accessing. Your Guardians only see that you requested them to identify you, and they are asked to confirm that you made such a request.

  

Image of an asset unlock request to a Guardian

Guardian's in-app notification of your request

 

As the Vault owner, to see the progress of Guardians' responses, and of your overall recovery request, tap "View Status" in your Vault app.

  

Image showing recovery request status

How do Guardians approve your recovery of the asset?

Here you can see all the details of the Guardians' confirmations progress and the recovery:

  • The total number of Guardians requested (by default 3)
  • Number of confirmations you need to receive from Guardians to recover (by default 2)
  • Guardians' names, and status of their responses.
Remember that even though your Guardians will receive a notification in their Guard app with your request, it is expected that you will contact them directly through your preferred means of communication so that they can validate that you are of sound mind, with free will, and in a safe place to access your valuable digital assets. (Unless, of course, it is your own secondary device that you set up as your Guardian.)

 

Image showing asset recovery in progress

How to view the recovered seed phrase?

As soon as you have been positively identified by the required number of Guardians, and they confirmed your restore request, your asset will be recovered and available for you to view. You can then tap on "View Recovered Asset" to interact with it. Be careful not to expose your asset unintentionally to observers or cameras!

Do not hesitate to learn more about how to maintain your crypto safely and easily at SecureMyCrypto.org.

 

Image showing "Recovered Asset Available" status

 

Image showing recovered seed phrase

.

How to access your Recovery Phrase or asset stored in Vault12.

11 Things you need for a safer crypto environment.

These security-related best practices will make you and your crypto assets much less vulnerable.

Let's face it… wherever you find money, you will find people who want to steal it, especially online. So it makes sense to set up a secure environment around your crypto - one that is separate from your regular computer and internet activities. Consider implementing the 11 Things below before you buy your first digital assets.

Keep reading...Show less
Chain made up of digital links

How to Protect Yourself From Impersonators on Telegram

As members of our Telegram community, you may encounter scammers impersonating admins and others — please read this article to understand how to avoid entanglements.


If you do not want to be taken advantage of by scammers, please remember:

  • None of the Vault12 team members will ever ask you for money or cryptocurrencies. You should NEVER transfer any to them. We will never ask for you to send your contributions to a wallet address that we provide on Telegram. All crypto transfers related to Vault12 are found in your Vault12 app.
  • If it seems too good to be true, it probably is.
  • Never give out your personal details, even email addresses on the Telegram chat. If an admin gets in touch with you via a private message, make sure their username (listed below) is correct before engaging in any discussion.
  • See this in-depth investigation by the New York Times into Telegram security.

1. Check Your Telegram Privacy Settings

Telegram gives users a number of privacy settings to control information being accessed, e.g. your telephone number. Make sure you've reviewed the settings to hide information that doesn't belong in public.

Image of Telegram Privacy and Security Settings

Telegram Privacy and Security Settings

2. Identify admins

Check if they have "admin" titles beside their names on the Telegram channel member list.

To see the member list, just click on "members" or "info".

Admins for Telegram group

Look for the admin or owner tag

3. Check member @usernames to determine if you are talking to the right person

You may get messages from scammers pretending to be team members with their exact same photo/avatar and a very similar username. Please report those accounts to TG so that they get banned.

Just click on the photo/avatar of the person you are talking to, to check their username and compare this with our list of admin usernames:

Official Vault12 team members:

Telegram admins

@wasima

@max_vault12

@commagere

@pavlo1

@anastasiapopova

4. SIM Swapping - Another potential attack risk

SIM swapping

The other common attack is via a SIM swap, this is where your phone number is ported to another device, followed by account password resets — the recovery codes now being under the control of the criminal. To guard against this you need to implement 2FA with an app such as Authy, and to have your carrier explicitly forbidden to do number ports to new devices without verifying identity. Please see this article for more details: https://www.wired.com/story/sim-swap-attack-defend-phone/

5. Remember these two things

* Do not transfer your funds to addresses received in private messages
* Block and report any suspicious behavior and spam messages — this will help Telegram remove these impersonators.

Join Us on official channels for current updates

Team: https://vault12.com/team

Blog: https://vault12.com/blog

Twitter: https://twitter.com/_Vault12_

Website: https://vault12.com

White Paper: https://bit.ly/vault12-whitepaper

Announcement Channel: https://t.me/Vault12official

Support Channel: https://t.me/Vault12

Upgrade your phone and transfer your Vault12 Guard app data

Changing devices is simple for both Digital Vault Owners and Guardians.


Summary

Upgrading your phone can be an exciting time, whether you are buying a new phone, switching your operating system from Android to iPhone, or upgrading your tablet. Beyond the many positive changes you'll experience, the last thing you want to do is to invest a lot of effort in migrating individual apps from your original device.

Vault12 is pleased to announce that it's now easier than ever to safely transfer all your Vault information to your new device — whether you're a Vault Owner, or the Guardian of someone else's Vault.

  • Vault Owners with a new device can complete the transfer without involving Guardians or spare devices.
  • Guardians with a new device can upgrade without interrupting the security of the assets they protect.
  • Settings, subscriptions, and preferences will seamlessly transfer along with your data to the new device.

Read our step by step guide here.

Time to Upgrade

For various reasons, you might consider upgrading your phone every year or so. The process can be pretty simple by using cloud backups/restores from Apple and Google. Nevertheless, people always wonder whether everything has been transferred correctly — especially when digital assets are involved.

Vault12 has always had a seamless upgrade process between phones for Vault Owners. For Vault Guardians, historically, you have had to go through one extra step of notifying the Vault Owner that you changed phones. With this new update, no one needs to notify anyone, and the transfer process ensures that all information is transferred from the old device to a new device, with no need to bother Vault Owners or Guardians.

Time to Transfer

The most common scenario is of course buying a brand new phone with nothing on it. In this scenario, you can easily initiate the Transfer process by simply installing the Vault12 Guard app.

Other scenarios include switching device types (e.g., switching to an iPhone from an Android, or vice versa). With the new Transfer function, you can ensure that everything is cleanly and safely transferred to your new device, without the need to call Guardians and Vault Owners.

Follow the steps from our Help portal, here.

View all articles

Wallet Guides

Articles on crypto security how to's e.g how to secure, back up, and inherit all your cryptoassets such as Bitcoin, Ethereum, crypto, private keys, seed phrases, NFTs, digital art, DAOs, and DeFi tokens. Start here to learn the basics about security risks in Web3, and where to learn more about keeping your cryptoassets secure.

View all articles

Ledger Stax and Ledger Nano X Wallets: Which is right for you?

The right wallet for you depends on your design preferences and price sensitivity

When choosing hardware wallets, many crypto users base their decisions on day-to-day asset management needs and perceived device security. However, savvy crypto users first consider a wallet's ability to handle long-term security scenarios. Long-term security includes expected essentials like backup and recovery tools, and also often-overlooked features related to secure and fault-proof third-party recovery. You can think of third-party recovery as your ability to allow crypto assets to be inherited by successors. Successful crypto users require a comprehensive security strategy for the full life cycle of crypto assets. This article will help you achieve that.

Let's jump into helping you understand the pros and cons of the Ledger Stax and Ledger Nano X hardware wallets for day-to-day activities, as well as their potential to safeguard the long-term security and longevity of your assets.

Overview

The Ledger Stax and Ledger Nano X both provide a wide variety of reliable security features and support a broad spectrum of cryptocurrencies, making them suitable for diverse crypto portfolios. However, several differences are clear:

Ledger Stax

  • Mobile-Centric Usability: Designed with mobility in mind, the Ledger Stax features wireless connectivity options like Bluetooth and NFC, making it highly compatible with mobile platforms. Stax also has a longer battery life (up to 10 hours versus Nano X's 5).
  • Premium Design: Its unconventionally large display enhances readability, though it comes with slightly slower responsiveness.
  • Price Point: Positioned as a premium product, its cost reflects its advanced features and sleek design.

Ledger Nano X

  • Mobile-Centric Usability: Offers Bluetooth connectivity — works with or without a cable, at least with smartphones.
  • Design: A bit more compact than Stax. User input is via buttons, not touchscreen.
  • Price Point: Not so overpriced.

In terms of crypto asset longevity features, such as backup, recovery, and crypto inheritance, both devices provide industry-standard and proprietary options with certain trade-offs, as well as compatibility with third-party solutions like Vault12 Guard for succession planning scenarios.

The decision between the two will likely hinge on individual preferences for the target platform (mobile or desktop), and should take into account the planned frequency of use.

Approach to comparison

When choosing the best hardware wallet for cryptocurrency security, you may wonder:

  • Which is better, the Ledger Stax or the Ledger Nano X?
  • How easy to use are these wallets?
  • How do their security features compare?
  • Do these wallets have vulnerabilities, and have they been hacked?
  • What happens if your wallet is lost or stolen?
  • How do these wallets accomodate user errors, and complex scenarios like inheritance of crypto assets?

This article compares important characteristics for these two popular wallets. We’ll break down the strengths and weaknesses of each, focusing on security, ease of use, and backup and recovery methods.

By the end of this comparison, you’ll clearly understand which wallet is right for you, as well as how to recover your crypto assets in case of accidents.

What happens if your wallet is lost or stolen?

Wise wallet owners recognize the critical importance of crypto recovery before they find themselves in an unexpected bind! That's why it's important to understand the fundamental topic of crypto asset longevity, including features such as backup, recovery, and inheritance for crypto assets. These considerations are central to long-term planning.

Technical security is paramount, but in the world of crypto, the degree to which backup and recovery solutions are foolproof for users is at least equally important. Here are the backup and recovery options for these two wallets:

Ledger Stax

Ledger Nano X

Backup & Recovery methods

Recommends Recovery Seed Phrase be written on paper, or engraved onto metallic plates.

Recommends Recovery Seed Phrase be written on paper, or engraved onto metallic plates.

Optional paid subscription

Ledger Recover, a centralized 3rd-party cloud service, highly criticized by the crypto community. Clouds are not safe — especially when operated by multiple 3rd parties.

Ledger Recover, a centralized 3rd-party cloud service, highly criticized by the crypto community. Clouds are not safe — especially when operated by multiple 3rd parties.

How do these wallets handle Crypto Inheritance?

Crypto Inheritance Features

Currently, most hardware wallets, including the Ledger Stax and Ledger Nano X, lack any features for establishing and managing crypto inheritance. This gap presents a challenge for users who want to be sure that their crypto assets can be transferred to their heirs.

Ledger Stax

Ledger Nano X

Backup

- Written only
- Optional 3rd party KYC-based cloud

- Written only

- Optional 3rd party KYC-based cloud

Inheritance

No

No

Decentralized backup with Vault12

Yes

Yes

Inheritance Management with Vault12

Yes

Yes

Backup and recovery differentiators

Ledger Stax and Ledger Nano X both have similar recovery service Disadvantages:

  • The optional Ledger Recover backup service is a paid service provided by three corporations that each hold parts of the user’s seed phrase in a Cloud. This introduces risks, as the seed phrase could potentially be accessed via subpoena; or business partners could terminate agreements or become involved in lawsuits that result in locked data or resources (like, for example, Gemini and Genesis). These scenarios contain multiple potential points of failure, and should be taken into account.
  • Very important detail: The terms of the optional Ledger Recover service do not mention support for inheritance, meaning any unfortunate accident related to the user will make crypto assets unrecoverable for his or her successors. Ledger itself suggests using 3rd-party crypto inheritance services for those purposes.

Ledger Stax and Ledger Nano X both have similar recovery service Advantages:

  • People have different preferences. If a user is comfortable trusting a bank with their assets, they may also feel confident using Ledger Recover for securing their seed phrase backup (even though Ledger is not providing the entire cloud backup solution).
Image of user holding a mobile phone and using Ledger Stax as FIDO U2F security keyUser holding a mobile phone and using Ledger Stax as FIDO U2F security key

How easy are these crypto wallets to use?

Let's compare the key aspects of both wallets side by side, and then summarize what really stands out for user convenience:

Ledger Stax

Ledger Nano X

Display

3,7” black and white E Ink,
672 x 400 pixels

1” Monochrome OLED,
128 x 64 pixels

Input interface

Touchscreen

2 click buttons

Cable

USB-C

USB-C

Wireless

Bluetooth,
NFC

Bluetooth

Companion Apps

macOS, Windows, Linux, Android, iOS

macOS, Windows, Linux, Android, iOS

3rd party wallets and dapps support

50+

50+

Password manager & 2FA

FIDO2 2FA & Passkeys,
Password Manager

FIDO2 2FA & Passkeys,Password Manager

Product size & weight

85 x 54 x 6 mm / 45g

72 x 19 x 12 mm / 34g

Convenience features

Battery (Up to 10 hours in use)

Battery (Up to 5 hours in use)

Number of supported coins

5,500+

5,500+

Price

$399

$149

Crypto wallet user experience differences

Ledger Nano X with Smartphone UXLedger Nano X with Smartphone UX

Ledger Stax UX Disadvantages:

  • The display has a noticeable response delay due to the "E Ink" touchscreen technology, and could be irritating.
  • Not all apps are ported to Stax yet. Even the native Passwords app still has no release date identified as of this article's publish date, so check in advance whether your favorite network/coin is supported.
  • Extremely expensive. The value in Stax is more about design, rather than practical aspects.

Ledger Stax UX Advantages:

  • Huge informative display and "Clear Signing" allows you to review and confirm all transaction details directly on Ledger Stax and in a human-readable language before they are signed and sent. This enhances security and ensures that you see exactly what you are approving in a secure and tamper-proof manner.
  • Offers Bluetooth connectivity as well as NFC — works with or without a cable, at least with smartphones.
  • Wide support for third-party wallets and dapps, allowing the Ledger Stax to sign transactions directly in MetaMask, Uniswap, and other platforms without relying on Ledger Live software. This is a huge advantage for DeFi users.

Ledger Nano X Disadvantages:

  • The display is literally the size of a coin: very uncomfortable to use.
  • Requires two-handed operation, making it difficult to use with a phone simultaneously — contrary to some misleading ads.
  • The buttons are stiff, making operations cumbersome.
  • No NFC.

Ledger Nano X Advantages:

  • A bit more compact than Stax while also offering Bluetooth connectivity — works with or without a cable, at least with smartphones.
  • Wide support for third-party wallets and dapps, allowing the Ledger Nano X to sign transactions directly in MetaMask, Uniswap, and other platforms without relying on Ledger Live software. This is a huge advantage for DeFi users.
  • Not so overpriced.

How do these wallets' security features compare?

Now, we dive deeper into the core specification of every hardware wallet: security features.

Ledger StaxLedger Nano X
PIN-code 4 - 8 digits 4 - 8 digits
BIP39 Passphrase Yes Yes
Open-source Partial Partial
Secure Element Yes Yes
Multisignature Yes Yes

Crypto wallet security feature differentiators

Ledger Stax and Ledger Nano X both have similar security feature Disadvantages:

  • Critical components like the Secure Element and its operating system are closed-source. This raises concerns, especially after the controversial introduction of the Ledger Recover backup service, which challenged the previous assumption that the Secure Element could never transmit the recovery seed phrase outside the hardware wallet.

Ledger Stax and Ledger Nano X both have similar security feature Advantages:

  • Includes a Secure Element, giving Ledger devices a strong reputation for withstanding physical attacks. This is important for users who prefer not to complicate their security with BIP39 passphrases, prioritizing ease of use.
  • Clear Signing is also a security feature.

Have there been vulnerabilities or hacks of these wallets?

There have been some vulnerabilities and hacks associated with Ledger products in the past — let's consider their "hack history." While relatively secure, most crypto wallets — even hardware wallets — can not provide perfect security, and are routinely subject to malware, supply chain, and firmware vulnerabilities. Here are some recent notable incidents:


Ledger Vulnerabilities:

  1. The Connect Kit Attack (2023): The Connect Kit breach was discovered by the security teams of Ledger.
  2. Ledger User Data Breach (2020): A major data breach exposed the personal information of thousands of customers, leading to phishing attacks.
  3. Another User Data Breach (2021): Ledger announced on Twitter that it has been targeted by rogue Shopify team members who exported over 200 merchants’ customer databases.
  4. Ledger Live (2020): Users were exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent.
  5. Potential Supply Chain Attack Vulnerability (2020): Kraken Security Labs Identifies Supply Chain Attacks Against Ledger Wallets.

No software is perfect, and no wallet is ideal. However, some designs have been compromised more than others.

Summary of Ledger Stax and Ledger Nano X Comparison

The Ledger Stax and Ledger Nano X both provide a respectable set of security measures, and support a broad spectrum of cryptocurrencies, making them suitable for diverse crypto portfolios.

The Ledger Stax is more mobile-friendly, and offers a balance of security and convenience features at a very premium price. It offers an unconventionally large display with delayed response, with the advantage of wireless connectivity options like Bluetooth.

On the other hand, the Ledger Nano X, at a lower price point, is still mobile-friendly and offers a balance of security and convenience features. It offers a small display and uncomfortable input, but still has the advantages of a Secure Element and wireless connectivity options like Bluetooth.

The decision between the two will likely hinge on individual preferences for the target user interface with screen, and should take into account the planned frequency of use.

Whichever you choose, remember to add crypto inheritance to your choice of wallet to ensure the long-term safety of your digital assets. Both the Ledger Stax and Ledger Nano X are compatible with Vault12 Guard Inheritance planning.


Vault12 Guard: a decentralized solution for Crypto Inheritance

Vault12 is the pioneer in Crypto Inheritance Management, and delivers an easy-to-use and securemethod for assigning a legacy contact to your crypto wallets. This enables you to pass on your wallet seed phrases and private keys for all types of digital assets to future generations. Vault12 Guard is designed for everyday people, yet strong enough for Crypto OGs.

Vault12 Guard has a uniquely-secure design. Utilizing advanced encryption and decentralized storage, it ensures that crypto assets are not only safe but also transferable under predefined conditions, filling a critical need unmet by most traditional hardware wallets. Vault12 Guard applies a hybrid approach of software fused with the hardware-based Secure Element of phone devices (The Secure Enclave for iOS devices, and Strongbox for Google devices). Vault12 Guard's decentralized design reduces possible points of failure. Nothing is stored on cloud servers or Vault12 servers, and no assets are stored on local devices, making them less of a target.

From a user perspective, the Vault12 Guard app asks users to appoint one or more people (or mobile devices) as Guardians. The designated Guardians are entrusted to protect the user's comprehensive collection of wallet seed phrases and private keys, which are safely stored within a decentralized digital Vault. Its simple, user-friendly workflow removes the necessity for regularly revising wallet inventories or modifying instructions for your lawyers — a process that otherwise could lead to privacy breaches.

Both the Ledger Stax and Ledger Nano X are compatible with Vault12 Guard Inheritance. This addresses the seed phrase backup dilemma for any hardware wallet. It also makes less-secure backup methods, such as paper or steel plates, unnecessary.

Ledger Stax and Ledger Nano X Wallets: Which is right for you?

MetaMask browser extension

Browser extension, Version 1.0.10

Welcome to this guide on securely setting up a MetaMask wallet. This guide focuses on the security choices you can make when setting up your MetaMask wallet; if you are looking for the official setup guide, please click here.

MetaMask is your entry point to the world of Ethereum - a blockchain platform designed for running apps and smart contracts.

This guide is focused on the MetaMask browser extension. Read our iOS and Android guides.

Keep reading...Show less
MetaMask browser extension

Ledger Stax and Trezor Model T: two strong wallets compared

The right wallet for you depends on your usage patterns and design preferences

When choosing hardware wallets, many crypto users base their decisions on day-to-day asset management needs and perceived device security. However, savvy crypto users first consider a wallet's ability to handle long-term security scenarios. Long-term security includes expected essentials like backup and recovery tools, and also often-overlooked features related to secure and fault-proof third-party recovery. You can think of third-party recovery as your ability to allow crypto assets to be inherited by successors. Successful crypto users require a comprehensive security strategy for the full life cycle of crypto assets. This article will help you achieve that.

Let's jump into helping you understand the pros and cons of the Ledger Stax and Trezor Model T for day-to-day activities, as well as their potential to safeguard the long-term security and longevity of your assets.

Overview

The Ledger Stax and Trezor Model T both provide a wide variety of reliable security features and support a broad spectrum of cryptocurrencies, making them suitable for diverse crypto portfolios. However, several differences are clear:

Ledger Stax

  • Mobile-Centric Usability: Designed with mobility in mind, the
  • Ledger Stax features wireless connectivity options like Bluetooth and
  • NFC, making it highly compatible with mobile platforms.
  • Premium Design: Its unconventionally large display enhances readability, though it comes with slower responsiveness included.
  • Price Point: Positioned as a premium product, its cost reflects its advanced features and sleek design

Trezor Model T

  • Mobile-Centric Usability: No Bluetooth connectivity. iOS app is view-only.
  • General Usability: Smaller set of wallets, coins, and apps.
  • Design: The touchscreen and input are very well-thought-out experiences.
  • Price Point: More affordable.

In terms of crypto asset longevity features, such as backup, recovery, and crypto inheritance, both devices provide industry-standard and proprietary options with certain trade-offs, as well as compatibility with third-party solutions like Vault12 Guard for succession planning scenarios.

The decision between the two will likely hinge on individual preferences for the target platform (mobile or desktop), and should take into account the planned frequency of use.

Approach to comparison

When choosing the best hardware wallet for cryptocurrency security, you may wonder:

  • Which is better, the Ledger Stax or the Trezor Model T?
  • How easy to use are these wallets?
  • How do their security features compare?
  • Do these wallets have vulnerabilities, and have they been hacked?
  • What happens if your wallet is lost or stolen?
  • How do these wallets accomodate user errors, and complex scenarios like inheritance of crypto assets?

This article compares important characteristics for these two popular wallets. We’ll break down the strengths and weaknesses of each, focusing on security, ease of use, and backup and recovery methods.

By the end of this comparison, you’ll clearly understand which wallet is right for you, as well as how to recover your crypto assets in case of accidents.

What happens if your wallet is lost or stolen?

Wise wallet owners recognize the critical importance of crypto recovery before they find themselves in an unexpected bind! That's why it's important to understand the fundamental topic of crypto asset longevity, including features such as backup, recovery, and inheritance for crypto assets. These considerations are central to long-term planning.

Technical security is paramount, but in the world of crypto, the degree to which backup and recovery solutions are foolproof for users is at least equally important. Here are the backup and recovery options for these two wallets:

Ledger Stax

Trezor Model T

Backup & Recovery methods

Recommends Recovery Seed Phrase be written on paper, or engraved onto metallic plates.

Recommends Recovery Seed Phrase be written on paper, or engraved onto metallic plates.

Optional paid subscription

Ledger Recover, a centralized 3rd-party cloud service, highly criticized by the crypto community. Clouds are not safe — especially when operated by multiple 3rd parties.

No.

How do these wallets handle Crypto Inheritance?

Crypto Inheritance Features

Currently, most hardware wallets, including the Ledger Stax and Trezor Model T, lack any features for establishing and managing crypto inheritance. This gap presents a challenge for users who want to be sure that their crypto assets can be transferred to their heirs.

Ledger Stax

Trezor Model T

Backup

- Written only
- Optional 3rd party KYC-based cloud

- Written only

- Manual sharing of shards

Inheritance

No

No

Decentralized backup with Vault12

Yes

Yes

Inheritance Management with Vault12

Yes

Yes

Backup and recovery differentiators

Ledger Stax Recovery service Disadvantages:

  • The optional Ledger Recover backup service is a paid service provided by three corporations that each hold parts of the user’s seed phrase in a Cloud. This introduces risks, as the seed phrase could potentially be accessed via subpoena; business partners could terminate agreements or become involved in lawsuits that result in locked data or resources (like, for example, Gemini and Genesis); and there are multiple potential points of failure.
  • Very important detail: The terms of the optional Ledger Recover service do not mention support for inheritance, meaning any unfortunate accident related to the user will make crypto assets unrecoverable for his or her successors. Ledger itself suggests using 3rd-party crypto inheritance services for those purposes.

Ledger Stax Recovery service Advantages:

  • People have different preferences. If a user is comfortable trusting a bank with their assets, they may also feel confident using Ledger Recover for securing their seed phrase backup (even though Ledger is not providing the complete cloud backup solution).

Trezor Model T backup Disadvantages:

  • Trezor has a Multishare backup service, but it is fully manual, and challenging to maintain. The user is responsible for generating, distributing, and keeping track of the encrypted shards.

Trezor Model T backup Advantages:

  • Trezor does offer a Multishare backup option for those who are able and willing to set it up.

How easy are these crypto wallets to use?

Let's compare the key aspects of both wallets side by side, and then summarize what really stands out for user convenience:

Ledger Stax

Trezor Model T

Display

3,7” black and white E Ink,
672 x 400 pixels

1.54" Color LCD,
240 x 240 pixels

Input interface

Touchscreen

Touchscreen

Cable

USB-C

USB, MicroSD card slot

Wireless

Bluetooth 5.2,
NFC

No

Companion Apps

macOS, Windows, Linux, Android, iOS

macOS, Windows, Linux, Android
iOS (View-only)

3rd party wallets and dapps support

50+

9+

Password manager & 2FA

FIDO2 2FA & Passkeys,
Password Manager

FIDO2 2FA

Product size & weight

85 x 54 x 6 mm / 45g

64 x 39 x 10 mm / 22g

Convenience features

Battery (10 hours of use),
Magnetic dock

Magnetic dock

Number of supported coins

5,500+

1,600+

Price

$399

$149

Crypto wallet user experience differences

User holding a mobile phone and using Ledger Stax as FIDO U2F security key

User holding a mobile phone and using Ledger Stax as FIDO U2F security key

Ledger Stax Disadvantages:

  • The display has a noticeable response delay due to the "E Ink" touchscreen technology, and could be irritating.
  • Not all apps are ported to Stax yet. Even the native Passwords app still has no release date identified as of this article's publish date, so check in advance whether your favorite network/coin is supported.
  • Extremely expensive. The value in Stax is more about design, rather than practical aspects.

Ledger Stax Advantages:

  • Huge informative display and "Clear Signing" allows you to review and confirm all transaction details directly on Ledger Stax and in a human-readable language before they are signed and sent. This enhances security and ensures that you see exactly what you are approving in a secure and tamper-proof manner.
  • Offers Bluetooth connectivity as well as NFC — works with or without a cable, at least with smartphones.
  • Wide support for third-party wallets and dapps, allowing the Ledger Stax to sign transactions directly in MetaMask, Uniswap, and other platforms without relying on Ledger Live software. This is a huge advantage for DeFi users.

Trezor Model T Disadvantages:

  • No wireless connectivity: you always have to use a cable.
  • iOS is a balance view-only app, so you can't send transactions from iOS.

Trezor Model T Advantages:

  • The display is much more convenient to work with on a regular basis, and easy to read.
  • The touchscreen and input are very well-thought-out experiences on Trezor Model T — you can use it without any discomfort.

How do these wallets' security features compare?

Now, we dive deeper into the core specification of every hardware wallet: security features.

Ledger StaxTrezor Model T
PIN-code 4 - 8 digits up to 50 digits
BIP39 Passphrase Yes Yes
Open-source Partial Full
Secure Element Yes No
Multisignature Yes Yes

Crypto wallet security feature differentiators

Ledger Stax security Disadvantages:

  • Critical components like the Secure Element and its operating system are closed-source. This has raised concerns, especially after the controversial introduction of the Ledger Recover backup service, which challenged the assumption that the Secure Element could never transmit the recovery seed phrase outside the hardware wallet.

Ledger Stax security Advantages:

  • Includes a Secure Element, giving Ledger devices a strong reputation for withstanding physical attacks. This is important for users who prefer not to complicate their security with BIP39 passphrases, prioritizing ease of use.
  • Clear Signing is also a security feature.

Trezor Model T security Disadvantages:

  • Lacks a Secure Element, making it resistant to physical attacks only if a BIP39 passphrase is used. This is a significant drawback in both convenience and its ability to be fault-proof.

Trezor Model T security Advantages:

  • Fully open-source software and hardware. This minimizes third-party risks, and avoids any need to rely on trust.
  • Allows for longer PIN codes, which might appeal to particularly cautious users.

Have there been vulnerabilities or hacks of these wallets?

There have been vulnerabilities and hacks associated with both the Ledger and Trezor products, however given Stax is very new we will cover it's manufacturer's hacks history.

Far from delivering uncompromised security, these wallets are routinely subject to malware, supply chain, and firmware vulnerabilities. Here are some recent notable incidents:

Ledger Vulnerabilities:

  1. The Connect Kit Attack (2023): The Connect Kit breach was discovered by the security teams of Ledger.
  2. Ledger User Data Breach (2020): A major data breach exposed the personal information of thousands of customers, leading to phishing attacks.
  3. Another User Data Breach (2021): Ledger announced on Twitter that it has been targeted by rogue Shopify team members who exported over 200 merchants’ customer databases.
  4. Ledger Live (2020): Users were exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent.
  5. Potential Supply Chain Attack Vulnerability (2020): Kraken Security Labs Identifies Supply Chain Attacks Against Ledger Wallets.

Trezor Model T Vulnerabilities:

  1. Ability to Physically Hack Trezor T Wallet (2023): Crypto Security Firm Unciphered Claims Ability to Physically Hack Trezor T Wallet
  2. Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets (2019): Ledger’s Attack Lab has found five vulnerabilities in hardware wallets of its direct competitor Trezor.
  3. Kraken Identifies Critical Flaw in Trezor Hardware Wallets (2020): Kraken Security Labs has devised a way to extract seeds from both cryptocurrency hardware wallets offered from industry leader Trezor, the Trezor One and Trezor Model T.
No software is perfect, and no wallet is ideal. However, some designs have been compromised more than others.

Summary of Ledger Stax and Trezor Model T Comparison

The Ledger Stax and Trezor Model T both provide a respectable set of security measures, and support a broad spectrum of cryptocurrencies, making them suitable for diverse crypto portfolios.

The Ledger Stax is very mobile-friendly, and offers a balance of security and convenience features at a very premium price. It offers a big, but unconventional display and with delayed input, but with the advantages of a Secure Element and wireless connectivity options like Bluetooth.

On the other hand, the Trezor Model T, at a much lower price, boasts a fully open-source framework, larger display with colors, and touchscreen interface for enhanced user interaction, but with reduced security and convenience from not having a Secure Element and working only with USB connections the offer sounds non-attractive.

The decision between the two will likely hinge on individual preferences for the target platform (mobile or desktop), and should take into account the planned frequency of use.

Whichever you choose, remember to add crypto inheritance to your choice of wallet to ensure the long-term safety of your digital assets.


Vault12 Guard: a decentralized solution for Crypto Inheritance

Vault12 is the pioneer in Crypto Inheritance Management, and delivers an easy-to-use and securemethod for assigning a legacy contact to your crypto wallets. This enables you to pass on your wallet seed phrases and private keys for all types of digital assets to future generations. Vault12 Guard is designed for everyday people, yet strong enough for Crypto OGs.

Vault12 Guard has a uniquely-secure design. Utilizing advanced encryption and decentralized storage, it ensures that crypto assets are not only safe but also transferable under predefined conditions, filling a critical need unmet by most traditional hardware wallets. Vault12 Guard applies a hybrid approach of software fused with the hardware-based Secure Element of phone devices (The Secure Enclave for iOS devices, and Strongbox for Google devices). Vault12 Guard's decentralized design reduces possible points of failure. Nothing is stored on cloud servers or Vault12 servers, and no assets are stored on local devices, making them less of a target.

From a user perspective, the Vault12 Guard app asks users to appoint one or more people (or mobile devices) as Guardians. The designated Guardians are entrusted to protect the user's comprehensive collection of wallet seed phrases and private keys, which are safely stored within a decentralized digital Vault. Its simple, user-friendly workflow removes the necessity for regularly revising wallet inventories or modifying instructions for your lawyers — a process that otherwise could lead to privacy breaches.

Both the Ledger Stax and Trezor Model T are compatible with Vault12 Guard Inheritance. This addresses the seed phrase backup dilemma for any hardware wallet. It also makes less-secure backup methods, such as paper or steel plates, unnecessary.

Ledger Stax and Trezor Model T: two strong wallets compared

How to choose between the Ledger Stax and Trezor Safe 5 Wallets

The right wallet for you depends on your mobility needs, design preferences, and price sensitivity

When choosing hardware wallets, many crypto users base their decisions on day-to-day asset management needs and perceived device security. However, savvy crypto users first consider a wallet's ability to handle long-term security scenarios. Long-term security includes expected essentials like backup and recovery tools, and also often-overlooked features related to secure and fault-proof third-party recovery. You can think of third-party recovery as your ability to allow crypto assets to be inherited by successors. Successful crypto users require a comprehensive security strategy for the full life cycle of crypto assets. This article will help you achieve that.

Let's jump into helping you understand the pros and cons of the Ledger Stax and Trezor Safe 5 hardware wallets for day-to-day activities, as well as their potential to safeguard the long-term security and longevity of your assets.



Overview

The Ledger Stax and Trezor Safe 5 both provide a wide variety of reliable security features and support a broad spectrum of cryptocurrencies, making them suitable for diverse crypto portfolios. However, several differences are clear:

Ledger Stax

  • Mobile-Centric Usability: Designed with mobility in mind, the Ledger Stax features wireless connectivity options like Bluetooth, making it highly compatible with mobile platforms.
  • Premium Design: Its unconventionally large display enhances readability, though it comes with slightly slower responsiveness.
  • Price Point: Positioned as a premium product, its cost reflects its advanced features and sleek design.

Trezor Safe 5

  • Open-Source Transparency: Built on an NDA-free framework (full disclosure), Trezor Safe 5 emphasizes trust through transparency, appealing to users who value open-source security.
  • Simplified Connectivity: Limited to USB connections, it offers reliable functionality for desktop and Android users only.
  • Affordable Access: At a much lower price point, it delivers solid security and usability without the premium cost.

In terms of crypto asset longevity features, such as backup, recovery, and crypto inheritance, both devices provide industry-standard and proprietary options with certain trade-offs, as well as compatibility with third-party solutions like Vault12 Guard for succession planning scenarios.

The decision between the two will likely hinge on individual preferences for the target platform (mobile or desktop), and should take into account the planned frequency of use.

Approach to comparison

When choosing the best hardware wallet for cryptocurrency security, you may wonder:

  • Which is better, the Ledger Stax or the Trezor Safe 5?
  • How easy to use are these wallets?
  • How do their security features compare?
  • Do these wallets have vulnerabilities, and have they been hacked?
  • What happens if your wallet is lost or stolen?
  • How do these wallets accomodate user errors, and complex scenarios like inheritance of crypto assets?

This article compares important characteristics for these two popular wallets. We’ll break down the strengths and weaknesses of each, focusing on security, ease of use, and backup and recovery methods.

By the end of this comparison, you’ll clearly understand which wallet is right for you, as well as how to recover your crypto assets in case of accidents.

What happens if your wallet is lost or stolen?

Wise wallet owners recognize the critical importance of crypto recovery before they find themselves in an unexpected bind! That's why it's important to understand the fundamental topic of crypto asset longevity, including features such as backup, recovery, and inheritance for crypto assets. These considerations are central to long-term planning.

Technical security is paramount, but in the world of crypto, the degree to which backup and recovery solutions are foolproof for users is at least equally important. Here are the backup and recovery options for these two wallets:

Ledger Stax

Trezor Safe 5

Backup & Recovery methods

Recommends Recovery Seed Phrase be written on paper, or engraved onto metallic plates.

Recommends Recovery Seed Phrase be written on paper, or engraved onto metallic plates.

Optional paid subscription

Ledger Recover, a centralized 3rd-party cloud service, highly criticized by the crypto community. Clouds are not safe — especially when operated by multiple 3rd parties.

No.

How do these wallets handle Crypto Inheritance?

Crypto Inheritance Features

Currently, most hardware wallets, including the Ledger Stax and Trezor Safe 5, lack any features for establishing and managing crypto inheritance. This gap presents a challenge for users who want to be sure that their crypto assets can be transferred to their heirs.

Ledger Stax

Trezor Safe 5

Backup

- Written only
- Optional 3rd party KYC-based cloud

- Written only

- Manual sharing of shards

Inheritance

No

No

Decentralized backup with Vault12

Yes

Yes

Inheritance Management with Vault12

Yes

Yes

Backup and recovery differentiators

Ledger Stax Recovery Disadvantages:

  • The optional Ledger Recover backup service is a paid service provided by three corporations that each hold parts of the user’s seed phrase in a Cloud. This introduces risks, as the seed phrase could potentially be accessed via subpoena; or business partners could terminate agreements or become involved in lawsuits that result in locked data or resources (like, for example, Gemini and Genesis). These scenarios contain multiple potential points of failure, and should be taken into account.
  • Very important detail: The terms of the optional Ledger Recover service do not mention support for inheritance, meaning any unfortunate accident related to the user will make crypto assets unrecoverable for his or her successors. Ledger itself suggests using 3rd-party crypto inheritance services for those purposes.

Ledger Stax Recovery Advantages:

  • People have different preferences. If a user is comfortable trusting a bank with their assets, they may also feel confident using Ledger Recover for securing their seed phrase backup (even though Ledger is not providing the entire Cloud backup solution).

Trezor Safe 5 Recovery Disadvantages:

  • Trezor has a Multishare backup service, but it is fully manual, and challenging to maintain. The user is responsible for generating, distributing, and keeping track of the encrypted shards.

Trezor Safe 5 Recovery Advantages:

  • Trezor offers the Multishare backup option for those who are able and willing to set it up.

How easy are these crypto wallets to use?

Image of user holding a mobile phone and using Ledger Stax as FIDO U2F security key

User holding a mobile phone and using Ledger Stax as FIDO U2F security key

Let's compare the key aspects of both wallets side by side, and then summarize what really stands out for user convenience:

Ledger Stax

Trezor Safe 5

Display

3,7” black and white E Ink,
672 x 400 pixels

1.54" Color LCD,
240 x 240 pixels

Input interface

Touchscreen

Touchscreen, Haptic feedback

Cable

USB-C

USB, MicroSD card slot

Wireless

Bluetooth 5.2

No

Companion Apps

macOS, Windows, Linux, Android, iOS

macOS, Windows, Linux, Android
iOS (View-only)

3rd party wallets and dapps support

50+

9+

Password manager & 2FA

FIDO2 2FA & Passkeys,
Password Manager

FIDO2 2FA

Product size & weight

85 x 54 x 6 mm / 45g

66 x 40 x 8 mm / 23g

Convenience features

Battery (Up to 10 hours in use)

Magnetic dock

Number of supported coins

5,500+

1,600+

Price

$399

$165

 

Image of Trezor Safe 5 wallet and desktop software

Trezor Safe 5 wallet and desktop software

Crypto wallet user experience differences

Ledger Stax UX Disadvantages:

  • The display has a noticeable response delay due to the "E Ink" touchscreen technology, and could be irritating.
  • Not all apps are ported to Stax yet. Even the native Passwords app still has no release date identified as of this article's publish date, so check in advance whether your favorite network/coin is supported.
  • Extremely expensive. The value in Stax is more about design, rather than practical aspects.

Ledger Stax UX Advantages:

  • Huge informative display and "Clear Signing" allows you to review and confirm all transaction details directly on Ledger Stax and in a human-readable language before they are signed and sent. This enhances security and ensures that you see exactly what you are approving in a secure and tamper-proof manner.
  • Offers Bluetooth connectivity — works with or without a cable, at least with smartphones.
  • Wide support for third-party wallets and dapps, allowing the Ledger Stax to sign transactions directly in MetaMask, Uniswap, and other platforms without relying on Ledger Live software. This is a huge advantage for DeFi users.

Trezor Safe 5 UX Disadvantages:

  • No wireless connectivity: you always have to use a cable.
  • iOS integration is view-only: you can watch your balance, but can't send transactions from iOS apps.

Trezor Safe 5 UX Advantages:

  • The display is easy to read and convenient to use on a regular basis.
  • The touchscreen and input are very well-thought-out experiences on Trezor Safe 5 — you can use them without any discomfort.

How do these wallets' security features compare?

Now, we dive deeper into the core specification of every hardware wallet: security features.

Ledger StaxTrezor Safe 5
PIN-code 4 - 8 digits up to 50 digits
BIP39 Passphrase Yes Yes
Open-source Partial Full
Secure Element Yes Yes, and it's NDA-free
Multisignature Yes Yes

Crypto wallet security feature differentiators

Image of Trezor Safe 5 with a void sticker on it - security seal of genuineness

Trezor Safe 5 with a void sticker on it - security seal of genuineness

Ledger Stax Security Disadvantages:

  • Critical components like the Secure Element and its operating system are closed-source. This raises concerns, especially after the controversial introduction of the Ledger Recover backup service, which challenged the previous assumption that the Secure Element could never transmit the recovery seed phrase outside the hardware wallet.

Ledger Stax Security Advantages:

  • Includes a Secure Element, giving Ledger devices a strong reputation for withstanding physical attacks. This is important for users who prefer not to complicate their security with BIP39 passphrases, instead prioritizing ease of use.
  • Clear Signing is also a security feature.

Trezor Safe 5 Security Disadvantages:

  • Trezor does not fully rely on open-source software and hardware, but mitigates this limitation architecturally, so that the seed phrase is not touched by any closed-source software on the device.

Trezor Safe 5 Security Advantages:

  • Along with this new flagship product, Trezor introduces Secure Element chips, raising the security bar. More importantly, its Secure Elements are "NDA-free," which is good: the chips are not bound by Non-Disclosure Agreements (NDAs) that could restrict Trezor from publicly discussing any security flaws.
  • The Secure Element is responsible for verifying device authenticity via secure boot protection, and for storing a part of the secret that is used to decrypt the recovery seed (but it never actually knows what your recovery seed is).
  • Allows for longer PIN codes, which might appeal to particularly cautious users.

Have there been vulnerabilities or hacks of these wallets?

Given that both of these products under review are very new, we will examine their manufacturers' histories of hacks. There have been vulnerabilities and hacks associated with both the Ledger and Trezor products.

While relatively secure, most crypto wallets — even hardware wallets — can not provide perfect security, and are routinely subject to malware, supply chain, and firmware vulnerabilities. Here are some recent notable incidents:

Ledger Vulnerabilities:

  1. The Connect Kit Attack (2023): The Connect Kit breach was discovered by the security teams of Ledger.
  2. Ledger User Data Breach (2020): A major data breach exposed the personal information of thousands of customers, leading to phishing attacks.
  3. Another User Data Breach (2021): Ledger announced on Twitter that it has been targeted by rogue Shopify team members who exported over 200 merchants’ customer databases.
  4. Ledger Live (2020): Users were exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent.
  5. Potential Supply Chain Attack Vulnerability (2020): Kraken Security Labs Identifies Supply Chain Attacks Against Ledger Wallets.

Trezor Vulnerabilities:

  1. Ability to Physically Hack Trezor T Wallet (2023): Crypto Security Firm Unciphered Claims Ability to Physically Hack Trezor T Wallet
  2. Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets (2019): Ledger’s Attack Lab has found five vulnerabilities in hardware wallets of its direct competitor Trezor.
  3. Kraken Identifies Critical Flaw in Trezor Hardware Wallets (2020): Kraken Security Labs has devised a way to extract seeds from both cryptocurrency hardware wallets offered from industry leader Trezor, the Trezor One and Trezor Model T.
No software is perfect, and no wallet is ideal. However, some designs have been compromised more than others.

Summary of Ledger Stax and Trezor Safe 5 Comparison

The Ledger Stax and Trezor Safe 5 both provide a respectable set of security measures, and support a broad spectrum of cryptocurrencies, making them suitable for diverse crypto portfolios.

The Ledger Stax is more mobile-friendly, and offers a balance of security and convenience features at a very premium price. It offers an unconventionally-large display with delayed response, with the advantage of wireless connectivity options like Bluetooth.

On the other hand, the Trezor Safe 5, at a much lower price, boasts a more open-source and NDA-free framework, a reasonably-sized display with colors, and a touchscreen interface for enhanced user interaction. However, it has fewer convenience features: it works only with USB connections, and is missing iOS integration.

The decision between the two will likely hinge on individual preferences for the target platform (mobile or desktop), and should take into account the planned frequency of use.

Whichever you choose, remember to add crypto inheritance to your choice of wallet to ensure the long-term safety of your digital assets. Both the Ledger Stax and Trezor Safe 5 are compatible with Vault12 Guard Inheritance planning.


Vault12 Guard: a decentralized solution for Crypto Inheritance

Vault12 is the pioneer in Crypto Inheritance Management, and delivers an easy-to-use and securemethod for assigning a legacy contact to your crypto wallets. This enables you to pass on your wallet seed phrases and private keys for all types of digital assets to future generations. Vault12 Guard is designed for everyday people, yet strong enough for Crypto OGs.

Vault12 Guard has a uniquely-secure design. Utilizing advanced encryption and decentralized storage, it ensures that crypto assets are not only safe but also transferable under predefined conditions, filling a critical need unmet by most traditional hardware wallets. Vault12 Guard applies a hybrid approach of software fused with the hardware-based Secure Element of phone devices (The Secure Enclave for iOS devices, and Strongbox for Google devices). Vault12 Guard's decentralized design minimizes possible points of failure. Nothing is stored on Cloud servers or Vault12 servers, and no assets are stored on local devices, making them less of a target.

From a user perspective, the Vault12 Guard app asks users to appoint one or more people (or mobile devices) as Guardians. The designated Guardians are entrusted to protect the user's comprehensive collection of wallet seed phrases and private keys, which are safely stored within a decentralized digital Vault. Its simple, user-friendly workflow removes the necessity for regularly revising wallet inventories or modifying instructions for your lawyers — a process that otherwise could lead to privacy breaches.

Both the Ledger Stax and Trezor Safe 5 are compatible with Vault12 Guard Inheritance. This addresses the seed phrase backup dilemma for any hardware wallet. It also makes less-secure backup methods, such as paper or steel plates, unnecessary.

How to securely set up Trezor Model T

Learn how the Trezor Model T secures your funds, and how to set it up securely

Welcome to the Vault12 step-by-step guide to securely configuring the Trezor Model T, the high-security hardware wallet created by Trezor. This guide will walk you through either creating a new wallet, or initializing an existing wallet by importing a recovery seed.

This guide focuses on the security choices you can make when setting up your wallet; if you are looking for the official setup guide, please click here.

Let's get started.

TLDR;
Hardware wallets are widely considered to be the safest way to store cryptocurrency.

The Trezor Model T is considered to be among the best hardware wallets available on the market.

The Trezor Model T is compatible with multiple 3rd-party software wallets.

The Trezor Model T supports a wide variety of coins and tokens.

This guide complements the official documentation.

Intro to Hardware Wallets

Most cryptocurrency wallets on the market today are software wallets running on computer systems that are connected to the Internet, and this makes sense - the blockchain itself is software, and if you want to conveniently interact with it, a few mouse clicks in a software wallet can quickly execute a transaction. However, a potential threat emerges that is present in all applications: software is hard to keep secure. Not only is the wallet application itself susceptible to attack, but the operating system of the host computer, and even the security of the hardware that runs the operating system can be the target of attack.

This is why specialized secure hardware exists - the smaller the set of tasks that a device performs, the smaller the "attack surface," and the less likely that bad actors can find a way to compromise its security.

No matter which hardware security setup you use, hardware attacks are still possible. For this reason, Trezor recommends using a BIP39 passphrase if you think that you are at risk of physical attacks; however, you must still BACK UP both the passphrase and seed phrase. Similarly, another option provided by Trezor is to use Shamir's Secret Sharing - but the same responsibility exists - you must back up the shards. Vault12 addresses all of these scenarios by providing an easy-to-use back up and retrieval mechanism for passphrases, seedphrases, and shards.

For a software wallet to be secure, the application has to be built without security flaws, the operating system hosting the application has to be hardened (configured to reduce the likelihood of successful attacks), and both the application and the operating system must be kept patched to address any newly-emergent security flaws. Every day reveals new unexpected vulnerabilities discovered by creative hackers. A choreographed team of application developers, system administrators, and network engineers must constantly monitor and defend online applications against security threats.

Hardware wallets have emerged as a solution to these threats. Hardware wallet manufacturers design security features into purpose-built, customized hardware that protect your private keys by keeping them inside the device and permanently isolated from the Internet. No matter what new vulnerabilities are discovered in software, if your private keys are stored in an offline specialized hardware device, your keys are safe.

The Innovation of Trezor

The Trezor Model T is an open-source, fully auditable hardware wallet developed by Satoshi Labs. The team at Satoshi Labs are trailblazers in the cryptocurrency space, making open-source contributions that are in use by thousands of wallets every single day. Among Satoshi Labs' significant contributions are the BIP39 protocol that is the industry standard for wallet generation, and the protocols that determine the wallet derivation paths for native-SegWit and non-SegWit addresses: BIP44 and BIP84.

In fact, in 2012, Trezor released the very first hardware wallet for Bitcoin. The Trezor Model T is the culmination of almost a decade of work on open-source hardware wallets.

The Trezor Model T has a number of security features that are unique, and due to its open-source nature, many other hardware wallets on the market use the source code from Trezor in their products. Satoshi Labs welcomes and fosters this, in the spirit of driving innovation in the open-source model. The approach is working, with hundreds of developers having contributed code to the Trezor ecosystem.

Security features of Trezor Model T

The Trezor Model T builds in a number of security features.

The main threat model of the Trezor Model T is to protect against digital attacks from hackers and malware, which are the most common threats facing cryptocurrency users. Your Trezor Model T protects your private keys, never sharing them or exposing them to any 3rd party.

To achieve this, the Trezor Model T operates on a zero-trust principle. What this means is that by default your Trezor Model T does not trust Trezor Wallet or any 3rd-party wallet. The principle of "Don't Trust; verify" is at the forefront of the design of the Trezor Model T.

When you initiate a transaction from your wallet application, the raw transaction is sent to your Trezor Model T, with a request that the raw transaction be signed. In order for a crypto spending transaction to be broadcast to the blockchain network, it must be signed with the private key associated with the blockchain address that holds the crypto.

Before signing the transaction with your private key and returning it to your wallet application to be broadcast, your Trezor Model T will perform a series of "Don't Trust; verify" checks.

To protect against a compromised wallet, when your Trezor Model T receives a raw transaction, the details will appear on its display. This gives the user the ability to confirm the amount, address, and fee, before signing the transaction. This prevents malware from changing the destination address, or making unauthorized transactions.

In order to sign a transaction, your Trezor Model T will require you to input your PIN code. Your PIN is 1-9 numbers, and is used anytime action is taken involving private or public keys. To protect against brute force attacks, the device wipes its memory after 16 failed PIN attempts. A 9-number PIN has so many possibilities that this guessing attempt limit ensures that no attacker will be able to gain access to your device. This prevents someone with physical access to your wallet and your Trezor Model T from being able to send transactions.

Building on the zero-trust principle, the individual components in the Trezor Model T do not trust each other. The device ships with only the boardloader and bootloader installed, and requires firmware to be installed at the first setup. The main function of the boardloader is to verify the authenticity of the bootloader. The boardloader is write-protected, and has no ability to be altered or upgraded.

Once the bootloader has been verified to be authentic, the device starts up and proceeds to check the authenticity of the firmware. If the firmware is not signed by Satoshi Labs, a warning will be displayed on the screen.

The firmware is the operating system of the Trezor Model T, providing all the instructions and directions. By default, the firmware does not trust incoming transactions from wallets. As described in the above paragraphs, the firmware instructs the device to display the transaction details; amount, address, and fee, and requires the user to confirm accuracy with the PIN code.

To limit the possible attack vectors, the Trezor Model T was built with only the functionality that was needed to perform its task: protecting users' private keys, even if connected to a compromised computer. The Trezor Model T only connects over USB - there is no wifi, bluetooth, or cameras installed on the device.

The Trezor Model T also has a number of security features built in to protect against physical attacks on the device. Physical attacks on the device include when an attacker has physical hands on the device and is able to manipulate the hardware.

When your Trezor Model T arrives, a hologram sticker will be covering the USB port. This holographic strip is ultrasonically welded to the hardware, creating a very strong seal. In order to use the device, the hologram strip must be removed, which leaves a noticeable debris on the hardware. This simple protection prevents bad actors from being able to modify the hardware of a Trezor Model T, and then resell the device to an unsuspecting victim.

To protect against the infamous "5-dollar wrench attack," in which an attacker beats you with a $5 wrench and forces you to unlock your device, the Trezor Model T supports and recommends using BIP39 passphrases.

BIP39 passphrases are supported as an advanced feature that adds an extra phrase to the end of your recovery seed. Using a BIP39 passphrase generates a completely new and separate wallet. This offers a clever way to protect against a$5 "wrench attack." How this works in practice is that you would use wallets generated by BIP39 passphrases, and if an attacker forced you to give up your recovery seed, you would provide the recovery seed - without the BIP39 passphrase. This would open up a dummy wallet that might hold a small amount of cryptocurrency, while your wallets that may hold more cryptocurrency would remain hidden. You can set up BIP39 passphrases in both Trezor Wallet and in Trezor Suite.

Additionally, the Trezor Model T supports multiple advanced security configurations, including:

  • Running your own instance of Trezor Wallet, and running your own backend,
  • Using the Trezor Model T as a hardware 2FA, similar to Yubikey,
  • Configuring a specialized PIN that when entered will completely wipe your device,
  • Encrypting the PIN with a microSD card, and
  • Using Trezor for passwordless SSH keys, and GPG signatures.
Finally, it is interesting to note that the Trezor Model T does not use a Secure Element to store your cryptographic keys, like its main competitor The Ledger Nano X does. Secure Elements are specialized chips designed specifically for storing cryptographic data. The decision not to use a Secure Element is due to the proprietary nature of current Secure Element chips. However, that has some caveats for users to keep in mind during design of their own security protocols: if you use your Trezor Model T in a single-signature setup, then the only strong protection against physical attacks (loss, theft or "friendly fraud") - is a BIP39 passphrase, which in turn has its own risks to be kept in mind and mitigated.


Instead, the team at Satoshi Labs has been building its own open source Secure Element chip, and has created a new company around it called Tropic Square. It is expected to deliver samples next year, and it will likely be included in newer Trezor models.

Compatible Wallets

Due to the open-source nature of the Trezor Ecosystem, many 3rd-party wallets and service providers integrate with the Trezor Model T. In fact, Satoshi Labs maintains an actively-developed API for wallet providers to integrate with Trezor wallets.

When integrating with a 3rd-party wallet, keep in mind that the level of integration will vary from wallet to wallet. Some wallets only provide watch-only wallets, while some wallets are closer to full-featured, such as Electrum and Exodus. It is best to consult 3rd-party wallets' documentation to make sure that the features you need are available.

Below is a non-exhaustive list of wallets that are integrated with the Trezor Model T:

Wallets supporting transactions

  • Electrum
  • Electrum-DASH
  • Electrum-LTC
  • Etherwall
  • Exodus
  • MetaMask
  • Mycelium
  • MyCrypto
  • MyEtherWallet
  • Nano Wallet
  • Walleth

Watch-only wallets

  • ArcBit
  • BitWallet
  • Blockonomics
  • Sentinel

Exchanges and Services

  • Bitex
  • Bitstamp
  • Coinmate
  • Coinmap
  • Coinpayments
  • Cryptee
  • Emoon
  • Portfolio
  • Faa.st

Unboxing your Trezor Model T

If you have not opened your Trezor Model T, do so now. Inside the box, your Trezor Model T includes:

  • The Trezor Model T
  • A magnetic docking pad
  • 1 USB-A to USB-C cable for connecting your Trezor to your computer or mobile device
  • 2 Recovery Seed cards
  • 4 Trezor Stickers
  • A Getting Started guide
Carefully look over the contents and make sure that everything is included. In the box, your Trezor Model T will be on the magnetic docking pad, and all of the accessories will be in the Accessories box.
Although your Trezor Model T performs multiple security checks during the setup process to ensure that your device is genuine, a good first check can be done manually by ensuring that all contents that ship with the Trezor Model T are included, and making sure that the holographic strip is covering the USB port.

The contents of the accessories box
  

The contents of the accessories box

Trezor Wallet and Trezor Suite

The setup process for your Trezor Model T originates on the web. Currently, the official setup procedure involves going to https://trezor.io/start, and connecting your Trezor Model T to your computer via USB.

At the time of publishing in June 2021, Satoshi Labs is in the process of a major upgrade to Trezor Wallet, rebuilding it from the ground up. The new wallet is called Trezor Suite.

Trezor Suite is a desktop application available with enhanced features, including running your own full node, and routing transactions over Tor. It is available for use today in beta mode.

For this tutorial, we will cover setting up your Trezor Model T with trezor.io/start, and how to migrate to Trezor Suite later. (As a bonus, at the end of this guide are the setup instructions for Trezor Suite.)

Let's begin!

Setup with Trezor.io/start


If you want to complete the setup using Trezor Suite, which is currently in beta, the steps outlined below are identical. The only difference is the host application. Vault 12 does not recommend using Trezor Suite until it graduates from beta and is officially recommended by Satoshi Labs.

Alternatively, if you want to use Trezor Suite, Vault 12 recommends setting your wallet up using the official method at trezor.io/start, and then migrating to Trezor Suite. This is the process we will be following in this tutorial.
This section details setting up your Trezor Model T using the official recommended process by navigating to https://trezor.io/start in a web browser.
Before proceeding, we want to make sure that our connection to Trezor Wallet is secure. To do this, we will verify that the URL is correct and that we are connected over https (which is an encrypted connection). When using any web-based application, this is incredibly important. Performing basic checks such as these can prevent a whole range of phishing and man-in-the-middle attacks.
  • Verify that the URL is correct: https://trezor.io/start.
  • Look for the lock icon next to the URL, indicating a connection over HTTPS.
  • Clicking on the lock icon, you should see "Connection secure."
Trezor.io/start SSL lock symbol

Make sure you see the closed lock

SSL connection is secure

Click on the lock, you should see connection is secure

Now that we have verified we are on a secure URL, we can safely proceed with setting up our Trezor Model T. The first step is to select our device from the available options.

  • Select "Trezor Model T" to continue set up.
select your device to continue

Select Trezor Model T

After selecting our device, a pop-up will appear on the screen. The pop-up will ask you to verify that the hologram sticker on your Model T is authentic. To help with this, a 3-second video plays on a loop.

The hologram sticker is a security feature of your Trezor Model T that is designed to detect if the device has been tampered with. The hologram sticker is using very sticky glue, and when you remove the hologram a residue will be left behind.

Using the video as reference, look at your hologram and compare it to the hologram in the video. We have also included a picture below that you can use.

After verifying your hologram, remove the hologram sticker.

Click on "Continue to Wallet."

security hologram
  

Verify your Hologram

Connect your Trezor

Now that we have verified the hologram on our Trezor Model T, it is time to connect it to your desktop computer or mobile device via USB cable. The Trezor Model T does not support any wireless connections. The only officially supported operating systems are Windows, Mac OS, Linux, and Android. iOS is not supported by Trezor.

iOS is not supported by Trezor. For this reason, it is recommended to not use your Trezor with iOS devices. You are using the Trezor to secure monetary value, and using it with an unsupported operating system comes with inherent risks.

Trezor Model T connects to your web browser using a protocol called WebUSB. WebUSB allows web browsers to securely interface with USB devices. Your web browser should pick up the Trezor Model T automatically, and your browser may ask you for your permission to access your Trezor.

If you are not seeing the Trezor Model T, follow these troubleshooting steps:

  • First, connect your Trezor Model T to your device using the supplied USB cable. You will need to use a little bit of force when connecting the USB cable to the Trezor Model T: you should hear a small click when the device is connected.
  • You may need to install Trezor Bridge, a compatibility tool for your Trezor.
connect your trezor

Connect your Trezor

Trezor Bridge (optional) - How to install Trezor Bridge if USB connection is not successful

If your browser does not automatically recognize your Trezor Model T, you may need to install Trezor Bridge. If you were able to connect your Trezor, you can safely skip this step.

To download Trezor Bridge, scroll to the bottom of the screen and look for the following text:

"Device not recognized? Try installing the Trezor Bridge"

Click on Trezor Bridge and it will bring you to the Trezor Bridge download page.

install trezor bridge

Trezor Bridge

  • On the Trezor Bridge download page, select your operating system and click on Download.
  • For Mac OS and Windows, download the PGP signatures.
  • For Linux users, the .deb and .rpm files contain the PGP signatures.
trezor bridge download

Trezor Bridge download

Trezor Bridge (optional) - Verify PGP signatures

Trezor Bridge is signed by Pavlo Rusnak, the co-founder and CTO of Satoshi Labs. For some reason, on the download page for Trezor Bridge, the signature files are provided, however Pavlo's key is not provided, it has to be tracked down.

Tracking a key down across the internet is problematic, as you could download any key, and you have to make your best determination that the key is trustworthy. Whenever this has to be done, it is best to get multiple sources of confirmation that the key is correct.

  • Download the key, and make sure it is saved as an .asc file.

Next, we have to verify the signatures of Trezor Bridge and make sure they match.

Trezor Bridge (optional) - Verify PGP Signature on Windows

  • Download Gpg4win (https://gpg4win.org) - this is a windows utility that installs GPG, a GPG key manager, and configures it all to work across many apps on your Windows.
  • For this guide, you do not need to create your own GPG keypair. However, GPG is used a lot and it is good to be familiar with it.
  • Verify your download by using the `check integrity` page provided by Gpg4win. The "check integrity" page is where Gpg4win lists its code signatures for each release.
  • In the File Explorer, navigate to the Downloads folder and right-click on gpg4win installer. Follow the path Properties -> Digital Signatures -> Details of Signatures. This will open the signature information.
  • Compare the signature data on Gpg4win's check integrity link and the signature data on your Windows device. They should be identical.
  • Run the Gpg4win installer. If you have Windows Universal Access Control enabled (it's enabled unless you disabled it) you will be asked to confirm that you want to run Gpg4win. Check the publisher data: the publisher should be "Gpg4win Initiative."
  • During installation, you will be asked which packages you want to install. To complete this guide, you will only need GnuPG and a key manager.
  • When installation is complete, your key manager, Kleopatra, should start automatically. If it hasn't, open Kleopatra from the start menu.
  • In Kleopatra, click on "Import" in the top menu. Select Pavol Rusnak's PGP key that you just downloaded, and import it. After importing, you will be able to see the key listed in your keychain.
  • In Kleopatra, right click on Decrypt/Verify in the top menu.
    • Select the signature file and click "open."
    • A popup will appear with the results. Look for "Good signature from "Pavol Rusnák." This indicates a good, valid signature!
    • You might see the text "Undefined trust," or a warning that the key that signed the file is not trusted. If so, this is likely because you have not signed Pavol Rusnak's GPG key with your own GPG key, which lets GPG know that you trust this key.
Good job! You have verified your Trezor Bridge download. Install Trezor Bridge by running the .exe file.

Trezor Bridge (optional) - Verify PGP Signature on Mac OS

  • Download and install GPG Suite (https://gpgtools.org) - this is a Mac utility that installs GPG, a GPG key manager, and configures it all to work across many apps on your Mac.
  • For this guide, you do not need to create your own GPG keypair. However, GPG is used a lot and it is good to be familiar with it.
  • Verify your download by using the checksum. Checksums are not as secure as GPG signatures, but we don't have GPG yet! So checksum it is.
    • On the download page for GPG Suite (https://gpgtools.org) - hover your mouse over "SHA256." SHA256 is the hashing algorithm used to generate the checksum.
  • Open the terminal app, found in Applications -> Utilities -> Terminal and run this command, but don't hit ENTER yet!
    • shasum -a 256
  • Open the folder containing GPG Suite, and drag and drop the application in the terminal - this will automatically fill in the rest. Now hit Enter!
  • Your terminal will generate the sha256 checksum. Compare the result to the result on https://gpgtools.org when hovering over sha256.
  • Now that you have confirmed that GPGTools is secure, Open GPG Keychain, and import Pavol Rusnak's PGP key that you just downloaded.
  • Open your downloads folder, and right click on the Trezor Bridge OSX executable file (.dmg).
    • Look for services -> OpenPGP: Verify signature of File and click on it


    • A pop up will appear with the results. Look for "Signed by Pavol Rusnak." This indicates a good, valid signature!


    • You might see the text "Undefined trust," or a warning that the key that signed the file is not trusted. If so, this is likely because you have not signed Pavol Rusnak's GPG key with your own GPG key, which lets GPG know that you trust this key.
Good job! You have verified your Trezor Bridge download. Install Trezor Bridge by running the .dmg executable file

Trezor Bridge (optional) - Verify PGP Signatures on Linux

  • Open a terminal and $ cd into your Downloads folder, or whatever folder contains the Trezor Bridge download and Pavlo's GPG signature.
  • Import Pavlo's GPG key by running the following commands:
    • gpg --import keyname.asc # the name of the saved file
  • Verify the Trezor Bridge download by running the following command:
    • $ gpg --verify trezor-bridge*.deb # for Debian-based systems
    • $ gpg --verify trezor-bridge*.rpm # for RPM-based systems
  • You should see good signature from Pavol Rusnak
  • Now you can install Trezor Bridge:
    • $ sudo apt install /path/to/treorbridge.deb # For Debian-based systems
    • $ sudo rpm -i /path/to/trezorbridge.rpm # For RPM-based systems

Install Trezor Model T Firmware

After Trezor Wallet recognizes your Trezor Model T, the first action it will take is to install firmware on your device. Your Trezor Model T ships with no firmware installed. This is by design, and is a security feature. By installing the firmware at device setup, you prevent running outdated firmware.

Warning: If you receive a Trezor Model T and it already has firmware, it is not recommended to use it. Instead, Satoshi Labs wants you to contact them.
  • Click on Install Firmware to begin installing the Firmware.
installing firmware

Click on install firmware

Trezor Wallet Creation

When the firmware is finished installing, you will be greeted with "Welcome to Trezor." This is the beginning of the wallet creation process.

  • Two options appear on the screen:
    • Create a new wallet
    • Recover an existing wallet
  • Select Create a new wallet by clicking on the green Create Wallet button.
create or recover wallet

Create wallet

Next, Trezor wants to know how we would like to create our wallet. We are presented with two options:

  • Create with Single backup
  • Create with Shamir backup
The Shamir backup is an advanced backup method that uses the similar encryption technology as Vault 12 - Shamir's Secret Sharing.
Creating a wallet with Shamir's Secret Sharing is complex, as you are left to distribute the shards yourself with no backup mechanism, and you will lose the ability to migrate to different wallets. Vault12 provides a much simpler method of backing your seed phrase, passphrase, and shards with easy retrieval.

In this guide, we are going to focus only on setting up your Trezor Model T with Create with a Single backup.
  • Click the green button "Create with Single Backup."
create a new wallet

Create with Single Backup or Shamir Secret Sharing

Create with Single Backup

The following instructions are for creating a wallet with a Single BIP39 backup.

If you want to create a wallet using Shamir's Secret Sharing, skip this section.

Accept Terms of Service

Before proceeding, you will need to accept the Terms of Service. A pop-up will appear in Trezor Wallet asking you to confirm the Terms of Service by clicking on Confirm on your Trezor Model T.

  • Turn your attention to your Trezor Model T, and tap on the green checkmark on the touchscreen to accept the Terms of Service.

Terms of Service
  

Terms of Service

Create a backup

After accepting the terms of service, your Trezor will initialize your wallet. When this process is done, you will notice a yellow bar on the top of the touchscreen that says "Needs Backup."

  • Return your attention to Trezor wallet, and click on the orange "Create a backup in 3 minutes" button.

create a backup in 3 minutes
  

Create a backup in 3 minutes

Before beginning the backup process, Trezor Wallet displays some important information about your seed phrase (they call it the "recovery seed." Read all of the information listed; it will only take a minute. The information mirrors what the Guides listed here on the Vault12 Learn site advise about best security practices.

Also, take notice of the steps listed on the top of the popup. These are the security configuration steps Trezor Wallet is going to walk you through in setting up your device. They are as follows:

  1. Create backup
  2. Set up PIN lock
  3. Name your device
  4. Bookmark
  5. Stay in touch
This guide will walk you step-by-step through these steps, and provide additional best practices along the way.
  • Read the security best practices overview about backing up seed phrases.
  • Check the "I understand and I agree" checkbox.
  • Click on the green button that says "Continue."
General Security Advice

Good security information

Finish backup on your Model T

Trezor Wallet will be displaying a popup telling you to complete the backup on your Trezor Model T. This is because the rest of the backup process happens on your device.

Here is a high-level overview of the backup process on your device:

  1. Trezor Model T is going to display your 12-word recovery seed on the touchscreen.
  2. You will write down your 12-word recovery seed.
  3. Trezor Model T will quiz you on 3 random words, asking you to select the correct word.
Now that you have an understanding of the upcoming steps, read the Caution message about making digital copies, and tap on the green "I understand" button.
never make a digital copy of your recovery seed

Don't make digital copies of your recovery seed

Write down your recovery seed

  • Your 12-word recovery seed will now be displayed on the touch screen.
  • In order to see all the words, you will have to swipe in a fashion similar to smart phones. You will notice the arrow says Swipe down, but you really have to swipe up to go down.
  • Write your recovery seed down on a piece of paper and when you get to the last word you will see "Hold to confirm."
  • Press and hold on "Hold to confirm" to confirm that you have written down your recovery seed.
Writing your recovery seed on paper is not sufficient for long-term backups. Paper is vulnerable to loss, theft, and damage. Your Trezor Model T ships with a "recovery seed booklet" for writing down your recovery seed. However, it is not advised to use this as a long-term method.

recovery seed words 1-2
  

Recovery seed words 1-2

Verify your recovery seed

Now, it is time to verify your recovery seed. To do this, your Trezor Model T will ask you to select the correct word from 3 random choices. For example, you will be asked to select word #4 from three possible choices. The reason for doing this is to make sure that you have really backed up your recovery seed.
  • Select the correct word from the available choices.
  • You will do this for 3 random words.
  • When you are finished, a Success message will appear on screen. Tap on the green "Continue" button.
Confirm recovery seed

Confirm recovery seed

Sucess

Success! Tap Green button to continue

Success

Good job! You have created and backed up your recovery seed. Now it is time to set up your PIN.

Set your PIN

Good work on backing up your recovery seed - it is important!

Now, you will notice that your Trezor Model T still has the yellow bar across the top, but this time it says "PIN NOT SET!"

Your device PIN works as a passcode to protect your device from unauthorized access. Everytime you want to send funds, change a setting, or any significant action, your Trezor Model T will ask you to input your PIN code to the touch screen.

The device PIN can be anywhere from 1 number to 9 numbers. Let's set up our PIN now.

  • Focusing your attention back to the Trezor Wallet, you should see a "Success" message confirming that you have backed up your seed phrase.
  • To setup your PIN, click on the green Continue button.
  • After clicking Continue, you will be directed to focus your attention back to your Trezor Model T to set up your PIN.

PIN not set
  

PIN not set

  • On your Trezor Model T, the display will be asking you if you want to enable PIN protection. Tap on the green checkmark to confirm.
  • Displayed on the screen is a keypad with numbers 0-9. The numbers are displayed in a random order on the screen.
  • Using the touchpad, create your PIN. The maximum length of your PIN is 9, and the minimum length is 1.
  • When you have created your PIN, tap on the green checkbox.
  • Re-enter your PIN to verify it. Notice that the layout of the numbers has changed; make sure you select the correct numbers.
  • When successful, your Model T will confirm success on the screen. Tap on "Continue" to proceed.

Enable PIN
  

Enable PIN

Congratulations! You have set up all of the security features of your Trezor Model T, and you can safely begin using it. Notice that when you look at your Trezor Model T, there is no yellow bar across the top of the screen with a call to action.

There are, however, a few setup steps remaining in Trezor Wallet. The remaining steps are very simple and will not take long to complete.

  • Focus your attention back to Trezor Wallet, and you will see a "Success" message from creating your PIN.
  • Click on the green "Continue" button to proceed.

name of device
  

My Trezor is current name of device

Name your device

The next step is to name your device. The name of your device will appear on your Trezor Model T display underneath the Trezor Logo. Right now, your device is named "My Trezor."

Although this step is technically optional, if you do not name your device, you will see a prompt in your wallet homepage asking you to name your device.

When choosing a name for your Trezor, it is best to choose something uninteresting and nondescript. For example, do NOT select a name such as "My Life Savings," or "Million Dollar Club." For example, we are going to name our Trezor Model T something inconspicuous like "unu1." (This is the initials of Trezor Model T, TMT, but shifted one letter ahead, and for good measure we added the number 1, for wallet 1.)

Why do we do this? It is part of being in a security mindset and taking care of the little things in order to prevent unnecessary risk. Devices can go missing due to loss or theft and end up in the wrong hands.

Consider a situation in which the device was lost, and found by an unethical human. This unethical human plugs in the Trezor Model T and notices a name such as "My Name's Life Savings" or "Million Dollar Club." In this case, the unethical human may decide to track you down and force you to unlock the Trezor and send all your crypto to them.

This situation can likely be avoided by simply naming your wallet something nondescript and not identifiable to you.

  • To name your device, click on the green "Continue" button in Trezor Wallet.
  • A text area will appear on the screen. Type your device name into the text area.
  • Click on the green "Confirm to continue" button.
Next, focus your attention back to your Trezor Model T to complete the naming process.
  • Enter your device PIN.
  • Your Trezor Model T will ask if you really want to change the name. Tap on the green checkmark to confirm.
  • The name you entered in the text area will now appear under the Trezor logo.

name device
  

Name device

Bookmark Trezor Wallet

Next, Trezor wants you to create a bookmark in your browser to prevent phishing, since the Trezor wallet is a web-based wallet. This is a great idea. By using a bookmark, you can prevent accidental phishing by making a spelling mistake or going to the wrong URL.

  • Press Control+D on your keyboard, or use your browser menu to create a bookmark. Every time you visit your wallet, make sure you use the bookmark.
  • When you are finished, click on the green "Continue" button.
Bookmark trezor

Bookmark Trezor

The last step in the setup flow is a page that lists Trezor's social media pages. To stay updated with Trezor developments, it is a good idea to bookmark these pages.

  • Click on the green "Continue" button.

The final page asks you to keep in touch, and reminds you to keep your recovery seed safe. You can view our detailed instructions on backing up your recovery phrase if you want to learn about your available options.

  • Click on the green "Finish" button to complete the setup flow.

After you click on the green "Finish" button, Trezor Wallet will prompt you to enter your email information to receive updates from the Trezor team.

This step is up to you if you feel comfortable sharing this information. For privacy protection, it is worth considering the potential impact to you if Trezor's customer contact database ever had a breach and the email list were to get out. If your email address includes your name, then you would have just let the world know that you own a Trezor. This could put you at risk of receiving phishing attacks via email, or advanced social engineering attacks.

If you want to sign up for email, consider creating a secondary email specific for your Trezor with a non-descript name.

Otherwise, skip this step.

finished setup
  

Trezor is set up

Finished Setting Up Trezor Wallet

You are now on the wallet homepage, your device is fully configured, and you are ready to use your new Trezor!

Before you start trading crypto, you might notice "Trezor Suite" in the side menu. Trezor Suite is the future wallet of Ledger (as of this writing, it is still in beta mode), and the setup process that you just completed has positioned you to use the Trezor Suite product soon.

You could choose to download the Trezor Suite beta version now to be prepared, as the current Trezor wallet will be merged with Trezor Suite.

Learn how to download Trezor Suite below (after the section describing how to import an existing recovery seed), or just bookmark the Trezor page for future reference.

Import an existing Recovery Seed

This section is for those who already have a Recovery Seed phrase, whether manually generated or recovered from backup, and are initializing a wallet with it.

The Trezor Model T follows all common industry-standard protocols for blockchain networks, including BIP32, BIP39, and BIP44. If you have an existing BIP39 recovery phrase, you can use it to initialize your wallet with the Trezor Model T.

In addition, the Trezor Model T also supports recovering a wallet using SLIP-0039, which is Satoshi Lab's implementation of Shamir's Shared Secrets.

  • To begin, navigate to https://wallet.trezor.io.
    • Verify that you are connected over TLS/SSL (using https), and that there are no typos in the URL.
  • Select "Recover Wallet" from the Start screen.
recover existing wallet

Recover wallet

Trezor Wallet is now going to display some information about initializing a wallet from a recovery seed. To protect against insecure computers, your recovery seed will be entered directly into your Trezor Model T, and will not be accessible to the computer.

  • Click on the green "Continue" button.
recover wallet

Click on continue

Next, Trezor Wallet wants to know if you are going to be using a passphrase with your wallet. The passphrase refers to a BIP39 passphrase, an advanced feature which not only adds another layer of security, but also creates additional hidden wallets for each passphrase used. This is a feature that can be activated at any time from the wallet settings, so you can safely leave the box unchecked during setup, even if you are using a passphrase.

  • Leave the checkbox unchecked, and click on the green "Continue" button.
passphrase used question

If you used a BIP39 passphrase check box

The rest of the process happens on your Trezor Model T.

The Trezor Wallet displays a prompt asking you to accept its Terms of Service.

Tap on the green checkmark to accept the Terms of Service.

terms of service
  

Terms of Service

We have officially entered what is called "Recovery Mode" on the Trezor Model T. At the top of the display, a yellow bar appears with the text "RECOVERY MODE," and the message that it is safe to eject the Trezor from your computer. This is because in recovery mode, the Trezor Model T remembers your progress, so you can stop and start as you please without having to start over.

Recovery mode is designed for importing existing wallets. Since the entire process happens on your Trezor Model T, it does not have to be connected to a computer to be functional. The Trezor Model T does need a power source over USB. If you have a USB power bank, you can use that instead of a computer and gain a little more security by being completely disconnected from any other computer.

The first step in Recovery Mode is to let your Trezor Model T know how many words are in your recovery seed.

  • Tap on the green "Select" button to let your Trezor know how many words are in your recovery seed.
select number of words

Tap on green button

  • Select the number of words that are in your recovery seed.
  • The available options are: 12, 18, 20, 24, 33.
  • For standard BIP39 recovery seeds: choose 12, 18, or 24.
  • For Shamir's Secret Sharing select: choose 20 or 33.
    • If you select 20 or 33, the Trezor Model T will automatically recognize you are importing via Shamir's Secret Sharing.
select number of words

Select number of words

Recover BIP39 Wallet 

The following instructions are for recreating BIP39 wallets. If your recovery seed is 12, 18, or 24 words, this is the section for you.

Now it is time to enter your BIP39 recovery seed into your Trezor Model T. To begin, tap on the green "Enter seed" button on the display.

  • On the display of your Trezor Model T, letters are in groups of 3. For example, you will see "ABC" and "DEF".
  • To select letter "A", tap the "ABC" group 1 time.
  • To select letter "B," tap the "ABC" group 2 times.
  • To select letter "C," tap the "ABC" group 3 times.
  • As you input the letters, the most likely word will appear at the top of the display.
    • If the word at the top of the display is correct, you can select it by tapping on it twice. After the first tap, the word will turn green. A second tap confirms your selection.
    • Because of how BIP39 works, you will only have to enter the first 3 letters of each word. After entering the first 3 letters, the correct word should appear at the top of the display.
  • If you want to backspace, press the yellow Backspace button on the top left of the display.
  • When you have finished typing your word, the color of the word will turn green. Tap on it to confirm your word.
  • Repeat this process for all of your words.

type recovery seed
  

Type recovery seed

  • When you finish entering your last word, you will see a Success message.
  • Tap the green button to continue.

Congratulations! You have just initialized a wallet using your BIP39 recovery seed. If your Trezor is not connected to your computer, connect it now and navigate to https://wallet.trezor.io to load your wallet.

Satoshi Labs is in the process of a big upgrade to the wallet experience in Trezor, called Trezor Suite. You can continue to use Trezor Wallet, if you want to learn more about Trezor Suite, go to the next section.

Set up Trezor Suite

Trezor Suite is available as a desktop app available for Mac OS, Windows, and Linux, as well as a Progressive Web App. The easiest way to get familiar with Trezor Suite is to visit the web wallet. However, it is recommended to only use the desktop app for enhanced security.

This will bring you to Trezor Suite's homepage. From here, you can download Trezor Suite or visit the web wallet. Notice how the green download button for the desktop is front and center, while the button to access the web wallet is up in the top-right corner.

access Trezor Suite from Trezor Wallet
  

Trezor Suite link is on left-side menu

Download Trezor Suite Desktop

For this guide, we are going to download the desktop app. However, if you want to use the web wallet, the user interface and the steps involved are exactly the same - simply open the web wallet and skip to the next section.

  • To download Trezor Suite, use the green "Get Desktop App" button and select your operating system. Trezor Suite supports Mac OS, Windows, and Linux.
  • Notice underneath the green "Get Desktop App" button, there are two additional links: "Signature" and "Signing key."
  • Download both the "Signature" and the "Signing key." These are used to verify that the download is authentic.
download trezor suite

Download Trezor Suite

Verify your Trezor Suite download

Now that you have downloaded your Trezor Suite desktop app and the matching signature and signing key, it is time to verify that the signature matches the expected value. Trezor Suite is signed with the GPG key of the developers. This operation will perform a check to make sure the signature included with Trezor Suite matches the signing key from Satoshi Labs.

Satoshi Labs signs all of their downloads with their company PGP key. The key rotates every year, and can be found at the following link:

https://trezor.io/security/satoshilabs-2021-signing-key.asc

  • Download the key, and make sure it is saved as a .asc file.

Next, we have to verify the signatures of Trezor Suite and make sure they match.

Verify Trezor Suite Signature Windows

  • Download Gpg4win (https://gpg4win.org) - this is a Windows utility that installs GPG, a GPG key manager, and configures it all to work across many apps on your Windows.
  • For this guide, you do not need to create your own GPG keypair. However, GPG is used a lot, and it is good to be familiar with it.
  • Verify your download by using the "check integrity" page provided by Gpg4win. The "check integrity" page is where Gpg4win lists its code signatures for each release.
  • In the File Explorer, navigate to the Downloads folder, and right-click on the gpg4win installer. Follow the path Properties -> Digital Signatures -> Details of Signatures - this will open the signature information.
  • Compare the signature data on Gpg4win's check integrity link and the signature data on your Windows device. They should be identical.
  • Run the Gpg4win installer. If you have Windows Universal Access Control enabled (it's enabled unless you disabled it) you will be asked to confirm that you want to run Gpg4win. Check the publisher data: the publisher should be "Gpg4win Initiative."
  • During installation, you will be asked which packages you want to install. To complete this guide, you will only need GnuPG and a key manager.
  • When installation is complete, your key manager, Kleopatra, should start automatically. If it hasn't, open Kleopatra from the start menu.
  • In Kleopatra, click on "Import" in the top menu. Select the Satoshi Labs 2021 signing key that you just downloaded (satoshilabs-2021-signing-key.asc) and import it. After importing, you will be able to see the key listed in your keychain.
  • In Kleopatra, right click on Decrypt/Verify in the top menu.
    • Select the signature file and click "Open."
    • A pop up will appear with the results. Look for "Good signature from "SatoshiLabs 2021 Signing Key."". This indicates a good, valid signature!
    • You might see the text "Undefined trust," or a warning that the key that signed the file is not trusted. This is likely because you have not signed Pavol Rusnak's GPG key with your own GPG key, which lets GPG know that you trust this key.

Good job! You have verified your Trezor Suite download. Install Trezor Suite by running .exe file

Verify Trezor Suite Mac OS

  • Download and install GPG Suite (https://gpgtools.org) - this is a mac utility that installs GPG, a GPG key manager, and configures it all to work across many apps on your Mac.
  • For this guide, you do not need to create your own GPG keypair. However, GPG is used a lot, and it is good to be familiar with it.
  • Verify your download by using the checksum. Checksums are not as secure as GPG signatures, but we don't have GPG yet! So checksum it is.
    • On the download page for GPG Suite (https://gpgtools.org) - hover your mouse over "SHA256." SHA256 is the hashing algorithm used to generate the checksum.
  • Open the terminal app, found in Applications -> Utilities -> Terminal and run this command, don't hit ENTER yet!
  • $ shasum -a 256
  • Open the folder containing GPG Suite, and drag and drop the application in the terminal, this will automatically fill in the rest. Now hit Enter!
  • Your terminal will generate the SHA256 checksum. Compare the result to the result on https://gpgtools.org when hovering over SHA256
  • Now that you confirmed GPGTools is secure, Open GPG Keychain and import Satoshi Lab's 2021 signing key.
  • Open your downloads folder, and right click on the Trezor Suite OSX executable file (.dmg).
    • Look for services -> OpenPGP: Verify signature of File and click on it.
    • A pop up will appear with the results. Look for "Good signature from SatoshiLabs 2021 Signing Key" This indicates a good, valid signature!
    • You might see the text "Undefined trust," or a warning that the key that signed the file is not trusted. This is likely because you have not signed Satoshi Lab's GPG key with your own GPG key, which lets GPG know that you trust this key.
Good job! You have verified your Trezor Suite download. Install Trezor Suite by running the .dmg executable file.

Verify Trezor Suite Linux

  • Open a terminal and $ cd into your Downloads folder, or whatever folder contains the Trezor Suite download and GPG signature file.
  • Import the SatoshiLabs 2021 Signing key (satoshilabs-2021-signing-key.asc) by running the following commands:
    • gpg --import keyname.asc # the name of the saved file
  • Verify the Trezor Suite download by running the following command:
    • $ gpg --verify Trezor-Suite*.AppImage.asc
  • You should see a verification of good signature from the SatoshiLabs 2021 Signing Key.
  • Now you can install Trezor Suite. The Linux App is an AppImage, so we have to mark it as executable before it can run. (AppImages are programs contained within a single file.)
    • Using the graphical interface:
      • Right-click the AppImage file and click on Properties.
      • Check the "Allow executing file as a program" box.
    • Using the terminal:
      • Navigate to the folder containing the AppImage (usually the Downloads folder).
        • $ cd Downloads
      • Change the permissions on the AppImage file to make it executable.
        • $ chmod u+x Trezor-Suite*.AppImage
Good job! You can now run Trezor Suite.
Run the AppImage by running "$ ./Trezor-Suite-21.3.1-linux-x86_64.AppImage," double clicking the file, or right-clicking and clicking Run. (Your filename may vary slightly depending on what you downloaded for your system type, and what the current version is at that time.)

Open Trezor Suite

Now that we have verified our Trezor Suite download, it is time to open Trezor Suite. When you open Trezor Suite for the first time, you will be greeted with a welcome message.

  • Click on the green "Let's begin!" button to start the process of setting up Trezor Suite.
Welcome to Trezor Suite

Welcome to Trezor Suite

Next, Trezor Suite will ask you if want to opt in to anonymous data collection, which will help to improve the app. This is a personal decision that only you can make. Ask yourself if you are comfortable with your data being sent to Satoshi Labs, the company that develops Trezor, and if you are okay with not being certain with how your data will be used.

  • To opt-in to data collection, make sure the toggle is turned on. When the toggle is on, the color is green.
  • To opt-out of data collection, make sure the toggle is turned off. When the toggle is turned off, the color is gray.
  • To continue, click on the green "Continue" button.
Usage data opt-in

Usage data opt-in

Now Trezor Suite is going to ask if you are setting up a new device, or if you already have your Trezor Model T setup. You will see two options appear on the screen:

  • Begin Setup - use this option to set up your Trezor Model T as a new device.
  • Access Suite - use this option if you already set up your Trezor Model T.
For this guide, we are going to select Access Suite.
Trezor Suite setup

Trezor Suite setup

One last step before we can access Trezor Suite.

Trezor Suite is going to display a warning. In the warning, Trezor Suite states to only proceed if you set up your Trezor Model T yourself. If anyone else set up your Trezor Model T, do not proceed.

  • Click on the green "Access Suite" button.
  • Focus your attention on your Trezor Model T and enter your PIN.
    • Anytime a wallet wants to access your Trezor Model T, you have to enter your PIN. This is a security feature, and why it is important to set a strong PIN.
Once you enter your PIN, Trezor Suite will load, begin checking your addresses for balances, and initialize your wallet. When the process is complete, you are free to start using Trezor Suite!

access suite
  

click on Access Suite

How to update Trezor Suite

If you decide to use Trezor Suite instead of Trezor Wallet, you will want to regularly check for updates. You can check for updates by following Trezor across social media, or by checking in the app.

In the most recent update to Trezor Suite, the Trezor team has enabled in-place updates. Since Trezor Suite is still in beta, until recently when new versions were released, early adopters had to download the new version and upgrade manually. Since the most recent update, users simply have to click on "Check for update" in app Settings, and the app will update itself.

  • To check for an update, access the Settings by clicking on the Settings wheel in the top-right corner.
  • In the Settings, scroll to the bottom of the page and look for "Check for updates."
    • "Check for updates" is located under "General > Application" in your settings.
trezor suite check for updates

How to check for updates

Congratulations!

Congratulations! You have just set up one of the most secure methods of storing your crypto funds. There is a lot of good content around here to learn from, so check out these articles:

In crypto, knowledge is essential. The Trezor ecosystem is in very active development and constantly innovating and pushing out updates. Check out these links:

View all articles

Advanced

Managing digital assets like cryptocurrencies can be complex, especially when it comes to inheritance.

View all articles

What Is a Self-Sovereign Identity?

Personal control over our online personas has given rise to the philosophy of self-sovereign identity (SSI). In essence, a person who has an SSI has sole ownership of their digital and analog identities and controls how their data is viewed or shared.

Man carrying credit card with identity

Anonymity vs. Pseudonymity In Crypto

Learn the difference between anonymity and pseudonymity and their implications for crypto.

Anonymity vs. Pseudonymity In Crypto

How Secure Enclave gives you Instant Access to your Digital Assets with Hot Storage Vault

Vault12 Guard's Instant Access Hot Storage enables secure local storage of digital assets such as crypto and NFTs with immediate on-device retrieval, and safeguards them from loss by backing them up in your digital Vault.

Hero photo of a phone with sensitive information

Understanding Shamir’s Secret Sharing (SSS)

This article describes a well-known strategy for distributing shared secrets: Shamir's Secret Sharing.

Generate a Seed Phrase using Dice.

Detailed steps to generate your seed phrase using 20-sided dice to ensure randomness.

View all articles
Decorative Background

Get Started Now.

Vault12 Guard is now available from the iOS and Android App stores.
Download Vault12 on App StoreDownload Vault12 on Google Play