Self-Custody Done Right: Backing Up Seed Phrases and Using Multisig

Self-custody means you, and only you, hold the keys to your crypto. That is the whole point, and also the whole risk: lose your seed phrase and the funds are gone for good, with no support line to call. The most common way people lose self-custodied crypto is not a hack; it is a backup that was lost, damaged, or never tested. Here is how to back up properly and when to step up to multisig.

Key takeaways

• Your seed phrase is the master key; anyone who has it controls the funds, and losing it with no backup loses them permanently.
• A good backup plan defends against both loss (fire, flood, misplacement) and theft at the same time, which is harder than it sounds.
• Never store a seed digitally; use durable metal media and keep more than one copy in separate secure locations.
• A passphrase (the "25th word") and multisig solve different problems and can be combined.
• Multisig (for example 2-of-3) removes the single point of failure, but you must also back up the wallet descriptor, not just the keys.

First, understand what the seed phrase is

Your seed phrase (usually 12 or 24 words) is the master key to your wallet. Anyone who has it controls the funds; if you lose it and your device fails, you lose access permanently. Two failure modes pull in opposite directions:

• Loss: fire, flood, misplacement, or a single damaged copy.
• Theft: someone finds or photographs your words.

A good backup plan defends against both at once, which is harder than it sounds because steps that reduce one risk often raise the other. Add more copies and you cut loss risk but raise theft risk; hide a single copy well and you cut theft risk but raise loss risk.

Each storage choice trades one risk against another. Here is how the common options compare:

Backup method	Loss resistance	Theft resistance	Verdict
Photo or cloud note	Low	Very low	Never do this
Password manager entry	Medium	Low (online target)	Avoid for seeds
Single paper copy	Low (burns, degrades)	Medium	Insufficient alone
Metal plate, one location	High	Medium	Good, but single point of failure
Metal plates, two secure locations	High	Medium to high	Recommended baseline
2-of-3 multisig across locations	High	High	Best for large holdings

Single-signature backup best practices

For a standard single-key wallet, the seed phrase is the entire secret. Treat it accordingly.

Never store it digitally

No photos, no cloud notes, no password manager entry, no text file, no screenshot. Anything connected to the internet is a target. Keep the words offline, always.

Use durable physical media

Paper burns and degrades. For long-term storage, metal backup plates (stamped or engraved steel) survive fire and water far better. Many people keep at least one metal copy of a long-held seed because a single house fire should not be able to erase your savings.

Keep more than one copy, in separate places

A single backup is a single point of failure. Multiple copies in geographically separate, secure locations protect against a localized disaster. The trade-off: each additional copy is one more thing that could be found, so each location must be genuinely secure.

Consider a passphrase, carefully

Some wallets support an extra passphrase that creates a separate hidden wallet. It adds meaningful protection, but if you forget it, the funds behind it are unrecoverable. Our full guide to the 25th word and hidden wallets walks through the trade-offs; only use one if you have a reliable way to remember or store it separately from the seed.

When to step up to multisig

Single-signature has an unavoidable weakness: one secret protects everything. If that one seed is compromised, funds are gone; if it is destroyed and you have no backup, funds are gone. Multisig solves this.

How multisig works

A multisig wallet requires multiple keys to spend, in an "m-of-n" scheme. A common setup is 2-of-3: three keys exist, and any two are needed to move funds. This eliminates single points of failure.

• A thief who steals one key cannot spend anything.
• You can lose one key entirely and still recover with the other two.

That flexibility is the real benefit: because no single key is sufficient, you can store the keys in more varied locations (including, in some setups, with a trusted third party or collaborative-custody provider) without handing anyone control.

Do not forget the wallet descriptor

A multisig setup has a critical extra piece: the wallet configuration, often called the descriptor, that defines how the keys combine (which public keys, what threshold, what derivation paths). Having all the seeds is not enough; without the descriptor you may not be able to reassemble the wallet. Back up the descriptor alongside your keys, and treat it as non-secret but essential, you lose nothing by storing it openly, but you can lose access without it.

A practical baseline

You do not need an elaborate setup to be safe. A reasonable baseline for most people:

1. Hardware wallet for daily use.
2. Seed phrase written down and also stamped on a metal plate.
3. Two copies in separate, secure locations (for example, a home safe and a bank box).
4. A periodic check that you can actually restore from the backup.
5. Consider multisig once the amount you hold justifies the added complexity.

Backups protect your keys, but they do not protect you at the moment you send. Pair good storage with careful sending habits: verify recipient addresses to avoid an address-poisoning paste error, and read every signing prompt, especially with EIP-7702 smart-account delegations now widening what a single signature can authorize.

Frequently asked questions

Is it ever safe to store my seed phrase in a password manager?

For most people, no. A password manager is connected to the internet and becomes a single high-value target; a breach or a compromised device can expose every secret at once. The standard advice is to keep seed phrases entirely offline on durable physical media. If you must store anything digital, it should be heavily encrypted and never the only copy.

How many backup copies should I keep?

Enough to survive a localized disaster, but not so many that theft risk balloons, commonly two or three copies in separate secure locations. The right number depends on how much you hold and how secure each location is. The key test: could a single fire, flood, or theft wipe out every copy? If yes, you need better geographic separation.

Do I really need multisig, or is a passphrase enough?

They address different risks. A passphrase creates a hidden wallet and protects against a discovered seed, but it is still a single secret you can forget. Multisig removes the single point of failure for spending by requiring multiple keys. For larger holdings, many people use both. For smaller balances, a well-backed-up single-signature wallet is often sufficient.

What is a wallet descriptor and why does it matter?

The descriptor is the configuration that tells software how your multisig keys combine, the public keys involved, the threshold, and the derivation paths. Without it, having all your seeds may not be enough to rebuild the wallet and access funds. It is not secret, so back it up openly alongside your keys; losing it can mean losing access even when every key is intact.

The bottom line

Self-custody trades convenience for control, and the price of control is disciplined backups. For most holders, durable metal copies in separate secure locations, never stored digitally, cover the basics. As your stake grows, a 2-of-3 multisig (with its descriptor safely backed up) removes the single point of failure entirely. None of this is financial advice, but it is the difference between owning your crypto and one day losing it to a single avoidable mistake.