Tangem team
- Security
You've taken your first steps into the exhilarating world of crypto security, and you're likely getting acquainted with some of the essential security tools. One term that raises many questions among crypto beginners is the "Seed phrase." But what exactly is it, and why does Tangem now provide this option? Let's break it down.
What is a seed phrase?
A seed phrase, also known as a recovery phrase or mnemonic phrase, is a sequence of random words used as a form of backup and recovery for crypto wallets. It's a critical security feature designed to help users regain access to their wallet if they forget their password, lose their device, or need to restore their wallet on a different device.
Think of a seed phrase as a magic key that unlocks access to your hardware wallet. But instead of an actual key, it's a series of words representing a highly complex cryptographic code.
These mnemonic series are typically generated when you set up a new wallet, and they serve as a means to recover your funds if your wallet is ever lost or damaged.
How seed phrases work
A wallet generates or requests a seed phrase before creating a user's new public and private keys. It could be a 12, 18, or 24-word mnemonic phrase. The wallet software contains a list of words from a wordlist depending on the standard it supports.
For example, the BIP39 (Bitcoin Improvement Proposal 39) is a popular seed phrase standard containing 2048 words.
The wallet then picks 12 random words — the number of possible combinations would be 2048^12, which equals 2^132. This means the seed phrase would have 132 bits of security, or 128 bits because some of the data in a BIP39 phrase is not random. However, it’s still as strong as all Bitcoin private keys.
The software then converts the string of words into a binary seed, which it then uses to generate a set of private keys and public address pairings.
The wallet can also use BIP44 and BIP32. Together with BIP39, these standards define a tree structure for grouping addresses created from a seed phrase.
This approach, also known as a hierarchical deterministic structure, enables the development of numerous private/public key pairings and child pairings.
By using a different address for each transaction, this structure adds an extra layer of privacy and security protection.
Why seed phrases are popular
Here's why seed phrases are popular in the crypto community:
- Trustworthiness in the crypto community
Seed phrases are a widely accepted standard in the crypto community. Many wallets support seed phrases, and people often use them because of their simplicity and security.
- Simplicity for beginners
Seed phrases are also easy to generate and understand. They could serve as a secure starting point for those dipping their toes into digital asset security.
- Control
The attraction of a seed phrase lies in the fact that it provides the same level of control as a password does.
It's generated by a mathematical algorithm, ensuring it's unique to your wallet. As it's not stored online or in any centralized database, it's almost impossible for cyber attackers to get their hands on it.
- Backup and recovery
One of the biggest worries for crypto newcomers is the fear of losing access to their funds. Having a seed phrase can alleviate this concern.
Write down your seed phrase and store it in a safe place. If you ever lose your wallet, you can simply input the phrase into a new one and restore your funds.
- Protection from hardware failures
Unlike traditional hardware like USB drives or external hard disks, seed phrases aren't susceptible to physical damage or failure.
This means that even if your wallet device gets lost or damaged, you can still retrieve your funds using the seed phrase.
Disadvantages of using a seed phrase
Many people have unintentionally lost bitcoins due to corrupted SSD devices, failed backups, mistyped letters, and forgotten hard drives. Additionally, it's vital to safeguard the seed from unintentional loss.
The seed phrase also introduces a single point of failure. Safeguarding the seed phrase is a difficult task requiring extensive knowledge of best practices.
Users often write down the seed phrase. While this protects the phrase from cyber threats, it can become unreadable over time due to natural wear and tear.
As a result, some people use a prefabricated metal plate, known as a seed plate, with an etched version of the seed. But if they're stored in the exact location as the wallet, they're prone to the same risks, such as theft and environmental disasters.
Keeping your seed phrase on a device that can connect to the internet makes it vulnerable to hackers. Even computers that are not connected to Bluetooth or WiFi are susceptible to malware that can reveal the seed phrase.
These additional security measures add more inconvenience to an already clumsy user experience that average consumers try to avoid in crypto.
Popular seed phrase leaks
Crypto users have devised numerous methods for safeguarding a seed phrase. They encrypt it, add an extra word to it, divide it into pieces, and store it in various locations.
However, these methods have one major drawback: they are inconvenient. Humans are careless and energy-efficient (i.e., lazy). As a result, many crypto users write it down on a piece of paper.
They don't consider that this paper could easily be damaged, lost, or fall into the wrong hands. There are numerous instances where a seed phrase has been compromised.
Bill Murray leak
As part of an NFT auction, the actor Bill Murray raised 119,2 ETH (equivalent to $185k) for charity. The hacker accessed Murray's personal wallet only hours after the charity event had concluded and stole the proceeds ($185k). Following this, the hacker attempted to steal some of Murray's numerous NFTs. The hacker could access the wallet because his seed phrase was compromised.
Solana wallet hack
On August 3, 2022, an incident on Solana led to the hacking of more than 9,000 wallets. The SOL and SPL tokens were transferred from compromised wallets to the attackers' wallets.
OtteSec, a blockchain auditing firm, found that the massive Solana wallet hack occurred because centralized servers stored unencrypted seed phrases sent by Slope Wallet's mobile app, making them visible to anyone with access to the server.
Bo Shen hack
Bo Shen, the founding partner of Fenbushi Capital, tweeted in November 2022 that hackers had stolen up to $42 million in cryptocurrency from his wallet. According to Shen, the theft occurred on November 10, with the USDC stablecoin comprising most of the $38 million in stolen funds. Analysis conducted by the blockchain security firm SlowMist revealed that Shen's wallet seed phrase was compromised.
Alistair Milne contest
Alistair Milne — an entrepreneur and cryptocurrency enthusiast — launched a contest on Twitter in 2020 to decipher the seed phrase for his Bitcoin wallet, with the winner receiving 1 BTC. He intended to post hints occasionally — the initial words of the seed phrase — on Twitter.
A software developer, John Cantrell, used brute force to figure out the seed phrase after Milne posted the first seven words. He developed a program that tests millions of potential seed phrases per hour to find the correct one.
Criminals will go to any length to steal cryptocurrency. They can obtain the seed via social engineering, account hacking, or a house check. You may be oblivious that attackers have kept your seed phrase long and are waiting for funds to appear in your wallet's address.
Best practices when generating and safeguarding your seed phrase
When you generate a seed phrase on the Tangem Wallet app, write it down somewhere on paper first.
Don't store your seed phrase digitally; certainly don't take screenshots. Keep it in a safe and secure location, away from prying eyes.
Most people record their phrases on paper, but there are many other creative and innovative ways to store them, including memorizing, engraving, or stamping on metal, writing in a book's margins, chiseling into a stone tablet, and many others.
It's up to you to use the Tangem Wallet with or without a seed phrase. In any case, the security of your crypto is your responsibility.
