Monero uses a 25-word mnemonic from a fixed 1,626-word English wordlist. The first 24 words encode your private spend key. The 25th word is a checksum for error detection.
From this seed, everything is derived: your private spend key, private view key, public spend key, public view key, and all wallet addresses (primary + subaddresses). One seed = one wallet = all your XMR.
Critical understanding: The seed doesn't contain your balance or transaction history. It contains your keys. The blockchain contains your transactions. To see your balance, a wallet scans the blockchain using your keys.
| Method | Fire | Flood | Theft | Cost |
|---|---|---|---|---|
| Paper (handwritten) | Vulnerable | Vulnerable | Readable | Free |
| Paper in fireproof safe | Protected | Protected | Safe must be secured | $50-200 |
| Metal plate (Cryptosteel) | 1,200°C+ | Waterproof | Readable | $80-120 |
| Metal + seed offset | 1,200°C+ | Waterproof | Decoy wallet | $80-120 |
| Split (Shamir/SSS) | Per shard | Per shard | Needs N of M | Varies |
No photos — synced to iCloud/Google Photos, backed up, indexed, OCR'd by AI. One breach = funds gone.
No cloud storage — Google Drive, Dropbox, iCloud. Server-side access, subpoena-able, data breaches.
No notes apps — Apple Notes, Google Keep, Notion. Synced, searchable, not encrypted at rest.
No email drafts — email is never encrypted. Gmail literally scans content.
No encrypted files on connected devices — keyloggers, malware, clipboard hijackers. If the device is online, it's vulnerable.
Paper, metal, brain. Analog storage for digital keys.
A seed offset adds a passphrase to your seed. The same 25 words + different passphrase = different wallet. This provides:
Plausible deniability: Attacker finds your seed, enters the 25 words. They see an empty wallet (or a decoy with small balance). Your real funds require the passphrase they don't know. You can truthfully say "that's my wallet" while your real wallet stays hidden.
Protection against physical theft: Someone steals your metal backup. Without the passphrase, they get nothing (or a decoy).
How to use: In Feather Wallet → File → New wallet → check "Seed offset". In CLI: monero-wallet-cli --restore-from-seed, then enter passphrase when prompted. Remember: if you forget the passphrase, your funds are gone. There is no recovery.
1. Choose a wallet: Feather, Official GUI, CLI, or Cake Wallet.
2. Select "Restore from seed" and enter your 25 words.
3. Enter restore height: The block number or date when you created the wallet. This tells the wallet where to start scanning. Without it, scanning from block 0 takes days.
4. Enter seed offset (if you used one).
5. Wait for scan: The wallet scans from your restore height to the current block. Minutes to hours depending on how old your wallet is.
Always record your wallet creation date alongside your seed. This one piece of metadata saves hours during restoration.
Storing seed on phone: Phones are the most compromised devices. Screenshots, clipboard managers, backup services, malware.
Single copy: One house fire, one flood, one theft = permanent loss. Keep 2-3 copies in different locations.
Sharing with "trusted" people: Relationships change. Divorce, falling out, death. If they have your seed, they have your money.
Not testing backup: A seed you've never tested restoring from is a seed that might have a transcription error. Test it.
Forgetting seed offset: If you used a passphrase and forget it, your funds are permanently lost. The passphrase is as critical as the seed itself.
✓ Write seed on paper (never digital)
✓ Get a metal backup for fire/flood resistance
✓ Use seed offset for plausible deniability
✓ Store 2-3 copies in different physical locations
✓ Record wallet creation date with the seed
✓ Test restore on a different device
✓ Never share your seed with anyone
Need XMR to protect? arnoldnakamura — 683 trades, 100% feedback.