How Most People Store Their Seed Phrase (And Why It Will Eventually Cost Them)
Hardware wallets are only half the story. Where your seed phrase actually lives — Notes, Photos, Drive, password managers — is where most crypto losses begin. A threat model and what good digital storage looks like.
This isn't a post about hardware wallets. Hardware wallets are the right call for signing transactions, and if you're reading this, you probably already have one. This is about the thing most hardware wallet guides skip: where your seed phrase actually lives, and whether that's as secure as you think.
The seed phrase is the hardware wallet. The device is just a convenient interface. If someone has your 12 or 24 words, they have your funds — no hardware required, no PIN required, no biometrics required. Protecting those words deserves at least as much thought as choosing which hardware wallet to buy.
The Threat Model
Before talking about solutions, it helps to be specific about the threats. There are three distinct attack vectors to consider:
Remote compromise — An attacker gains access to a file, account, or service where your seed phrase is stored without ever touching your devices. This is by far the most common vector. It includes cloud storage breaches, phishing, credential stuffing, and SIM swapping.
Physical access or coercion — An attacker gains access to your device, your home, or direct access to you. This includes theft, border searches, and more adversarial scenarios. It's less common but the consequences are usually total.
Legal compulsion of a third party — A government compels a company that holds your data to disclose it. You don't have to be the target — the company does. This is distinct from the first two because you can take no action to prevent it once your data is on their servers.
Most people's storage solutions address none of these systematically. Let's go through the common approaches.
The Notes App
Apple Notes is probably the most common place people store seed phrases. It feels private. It's on your phone. It's convenient.
Here's what's actually happening: by default, Notes syncs to iCloud. That means your seed phrase is on Apple's servers in Apple's data centers, subject to US legal jurisdiction, and recoverable by anyone who can access your Apple ID.
Apple ID recovery is tied to a phone number. SIM swapping — convincing a carrier to transfer your number to an attacker-controlled SIM — costs somewhere between $10 and a few hundred dollars on the right forums and takes minutes. Once an attacker has your number, they can trigger Apple ID account recovery, reset your iCloud password, and access your Notes. The chain from phone number to seed phrase has fewer steps than most people realize.
This isn't theoretical. A significant portion of documented crypto thefts follow exactly this chain.
Even setting aside SIM swaps: Apple has complied with thousands of law enforcement requests for iCloud data. If your seed phrase is in Notes and your iCloud is synced, it's accessible to any jurisdiction with the right paperwork.
iCloud has an "end-to-end encrypted" mode called Advanced Data Protection. If you've enabled it, your Notes are encrypted in a way Apple cannot read. Most users haven't enabled it, and even those who have are still protected only by their Apple ID credentials — which returns us to the SIM swap problem.
Screenshots and Photos
Taking a photo of your paper seed phrase backup — or screenshotting it after generating a wallet — is extremely common. It also stores your seed phrase in one of the least secure places imaginable.
iCloud Photos syncs automatically. Google Photos syncs automatically. Both platforms run machine learning on your images.
Since iOS 15, iPhones have on-device OCR called Live Text. Your photo library is indexed, searchable text. When you search for "concert" in Photos and it finds images with "concert" written on a sign in the background, that's the same system reading the text in your seed phrase photo.
What this means practically: a photo of your seed phrase is a machine-readable, cloud-synced, server-stored plaintext document. It just doesn't look like one because it has a .jpg extension.
Beyond cloud sync, consider what happens when you rotate phones and use a migration tool, or when you give an old phone to a family member, or when a repair technician backs up your device before a repair. Photos go along for the ride.
Google Docs, Dropbox, and Similar Services
The appeal is obvious: accessible anywhere, backed up automatically, searchable.
The security model is not zero-knowledge. Google can read your Google Docs. Dropbox can read your Dropbox files. Encrypted at rest is not the same as encrypted in a way the provider cannot decrypt — in these services, the provider manages the keys.
This means your seed phrase is accessible to: the company and its employees under certain circumstances, any attacker who compromises the company's infrastructure, and any government that serves those companies with legal process. You're trusting a company's policies, implementation, and legal posture in perpetuity.
Even services that market themselves as zero-knowledge often aren't fully zero-knowledge in practice. The gap between "we can't read your files" and "we technically could read your files if compelled" is often smaller than the marketing suggests.
Password Managers
Password managers are genuinely better than the above. They're designed for this use case, they use real encryption, and reputable ones have been audited. If your only alternative is Notes, use a password manager.
The residual risk: most popular password managers sync to the cloud. They're a higher-value target than individual iCloud accounts, and they're attacked accordingly.
LastPass had a breach in late 2022. Encrypted vaults were exfiltrated — the actual encrypted data was taken by the attacker. Anyone with a weak or reused master password subsequently had their vault contents exposed. If your seed phrase was in LastPass at that time, the security of your hardware wallet became irrelevant.
1Password, Bitwarden, and others have different architectures and security histories. The point isn't that password managers are bad. The point is that cloud sync creates a persistent attack surface, and a sufficiently valuable target will eventually be attacked. Seed phrases are sufficiently valuable.
The Problem with Software-Only Encryption
Running through the above, a pattern emerges: most storage solutions rely on software-level encryption, which means the security guarantee is only as strong as the key management.
Software-level encryption uses a master password (or a key derived from one) that lives in the main processor's memory. That key can theoretically be extracted from memory by a sophisticated attacker, a compromised OS, or malware with sufficient privileges. The key is software — it can be read by software.
Apple's Secure Enclave is different. It's a dedicated co-processor, physically isolated from the main application processor, that handles cryptographic operations in its own isolated memory space. Keys generated in the Secure Enclave are non-extractable. "Non-extractable" has a specific meaning: the operating system cannot read them, the application cannot read them, and an attacker who fully compromises the OS still cannot retrieve them. The Secure Enclave performs the cryptographic operation and returns only the result — the key never leaves the hardware.
This is why iPhones are famously resistant to certain forensic tools. The Secure Enclave is a hardware root of trust in a way that software simply cannot replicate.
Most apps don't use the Secure Enclave meaningfully, even when they claim to be "secure." They use standard iOS keychain storage (which is good but not the same thing) or software-derived keys. Actually anchoring encryption in the Secure Enclave requires deliberate engineering.
What Good Storage Actually Looks Like
Working through the threat model, the properties you want for digital seed phrase storage are:
Offline by design. No cloud sync, no account, no server infrastructure that can be breached or compelled. The data doesn't leave the device.
Hardware-anchored encryption. Encryption keys generated in and confined to the Secure Enclave, non-extractable by any software including the OS.
No account. No identity tied to your data. Nothing a third party can be compelled to produce.
Plausible deniability. For high-stakes situations — border crossings, targeted attacks, coercion scenarios — the ability to credibly deny that sensitive data exists. This means a decoy vault that looks convincing under scrutiny, not just a hidden folder.
No forensic footprint. Data that doesn't linger on disk after it's deleted, keys that exist only in volatile memory during operations, and configurable self-destruction.
Paper and steel plate backups address the physical disaster recovery case well — fire, flood, device destruction. They don't address remote compromise, legal compulsion of a device or cloud account, or coercion scenarios.
For digital operational access, the combination of all the above properties is harder to find in a single tool than it should be.
What I Built
I'm the developer of UltraLocked, so I'll be transparent about that. I built it because I couldn't find anything that satisfied the full threat model above, and because I hold enough crypto that I'd thought carefully about where my own seed phrases lived.
UltraLocked is a file vault for iPhone built on Secure Enclave-backed encryption. Every file is encrypted with a unique ephemeral key derived through an ECDH key agreement process anchored in the Secure Enclave. Those keys don't persist — they exist in volatile memory for the duration of an operation and are wiped immediately after. The app contains no networking code, no account system, no analytics. It operates completely offline.
The features I found I actually needed:
Duress mode. A secondary PIN that opens a convincing, pre-populated decoy vault while silently destroying the real vault's keys in the background. If you're ever in a situation where someone is demanding access to your phone, the real data becomes cryptographically irrecoverable the moment you enter the duress PIN — and the person demanding access sees a believable-looking vault.
Dead man's switch. Configurable automatic destruction if the vault isn't accessed within a defined window. For seed phrases attached to significant holdings that you want to survive you on your terms but not be accessible if you're incapacitated and someone takes your phone.
Self-destruct timers. Per-file TTL settings so files can be configured to become inaccessible after a defined period.
Metadata sanitization. EXIF data stripped from media files on import. GPS coordinates, camera identifiers, timestamps — all removed.
There's a full technical whitepaper at ultralocked.com that explains the cryptographic architecture in detail. I'd encourage reading it before trusting any security tool, including this one. Security claims should be verifiable, not just asserted.
The Setup I Actually Use
For what it's worth, here's my own setup:
Cold disaster recovery: Steel plate in a physically secure location I don't talk about. Survives fire, flood, device destruction.
Digital operational access: UltraLocked on an iPhone I use as an airgapped device — SIM removed, Wi-Fi off, never connected to anything except direct cable transfer when absolutely necessary.
The steel plate is for if everything goes wrong and I need to reconstruct from scratch. The digital vault is for the rare occasions I need to access or reference the actual phrase. Separating the two means neither a physical disaster nor a digital compromise alone is sufficient to lose access or expose the phrase.
A Note on Paranoia Calibration
None of this matters much if you're holding $500 in ETH. The threat model scales with the value at stake and your personal threat profile.
If you're a journalist, lawyer, founder, or anyone who might be a target of state-level actors, the threat model is different from an average retail holder. If you travel internationally with any regularity, border search scenarios are worth thinking about. If your holdings are significant enough to make you a worthwhile target for targeted phishing or SIM swapping, the remote compromise vector deserves serious attention.
The goal isn't maximum paranoia. It's matching your security posture to your actual risk profile and not having obvious gaps that an unsophisticated attacker could walk through.
The Notes app is an obvious gap. Most photo libraries are an obvious gap. Most people haven't thought about it.