Backup Strategies That Survive Disasters

What You Are Protecting Against

We have built the custody architecture. Hardware wallets keep your keys offline. Multi-sig eliminates single points of failure. Operational security defends against social engineering. But there is a quieter failure mode than hacking or theft, and it has likely destroyed more crypto wealth than any phishing campaign: the backup that was not there when it was needed. A house fire. A flood. A move across the country during which a critical piece of paper was thrown away by someone who did not know what it was. Or — most common of all — the slow, undramatic process of forgetting where you put something five years ago.

Backup strategy is the discipline of ensuring that your seed phrases, wallet configurations, and recovery information survive the full range of disasters — from the dramatic to the mundane. It is distinct from the custody setup itself. Your hardware wallet is how you access your funds day to day. Your backup is how you recover them when everything else fails. The backup is the last line. If it fails, the funds are gone — not stolen, not seized, just inaccessible. The blockchain will hold them, indifferent and permanent, for as long as the network exists.

The Threat Model for Backups

Before designing a backup strategy, you need to be specific about what you are defending against. The threats to your backups are not the same as the threats to your wallet, and they often pull in opposite directions.

Physical destruction. Fire, flood, earthquake, tornado. Paper burns. Ink fades. USB drives corrode. If your backup exists in one physical location and that location is destroyed, the backup is gone. This threat argues for multiple copies in multiple locations.

Theft. A burglar finds your seed phrase. A houseguest photographs it. A family member with access to your safe deposit box copies it. Anyone who obtains your seed phrase controls your funds — there is no authentication layer between the seed phrase and the wallet. This threat argues for fewer copies in fewer locations, each with strong physical security.

Loss. You put the backup somewhere safe and, three years later, you cannot remember where. You moved and the backup was in a box that went to storage and then to a donation center. Your spouse reorganized the office and the envelope was unremarkable. This is the most common failure mode, and it is the hardest to defend against because it requires no adversary — only time and the ordinary entropy of a life lived.

Degradation. Paper exposed to humidity becomes unreadable. Ink fades over years. Standard printer paper can become brittle and fragile in storage. A USB drive that has not been plugged in for five years may not spin up. Digital storage formats may become unreadable. This threat argues for durable materials and periodic verification.

The tension between these threats is real. More copies in more locations defends against destruction and loss but increases the surface for theft. Fewer copies in fewer locations defends against theft but increases the vulnerability to destruction and loss. The entire discipline of backup strategy is managing this tension.

Metal Seed Storage

The first and most straightforward upgrade from paper is metal. Steel plates designed for seed phrase storage can survive house fires, floods, and most forms of physical damage that would destroy paper.

The market has produced several purpose-built products. Cryptosteel Capsule uses individual letter tiles arranged on a steel rod inside a sealed capsule. Billfodl uses a similar tile system on a folding steel plate. Blockplate uses a center-punch system — you stamp dots into a steel plate corresponding to each word’s position in the BIP-39 word list.

Independent testing — notably by Jameson Lopp, who has subjected these products to fire, corrosion, and crush tests — has demonstrated that quality steel storage survives conditions that would reduce paper to ash. This is not a marginal improvement. It is a category change. A seed phrase stamped into steel is readable after a house fire. A seed phrase written on paper is not.

The cost ranges from $50 to $150 for most products, which is trivial relative to the holdings they protect. If you are serious about self-custody, metal seed storage is not optional — it is the baseline. Paper backups are acceptable only as a temporary measure while you acquire a proper metal solution.

For the more hands-on, a steel washer method — stamping BIP-39 word numbers into standard steel washers and threading them on a bolt — achieves similar durability at lower cost. The trade-off is time and effort, but the result is functionally equivalent to commercial products.

Geographic Distribution

A single backup, however durable, remains a single point of failure if it exists in only one location. Geographic distribution — storing copies in physically separate places — defends against localized disasters.

The standard approach for a 2-of-3 multi-sig setup is to store each key’s seed phrase in a different location: one at your home, one at a trusted family member’s home, and one in a bank safe deposit box or other secure off-site location. Because the multi-sig requires two of three keys, the compromise of any single location does not give an attacker access to your funds, and the destruction of any single location does not prevent you from recovering them.

For a single-key setup, geographic distribution is more delicate. You want multiple copies of the seed phrase for redundancy, but each copy is a complete set of credentials. One approach is to split the seed phrase — storing the first 12 words in one location and the last 12 in another. This provides some protection against casual theft (an attacker who finds only half cannot immediately reconstruct the full phrase), though it is not cryptographically robust against a sophisticated attacker who obtains one half and can reduce the search space dramatically.

A more rigorous approach for single-key setups is the passphrase (25th word). Store the 24-word seed phrase in one location and the passphrase in a separate location. Without both, the funds are inaccessible. This provides genuine two-factor protection — something you stored in location A and something you stored in location B — without the complexity of multi-sig.

The Safe Deposit Box Question

Bank safe deposit boxes occupy an awkward position in the self-custody conversation. They provide excellent physical security — fire resistance, theft protection, controlled access — but they also introduce dependencies that self-custody is designed to eliminate.

A bank can deny you access to your safe deposit box during a banking crisis, a legal dispute, or under a government order. Safe deposit boxes have been frozen in asset seizure proceedings. Banks have auctioned the contents of boxes whose rental fees went unpaid. The probability of any of these scenarios affecting you is low, but the philosophical tension is real: you are using an institution’s physical security to protect the seed phrase whose entire purpose is independence from institutions.

The proportional response is to use a safe deposit box as one location among several, not as your only backup location. In a 2-of-3 multi-sig, storing one key’s backup in a safe deposit box is entirely reasonable — even if the bank freezes access, you still have two other keys in your possession. For a single-key setup, a safe deposit box should hold a secondary copy, not the only copy. The principle is that no single institution’s decision should be able to lock you out of your funds.

Shamir’s Secret Sharing

For those who want mathematical distribution rather than simple physical distribution, Shamir’s Secret Sharing (SSS) offers an elegant solution. Developed by cryptographer Adi Shamir in 1979, the scheme splits a secret into N shares such that any M shares can reconstruct the original, but M-1 shares reveal nothing about it. This is mathematically provable, not just practically difficult — possessing fewer than M shares gives an attacker exactly zero information about the secret.

A practical example: you split your seed phrase into 3 shares, requiring 2 to reconstruct. You store one share at home, one with a family member, and one in a safe deposit box. Any two shares reconstruct the full seed phrase. Any single share is mathematically useless. This eliminates the weakness of the naive 12/12 split approach, where half a seed phrase does reduce the search space.

SLIP-39is the standardized implementation of Shamir’s Secret Sharing for cryptocurrency seed phrases. Rather than generating a standard BIP-39 24-word seed phrase and then splitting it, SLIP-39 generates the shares directly — each share is a set of words that looks similar to a standard seed phrase but functions as part of a Shamir scheme. Some hardware wallets support SLIP-39 natively.

The limitation of SSS and SLIP-39 is compatibility. A standard BIP-39 seed phrase can be recovered on virtually any hardware wallet or software wallet. A SLIP-39 share can only be recovered on devices that support the standard. If your wallet manufacturer goes out of business and no one else supports the format, you have a problem. This is a real consideration for long-term storage — decades, not years. For this reason, many practitioners prefer the simpler approach of multi-sig with standard BIP-39 phrases, where each individual key uses a widely supported standard even though the multi-sig coordination adds complexity.

The Information Problem

There is a failure mode that no metal plate, no geographic distribution, and no Shamir scheme can prevent: the failure of someone to know your backup exists and how to use it.

If you are incapacitated or die, your backup is only useful if someone knows where it is, what it is, and what to do with it. A steel plate engraved with 24 words is meaningless to a family member who does not know it is a cryptocurrency seed phrase. A Shamir share stored in a safe deposit box is useless if your executor does not know there are other shares or where to find them.

This is the information problem, and it is distinct from the security problem. Your backup protects the keys. The information layer ensures that the right people can find and use the backup when needed. We address this in detail in the inheritance planning article, but the principle belongs here: a backup strategy that does not account for the possibility of your absence is incomplete.

The practical minimum is a letter — stored securely, separate from the backups themselves — that explains what you own, where the backups are, what software or hardware is needed to recover the funds, and step-by-step instructions written for someone with no cryptocurrency experience. This letter is itself a sensitive document and needs its own security consideration, but its existence is the difference between a recoverable situation and a permanent loss.

Testing Your Backups

A backup you have never tested is an assumption, not a backup. Cryptocurrency recovery is unforgiving — there is no customer service department to call if your restoration fails. The time to discover that your metal plate is missing a word, that your Shamir shares do not reconstruct properly, or that the wallet software has changed its recovery flow is now, not during an emergency.

The testing protocol is straightforward. At least once a year, verify that each backup is physically intact and readable. For metal plates, this means visually confirming that the stamped or engraved words are legible. For paper backups (if you still use them), check for fading, water damage, or degradation. For digital components like multi-sig wallet configuration files, confirm that the file opens and that the software you need is still available and functional.

A more thorough test involves an actual recovery: using your backup to restore a wallet on a separate device and confirming that the correct addresses and balances appear. You do not need to move funds to test this — simply verifying that the restored wallet shows the correct receive addresses confirms that the backup is valid. Perform this test on a device you trust, in a private setting, and wipe the restored wallet from the test device when you are done.

The annual review is also the right time to assess whether your backup strategy still matches your holdings and your life circumstances. Holdings change. People move. Relationships change. A backup distribution designed around a house you no longer live in, with a share stored with a person you no longer trust, is a backup that has quietly degraded without any physical damage at all. The annual review catches this kind of drift before it becomes a crisis.

Putting It Together

The complete backup strategy, for a serious self-custody setup, looks something like this.

For a single-key setup with passphrase: One metal backup of the 24-word seed phrase stored at home. A second metal backup stored in a geographically separate location — a trusted family member’s safe or a safe deposit box. The passphrase stored separately from both seed phrase backups, in its own secure location. An information letter stored with a trusted person or in a sealed envelope with your legal documents.

For a 2-of-3 multi-sig setup: Each key’s seed phrase on its own metal backup, stored in a different geographic location. The wallet configuration file backed up in at least two locations (it is not sensitive in the same way a seed phrase is — it cannot be used to steal funds without the keys — but losing it makes recovery much harder). An information letter that explains the multi-sig structure, the location of each key backup, and the recovery procedure.

For a collaborative custody setup (Unchained, Casa, etc.): Your keys backed up as above. The service’s role and contact information documented in your information letter. An understanding that if the service goes out of business, you still have enough keys to move your funds independently — this is the entire point of the 2-of-3 model.

In every case, the backup strategy is not a one-time project. It is a living system that requires periodic attention — the annual review, the physical verification, the test recovery. A backup that worked perfectly when you created it and has not been checked in five years is a backup you are hoping still works. Hope is not a strategy. Verification is.

This article is part of the Self-Custody & Cold Storage series at SovereignCML.

Related reading: Seed Phrases: The Single Point of Sovereignty, Multi-Signature Setups: Eliminating Single Points of Failure, Inheritance Planning for Crypto Assets