SciPHRWhat is a seed phrase, and why is it risky?
A seed phrase is the 12 or 24 words a wallet hands you when you first set it up. Those words are the account. Anyone who can read them controls the funds, in any app, on any device. That single property is the source of almost every seed-phrase loss.
The words are the master key.
When you create a wallet, it generates a master secret and shows it to you as a list of common words. Those words encode everything the account can do. They are not a username, not a password you reset, and not a second factor. They are the key itself, written down in a form a human can copy.
Because the words encode the key, they work anywhere. Type them into any wallet app on any phone or laptop and that app now has full control of the account. There is no server in the middle deciding whether the request is legitimate. The words either match or they do not.
A seed phrase can be typed into anything.
This is the entire problem. A password can be typed into anything too, which is why a convincing fake site can steal it. A seed phrase is worse, because it grants total and final control with no recovery path. A fake wallet app only has to get you to enter the words once during what looks like a normal setup or restore.
A real example
In 2026, a counterfeit Ledger app cleared App Store review and drained about $9.5 million from people who entered their recovery phrases during what looked like a normal setup. The real wallet worked. The secure chip worked. The cryptography worked. The seed phrase made all of that irrelevant the moment it left the device.
As long as recovery depends on words a person can type anywhere, an account is only as secure as the most convincing fake interface that person ever sees.
Bind the key to the device instead.
The fix is to stop relying on a secret a human can copy. Keys can be generated and held on a device, released only behind a live biometric, and never shown in a form that can be typed elsewhere. A passkey works on the same principle: it is bound to the real site or app it was made for, so a fake one is never even offered the chance to ask. The account stops depending on whether a person can be tricked into typing the right words.
Related: passkeys vs seed phrases, what is a private key, what is self-custody.
Common questions.
What is a seed phrase?
A list of 12 or 24 ordinary words a wallet generates at setup. The words encode the master secret. Anyone holding them can move funds and sign transactions in any wallet app, on any device.
Why is a seed phrase risky?
It can be typed into anything. A convincing fake app or site only has to capture the words once. Because they work everywhere, the account can be drained even when the hardware and cryptography worked correctly.
Can a seed phrase be recovered if I lose it?
No. There is no reset. Lose the words with no backup and the account is gone. Copy the words to someone else and they have full control.
Is a passkey safer than a seed phrase?
For phishing, yes. A passkey is bound to the real site or app it was registered for, so a fake one never gets the chance to ask. A seed phrase has no such binding.