All writing
Self-Custody: Part 3
crypto
Twelve words that control everything
By Zachary Roth•2 min readNovember 5, 2022
Twelve common English words. That's all that stands between you and your crypto — or anyone else and your crypto.
An estimated 3–4 million Bitcoin are permanently lost. Not stolen — lost. Forgotten passwords. Thrown-away hard drives. Mnemonic phrases that existed only in the memory of people who've died.1 At current prices, that's hundreds of billions of dollars locked forever in wallets no one can access.
The same 12 words that make self-custody possible make it dangerous.
Part 1 introduced the key hierarchy. Part 2 covered operational security. This part goes deeper on the mnemonic phrase itself — the technical standards behind it and why it matters more than anything else in your wallet.
The Key Hierarchy
Everything flows from the mnemonic phrase:
| Component | What It Does | Share It? |
|---|---|---|
| Mnemonic Phrase | Generates everything below | NEVER |
| Private Key | Signs transactions, proves ownership | NEVER |
| Public Key | Derives your address | Safe to share |
| Address | Receives funds | Safe to share |
The math only works in one direction. You can derive a public key from a private key, but you can't reverse it. That's what makes the system secure — and why losing your mnemonic is permanent. There's no "forgot password" option when the math itself is the lock.
What Each Part Looks Like
Mnemonic Phrase — a 12–24 word sequence from a standardized list of common English words:
This is the only thing you need to back up. Everything else regenerates from it.
Private Key — a long hexadecimal string you rarely see directly:
Some wallets now offer iCloud backup or email login. More convenient — but it means trusting Apple or Google with your keys.
Address — what you share to receive funds. Some services let you register human-readable names (like zachtos.apt) that point to your address:
The Technical Standards
BIP-39 (Bitcoin Improvement Proposal 39) standardized how mnemonic phrases work. Ethereum, Solana, and most other blockchains adopted the same standard.
The process: your wallet generates random bits (entropy), maps them to words from a 2,048-word list, converts those words to a binary seed, and derives your master private key from that seed. From one master key, unlimited child keys can be generated — which is how one mnemonic can control wallets across multiple blockchains.
| Step | What Happens |
|---|---|
| Generation | Wallet creates random bits (entropy) |
| Encoding | Bits map to words from a 2,048-word list |
| Stretching | Words convert to a binary seed via PBKDF2 |
| Derivation | Seed generates master private key |
| Expansion | Master key generates unlimited child keys |
BIP-32 defines the hierarchical structure that makes this possible. BIP-44 organizes derivation paths so one mnemonic can manage assets across different blockchains without conflicts. Your wallet handles all of this automatically — you just see addresses.
What This Means in Practice
Before these standards existed, managing crypto required technical expertise most people didn't have. Now 12 words can control unlimited assets across unlimited blockchains. The complexity got abstracted away.
The responsibility didn't.
Those 12 words are everything. Lose them and your funds are gone. Show them to the wrong person and your funds are gone. Type them into a phishing site and your funds are gone.
Write them down on paper. Store them somewhere secure. Never type them into any website. Never store them digitally. The standards are well-designed. The human element is where it breaks.
Next: Part 4 covers non-custodial wallets — the tools that put these keys to work.
Further Reading
- BIP-32: Hierarchical Deterministic Wallets
- BIP-39: Mnemonic Code for Generating Deterministic Keys
- BIP-39 Word Lists
- BIP-44: Multi-Account Hierarchy
Footnotes
-
Chainalysis estimates 3.7 million BTC are lost forever — coins that haven't moved since the early years and are assumed inaccessible. This represents approximately 17.5% of Bitcoin's 21 million maximum supply. The uncertainty range (3–4M) reflects different methodologies for determining when coins are "lost" versus simply held long-term. ↩
Self-Custody: Part 3
crypto
Twelve words that control everything
By Zachary Roth•2 min readNovember 5, 2022
crypto
Twelve common English words. That's all that stands between you and your crypto — or anyone else and your crypto.
An estimated 3–4 million Bitcoin are permanently lost. Not stolen — lost. Forgotten passwords. Thrown-away hard drives. Mnemonic phrases that existed only in the memory of people who've died.1 At current prices, that's hundreds of billions of dollars locked forever in wallets no one can access.
The same 12 words that make self-custody possible make it dangerous.
Part 1 introduced the key hierarchy. Part 2 covered operational security. This part goes deeper on the mnemonic phrase itself — the technical standards behind it and why it matters more than anything else in your wallet.
The Key Hierarchy
Everything flows from the mnemonic phrase:
| Component | What It Does | Share It? |
|---|---|---|
| Mnemonic Phrase | Generates everything below | NEVER |
| Private Key | Signs transactions, proves ownership | NEVER |
| Public Key | Derives your address | Safe to share |
| Address | Receives funds | Safe to share |
The math only works in one direction. You can derive a public key from a private key, but you can't reverse it. That's what makes the system secure — and why losing your mnemonic is permanent. There's no "forgot password" option when the math itself is the lock.
What Each Part Looks Like
Mnemonic Phrase — a 12–24 word sequence from a standardized list of common English words:
This is the only thing you need to back up. Everything else regenerates from it.
Private Key — a long hexadecimal string you rarely see directly:
Some wallets now offer iCloud backup or email login. More convenient — but it means trusting Apple or Google with your keys.
Address — what you share to receive funds. Some services let you register human-readable names (like zachtos.apt) that point to your address:
The Technical Standards
BIP-39 (Bitcoin Improvement Proposal 39) standardized how mnemonic phrases work. Ethereum, Solana, and most other blockchains adopted the same standard.
The process: your wallet generates random bits (entropy), maps them to words from a 2,048-word list, converts those words to a binary seed, and derives your master private key from that seed. From one master key, unlimited child keys can be generated — which is how one mnemonic can control wallets across multiple blockchains.
| Step | What Happens |
|---|---|
| Generation | Wallet creates random bits (entropy) |
| Encoding | Bits map to words from a 2,048-word list |
| Stretching | Words convert to a binary seed via PBKDF2 |
| Derivation | Seed generates master private key |
| Expansion | Master key generates unlimited child keys |
BIP-32 defines the hierarchical structure that makes this possible. BIP-44 organizes derivation paths so one mnemonic can manage assets across different blockchains without conflicts. Your wallet handles all of this automatically — you just see addresses.
What This Means in Practice
Before these standards existed, managing crypto required technical expertise most people didn't have. Now 12 words can control unlimited assets across unlimited blockchains. The complexity got abstracted away.
The responsibility didn't.
Those 12 words are everything. Lose them and your funds are gone. Show them to the wrong person and your funds are gone. Type them into a phishing site and your funds are gone.
Write them down on paper. Store them somewhere secure. Never type them into any website. Never store them digitally. The standards are well-designed. The human element is where it breaks.
Next: Part 4 covers non-custodial wallets — the tools that put these keys to work.
Further Reading
- BIP-32: Hierarchical Deterministic Wallets
- BIP-39: Mnemonic Code for Generating Deterministic Keys
- BIP-39 Word Lists
- BIP-44: Multi-Account Hierarchy
Footnotes
-
Chainalysis estimates 3.7 million BTC are lost forever — coins that haven't moved since the early years and are assumed inaccessible. This represents approximately 17.5% of Bitcoin's 21 million maximum supply. The uncertainty range (3–4M) reflects different methodologies for determining when coins are "lost" versus simply held long-term. ↩