Twelve common English words. That's all that stands between you and your crypto—or anyone else and your crypto.
An estimated 3-4 million Bitcoin are permanently lost. Not stolen—lost. Forgotten passwords. Thrown-away hard drives. Mnemonic phrases that exist only in the memory of people who've died.1 At January 2026 prices (~$93,000), that's $280-370 billion locked forever in wallets no one can access.
The same 12 words that make self-custody possible make it dangerous.
How the Pieces Fit Together
Everything flows from the mnemonic phrase:
| Component | What It Does | Share It? |
|---|---|---|
| Mnemonic Phrase | Generates everything below | NEVER |
| Private Key | Signs transactions, proves ownership | NEVER |
| Public Key | Derives your address | Safe to share |
| Address | Receives funds (like an email address) | Safe to share |
The math only works in one direction. You can derive a public key from a private key, but you can't reverse it. That's what makes the system secure. It's also why losing your mnemonic is permanent—there's no "forgot password" option when the math itself is the lock.
What Each Part Looks Like
Mnemonic Phrase: A 12-24 word sequence from a standardized list of common English words:
This is the only thing you need to back up. Everything else can be regenerated from it.
Private Key: A long hexadecimal string. You rarely see it directly—wallets handle this in the background:
Some wallets now offer iCloud backup or email login instead. More convenient. Also means you're trusting Apple or Google with your keys.
Address: What you share to receive funds. Some services let you register human-readable names (like zachtos.apt) that point to your address:
The Technical Standards
BIP-39 (Bitcoin Improvement Proposal 39) standardized how this works. Ethereum, Solana, and most other blockchains use the same standard.
The process: your wallet generates random bits (entropy), maps them to words from a 2,048-word list, converts those words to a binary seed, and derives your master private key from that seed. From one master key, unlimited child keys can be generated—which is how one mnemonic can control wallets across multiple blockchains.
| Step | What Happens |
|---|---|
| Generation | Wallet creates random bits (entropy) |
| Encoding | Bits map to words from a 2,048-word list |
| Stretching | Words convert to a binary seed via PBKDF2 |
| Derivation | Seed generates master private key |
| Expansion | One master key generates unlimited child keys |
BIP-32 defines the hierarchical structure that makes this possible. BIP-44 organizes the derivation paths so one mnemonic can manage assets across different blockchains without conflicts. Your wallet handles all of this automatically—you just see addresses.
What This Means in Practice
Before these standards existed, managing crypto required technical expertise most people didn't have. Now 12 words can control unlimited assets across unlimited blockchains. The complexity got abstracted away.
The responsibility didn't.
Those 12 words are everything. Lose them and your funds are gone. Show them to the wrong person and your funds are gone. Type them into a phishing site and your funds are gone. There's no customer support to call.
Write them down on paper. Store them somewhere secure. Never type them into any website. Never store them digitally where they could be accessed remotely. The standards that make this possible are well-designed. The human element is where it breaks.
Further Reading
- BIP-32: Hierarchical Deterministic Wallets
- BIP-39: Mnemonic Code for Generating Deterministic Keys
- BIP-39 Word Lists
- BIP-44: Multi-Account Hierarchy
Footnotes
-
Chainalysis estimates 3.7 million BTC are lost forever—coins that haven't moved since the early years and are assumed inaccessible. This represents approximately 17.5% of Bitcoin's 21 million maximum supply. The uncertainty range (3-4M) reflects different methodologies for determining when coins are "lost" versus simply held long-term. ↩
Mnemonic Phrases
crypto
Twelve words that control everything
2 min readNovember 5, 2022
crypto
Twelve common English words. That's all that stands between you and your crypto—or anyone else and your crypto.
An estimated 3-4 million Bitcoin are permanently lost. Not stolen—lost. Forgotten passwords. Thrown-away hard drives. Mnemonic phrases that exist only in the memory of people who've died.1 At January 2026 prices (~$93,000), that's $280-370 billion locked forever in wallets no one can access.
The same 12 words that make self-custody possible make it dangerous.
How the Pieces Fit Together
Everything flows from the mnemonic phrase:
| Component | What It Does | Share It? |
|---|---|---|
| Mnemonic Phrase | Generates everything below | NEVER |
| Private Key | Signs transactions, proves ownership | NEVER |
| Public Key | Derives your address | Safe to share |
| Address | Receives funds (like an email address) | Safe to share |
The math only works in one direction. You can derive a public key from a private key, but you can't reverse it. That's what makes the system secure. It's also why losing your mnemonic is permanent—there's no "forgot password" option when the math itself is the lock.
What Each Part Looks Like
Mnemonic Phrase: A 12-24 word sequence from a standardized list of common English words:
This is the only thing you need to back up. Everything else can be regenerated from it.
Private Key: A long hexadecimal string. You rarely see it directly—wallets handle this in the background:
Some wallets now offer iCloud backup or email login instead. More convenient. Also means you're trusting Apple or Google with your keys.
Address: What you share to receive funds. Some services let you register human-readable names (like zachtos.apt) that point to your address:
The Technical Standards
BIP-39 (Bitcoin Improvement Proposal 39) standardized how this works. Ethereum, Solana, and most other blockchains use the same standard.
The process: your wallet generates random bits (entropy), maps them to words from a 2,048-word list, converts those words to a binary seed, and derives your master private key from that seed. From one master key, unlimited child keys can be generated—which is how one mnemonic can control wallets across multiple blockchains.
| Step | What Happens |
|---|---|
| Generation | Wallet creates random bits (entropy) |
| Encoding | Bits map to words from a 2,048-word list |
| Stretching | Words convert to a binary seed via PBKDF2 |
| Derivation | Seed generates master private key |
| Expansion | One master key generates unlimited child keys |
BIP-32 defines the hierarchical structure that makes this possible. BIP-44 organizes the derivation paths so one mnemonic can manage assets across different blockchains without conflicts. Your wallet handles all of this automatically—you just see addresses.
What This Means in Practice
Before these standards existed, managing crypto required technical expertise most people didn't have. Now 12 words can control unlimited assets across unlimited blockchains. The complexity got abstracted away.
The responsibility didn't.
Those 12 words are everything. Lose them and your funds are gone. Show them to the wrong person and your funds are gone. Type them into a phishing site and your funds are gone. There's no customer support to call.
Write them down on paper. Store them somewhere secure. Never type them into any website. Never store them digitally where they could be accessed remotely. The standards that make this possible are well-designed. The human element is where it breaks.
Further Reading
- BIP-32: Hierarchical Deterministic Wallets
- BIP-39: Mnemonic Code for Generating Deterministic Keys
- BIP-39 Word Lists
- BIP-44: Multi-Account Hierarchy
Footnotes
-
Chainalysis estimates 3.7 million BTC are lost forever—coins that haven't moved since the early years and are assumed inaccessible. This represents approximately 17.5% of Bitcoin's 21 million maximum supply. The uncertainty range (3-4M) reflects different methodologies for determining when coins are "lost" versus simply held long-term. ↩