Bitcoin Wallet Security Workshop

🎯 Mission: This workshop teaches you how one Bitcoin wallet works and how to back it up correctly. Learn seed generation, backup verification, and address derivationβ€”the foundation of self-custody.

Learn how Bitcoin wallets work and practice security in a safe environment

Master seed phrases, derivation paths, and wallet security best practices

Deep dive into BIP39, BIP32/44, cryptographic security, and advanced wallet features

Security Score: 0/100
Seed Generator
Backup Practice
Address Explorer
Security Tips
Advanced
πŸ›‘οΈ Recovery Plan

🎲 Seed Phrase Generator

🟒 Educational Tool - Safe Environment

A seed phrase is like a master password for your Bitcoin. It's a list of 12 or 24 random words that can recreate your entire wallet.

Your seed phrase uses BIP39 standard - a list of words from a 2048-word dictionary. Each word adds ~11 bits of entropy.

BIP39 mnemonic sentences use SHA-512 PBKDF2 with 2048 iterations to derive the seed. Entropy: 128 bits (12 words) or 256 bits (24 words).

Entropy Level: No seed generated
Click "Generate New Seed Phrase" to create a truly random seed phrase
Why Random Words?
Using random words makes it impossible for hackers to guess. Never use words you can think of yourself!
⚠️ Passphrase (25th Word):
Optional extra security layer. Even if someone finds your 24 words, they can't access funds without the passphrase.
πŸ”¬ Cryptographic Entropy:
Uses Web Crypto API (crypto.getRandomValues) for cryptographically secure randomness. Never use Math.random() for real wallets!

βš™οΈ Controls

Security Best Practices

  • βœ… Always write your seed phrase on paper
  • βœ… Never type it into a computer or phone
  • βœ… Never share it with anyone - not even "support"
  • βœ… Store it safely like cash or jewelry
  • ❌ Never store it in cloud, email, or photos

πŸ“ Seed Phrase Backup Practice

🟑 Practice proper backup procedures

The most important part of Bitcoin security is backing up your seed phrase correctly. Let's practice!

Practice the backup verification process used by hardware wallets like Ledger and Trezor.

Simulate BIP39 backup verification with scrambled word selection. Tests memory and accuracy.

First, generate a seed phrase in the Generator tab, then return here to practice backing it up.

πŸ”‘ Address Generator

🟒 Addresses are safe to share publicly

Your seed phrase creates many different Bitcoin addresses. Each address can receive Bitcoin separately!

HD wallets use derivation paths to generate billions of addresses from one seed. Understanding paths is key to wallet recovery.

BIP32 hierarchical deterministic key derivation. Path notation: m / purpose' / coin_type' / account' / change / address_index

Generate different addresses from the same seed

Learn

Address Types Explained:

Legacy (1...): Original format. Works everywhere but has higher fees.

SegWit (3...): Lower fees, widely supported.

Native SegWit (bc1...): Lowest fees, most efficient. Use this!
Why Multiple Addresses?

Privacy! Use a new address for each transaction. Reusing addresses links all your payments together.

Your wallet automatically generates new addresses from the same seed.
Derivation Path Standards:

m/44'/0'/0'/0/0 - BIP44 Legacy
m/49'/0'/0'/0/0 - BIP49 SegWit
m/84'/0'/0'/0/0 - BIP84 Native SegWit

The 0'/0'/0' means Bitcoin (0'), Account 0 (0'), External chain (0')

Wallet Security Essentials

Core security practices specific to seed phrases, backups, and wallet recovery. For broader security topics like device hardening and attack defense, visit the Security Dojo.

🎯 Ready for More?

Now that you understand wallet basics, head to the Security Training Lab to:
  • Practice defending against real phishing attacks
  • Run backup & recovery drills
  • Explore hardware wallets and inheritance planning
  • Earn belts as you complete training stations

πŸ”¬ Advanced Features

Understanding Entropy

Entropy measures randomness. Higher entropy = better security.

  • 12 words: 128 bits of entropy (2128 combinations)
  • 24 words: 256 bits of entropy (2256 combinations)

To crack a 12-word seed by brute force would take billions of years with current technology.

πŸ”‘ The Passphrase (25th Word) β€” What it actually does

A BIP39 passphrase is not just extra security β€” it creates an entirely different wallet. The same seed phrase with two different passphrases produces two completely different sets of addresses with separate balances.

Practical uses:
  • Plausible deniability: Keep a small "decoy" balance on the seed alone. Hide the real funds behind the passphrase wallet.
  • Extra theft protection: Even if someone finds your seed backup, they can't access funds without also knowing the passphrase.
  • Recovery risk: Lose the passphrase = lose those funds permanently. Store it separately from the seed, never together.
⚠️ UTXO Hygiene β€” Why it matters for privacy

A UTXO (Unspent Transaction Output) is like a bill in your wallet. When you spend, your wallet combines UTXOs to meet the amount β€” and this can link addresses together on the public blockchain.

Coin control lets you choose which UTXOs to spend, preventing unintended address linking. Available in Sparrow, Electrum, and advanced mobile wallets.

Example: If you received Bitcoin from an exchange and from a private sale, spending both together reveals to chain analysis that the same person controls both addresses.

BIP39 Technical Details

Specification: Bitcoin Improvement Proposal 39

  • Wordlist: 2048 words (211)
  • 12 words = 128 bits entropy + 4 bits checksum = 132 bits
  • 24 words = 256 bits entropy + 8 bits checksum = 264 bits
  • Derivation: PBKDF2-HMAC-SHA512, 2048 iterations
  • Passphrase: Optional salt for seed derivation
Security Analysis:

A 256-bit seed has 2256 possible combinations. This number is approximately 1077 - more than the estimated number of atoms in the observable universe (1080).

Even with quantum computers, brute-forcing a properly generated BIP39 seed is computationally infeasible.

πŸ—‚οΈ Understanding Derivation Paths

Derivation paths are not advanced Bitcoin triviaβ€”they are the index system of your money. Understanding them prevents recovery panic.

πŸ’‘ The Biggest Misconception

People think: "My seed phrase is my wallet."

Reality: Your wallet is seed phrase + derivation path + script rules.
  • Lose the seed β†’ funds are gone forever
  • Lose the path β†’ funds are hidden but recoverable

Only one is irreversible. Bitcoin does not forgetβ€”wallets just need to know where to look.

πŸ“„ Configuration Files & Wallet Backups

Beyond the seed phrase, wallets produce several configuration files that are critical for recovery β€” especially for multisig. Knowing what they are and where to store them is as important as knowing your derivation path.

Test Your Understanding

Question: Why must seed phrases be truly random?

πŸ›‘οΈ Recovery & Inheritance Plan

Map every wallet, exchange, and key location so you β€” or a trusted person β€” can recover your Bitcoin under any circumstances. Fill in locations only. Never record seed words or private keys in this tool.

Plan completion
0%

Exports labels and locations only β€” never seed phrases or private keys.