Skip to main content
Don't invest unless you're prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong. Take 2 min to learn more.

What Is a Seed Passphrase? The 25th Word Explained

One optional string turns a found seed phrase into a dead end for thieves, and a forgotten one into permanent loss: how the 25th word actually works.

intermediate6 min readDan Clarke
Hero image for what-is-a-seed-passphrase

TL;DR

  • A seed passphrase is an optional extra string on top of your 12 or 24 seed words, defined in the BIP39 standard in 2013.
  • Same seed, different passphrase, completely different wallet: a stolen seed alone no longer moves your funds.
  • There is no wrong-passphrase error. A typo opens an empty wallet, and no vendor can recover a string you forgot.
  • Enable it with a small test deposit, prove a restore on a reset device, and store the passphrase apart from the seed.
  • Educational only, not financial advice. How you secure your crypto is your decision.

In July 2020, thieves broke into the marketing database of Ledger, the French hardware wallet maker, and took no coins and no keys. What they got was a customer list, roughly 272,000 names and home addresses, and by December it had been dumped on the open internet for anyone to read. Suddenly, thousands of people who kept a written seed phrase at home had to sit with a new thought. Strangers might know where it lives.

The seed passphrase is the standard answer to that fear: one optional string of your choosing, and a found seed opens nothing worth taking. Real protection on one side, zero forgiveness on the other. This guide is an explainer, not financial advice.

One optional string, written into the standard in 2013

The passphrase comes from BIP39, the bitcoin standard from 2013 that defined the familiar recovery seed of 12 or 24 words. Tucked into that standard is an optional extra: any string you choose, layered on top of the seed words, a single word or a whole sentence or a line of character soup. People call it the 25th word, though the name misleads slightly, because it never sits with the other 24.

Your device does not store it and the seed words do not contain it. Trezor and Ledger both support the feature, and neither company ever sees what you chose, because it exists only where you decide to keep it.

Same words, different wallet

The mechanics of it feel odd at first. Take one set of seed words, add the passphrase "winter garden", and you get a wallet. Add "Winter garden", capital W, and you get a completely different wallet: different addresses, different balance, no connection to the first, because capitals count and so do spaces. Trezor's interface calls each of these a hidden wallet, which is a fair description.

One behaviour catches almost everyone out: there is no wrong-passphrase error, none. Every string you could type opens a valid wallet, so a typo does not fail, it quietly shows you an empty wallet instead. Plenty of owners have stared at a zero balance in horror when the real problem was a stray space.

What it defends against

A written seed is a physical object, and physical objects get found: a burglary, a photographed backup, a storage spot that stopped being secret years ago without you noticing. Under plain BIP39, anyone who reads those 12 or 24 words can rebuild every private key in the wallet and move everything from the other side of the world.

Add a passphrase and the paper alone stops being enough. The words now open a wallet you deliberately keep small, or one with nothing in it at all. That is why the Ledger leak pushed so many owners to switch the feature on: when your name and home address sit in a breached customer list, the passphrase means the backup somebody might find cannot move funds on its own.

There is a blunter scenario people plan for too. In 2009 the webcomic xkcd sketched the "$5 wrench attack": nobody needs to break encryption if they can threaten the owner into opening the wallet. The pattern people run in response is a decoy: modest funds stay on the passphrase-free wallet, the main funds sit behind the passphrase, which limits what a forced opening can reach. It does not make anyone untouchable, and no setup does.

The half nobody can undo

Now the other truth, and it deserves equal weight.

The passphrase is not stored on the device and not hidden inside the seed words. It appears on no recovery sheet, and neither Trezor nor Ledger can regenerate it, because they never had it. Forget it and the money is gone. Your flawless 24-word backup will restore a perfectly valid wallet, promptly and without complaint. Just not the one your funds are in.

This failure happens often enough to have a rank. After loss of the seed itself, the forgotten passphrase is the most common self-inflicted way people in self-custody lose money. Nobody hacked them, they out-secured their own memory.

Three things it is not

The passphrase gets muddled with every other secret in the stack, so keep them separate:

  • The device PIN, the short code of four to eight digits on a Ledger, protects the physical device in your hand and does nothing for a seed written on paper.

  • An app password protects a wallet app on one phone, and again does nothing for the seed.

  • The seed phrase itself is the master backup, which the passphrase sits on top of and is useless without, so a passphrase wallet needs both.

Switching it on without losing money

Turning the feature on takes five minutes in the device settings, entered once per session or each time the device wakes. Doing it without risking your funds takes an evening, and the extra steps are the entire point:

  1. Choose a string you can reproduce exactly, capitals, spaces and all, because a sentence you will still recall in ten years beats twenty characters of soup you will not.

  2. Enable the passphrase and send a small test deposit into the new wallet, ten pounds' worth being plenty.

  3. Prove the backup: reset the device, or use a second one, and restore from the written seed plus the passphrase, and the test funds should reappear.

  4. Move real money only after that restore works.

  5. Write the passphrase down and store it physically apart from the seed words, never on the same sheet, because one piece of paper holding both recreates the original problem.

Who should bother

Honestly, not everyone. If a custodial platform holds your crypto, this layer is not yours to manage. If you keep a modest balance on a hardware wallet and nobody knows the seed exists, a well-hidden backup already carries most of the load.

The case firms up as the stakes rise: a balance that would hurt for years, a seed stored where other people could reach it, or your details sitting in a breached database like those 272,000 Ledger records. Then add the passphrase, run the test-deposit drill, and prove the restore before trusting it with anything real.

And choose your string like it matters, because nobody is coming to reset it. The wallet cannot tell an attacker guessing from an owner misremembering. It treats both the same.

Frequently Asked Questions

No. The PIN protects the physical device, and on a Ledger it is four to eight digits. The passphrase works at a different layer: combined with your seed words it opens an entirely separate wallet. A thief who has photographed your seed never needs your device or its PIN, which is exactly the gap the passphrase closes.

Nothing dramatic, and that is the trap. There is no error message, because every possible string opens a valid wallet. A typo just shows you an empty one. If a balance looks wrong, do not panic and do not send anything. Retype the passphrase with the exact capitals and spaces you used when you set it up.

No, and that is by design. The passphrase is never stored on the device or on the company's servers, so there is nothing for support to look up. If it is gone from your head and your notes, the funds behind it are unreachable, even with a perfect 24-word seed backup.

Usually not on day one. If a platform holds your crypto for you, the passphrase is not part of your setup at all. It starts earning its place once you hold an amount in self-custody that would genuinely hurt to lose, or once your name has appeared in something like the 2020 Ledger customer leak. Even then, run a small test deposit and a practice restore first.

One you can reproduce exactly for years, character for character. A memorable sentence beats random symbols you will never recall. Avoid anything printed near your seed or guessable from your life, like a family name or address. And write it down, stored physically apart from the seed words, never on the same sheet.

Yes. The BIP39 standard applies the passphrase on top of either 12 or 24 seed words in the same way. Same rules too: case-sensitive, space-sensitive, stored nowhere, and each different passphrase opens its own separate wallet.

By Dan ClarkeLast updated: 14 July 2026