What’s the safest way to store crypto?

Use a hardware wallet with an offline-generated seed, written (not digital) backups, and a passphrase. Keep hot wallets for small spends only.

Should I ever enter my seed online?

No. Never type a recovery phrase into a website, browser extension, or chat. Restore only inside vetted wallet software or on a hardware wallet device.

How many backups do I need?

At least two geographically separated, tamper-evident backups. Consider metal for fire/water resistance and label neutrally to avoid targeted theft.

Secure Crypto Wallets

// Overview

The vault is about sovereignty: generate and hold keys offline, transact intentionally, and keep hot wallets on a short leash. The list below mirrors that: sovereign-grade hardware, cautious convenience, explicit “avoid,” and protection moves.

// Quick Compare

Wallet Type

Purpose

Edge

Risk

Hardware (Cold)

Long-term hold

Keys offline; phish-resistant

Physical loss if backups sloppy

Mobile/Desktop (Hot)

Small, frequent spends

Convenience; quick signing

Phishing, malware, SIM swap

🛡️ Hardware (Sovereign Tier)

Trezor Safe 5 — Color touchscreen, EAL6+ secure element, 20-word backup, multi-coin support. Built for scroll-sealed storage and sovereignty.
Visit Trezor Suite →

Foundation Passport — Air-gapped Bitcoin-only wallet. No USB, QR-based transactions. Sovereign tier.
Explore Passport →

Only generate/record seed offline — never on a shared screen or public computer.

🧱 Mobile & Desktop (Scroll-Cautious Tier)

Xverse — Stacks & Ordinals support
Phantom — Solana-only, clean UI
Exodus — User-friendly desktop app (not for cold storage)

Convenience tools only. Never store large amounts here.

☠️ Avoid (Compromised & Risky)

MetaMask — High phishing surface (extensions)
Trust Wallet — Binance-linked telemetry
SafePal — Background data concerns
Any wallet requiring Google/Apple login

⚔️ Scroll-Aligned Protection Tips

Seed backup by hand — no digital copies
Never enter your phrase online
Label wallets with neutral aliases
Use passphrase + decoy wallet structure
Practice a restore before moving size

Field sovereignty begins where digital dependence ends. Protect what you’ve been entrusted to carry.

🧭 10-Minute Recovery Drill

Unbox spare device (or use a fresh user profile).
Download wallet app directly from the vendor link.
Go offline; verify the download checksum if provided.
Restore from written seed + passphrase.
Confirm first receive address matches a prior saved address.
Sign a dummy message; verify signature.
Send a tiny outbound to self; confirm arrival.
Document the steps you fumbled; fix the gaps.
Store the spare device powered down, labeled neutrally.
Schedule a quarterly repeat.

// Links

← Back to Crypto Vault Home

Some outbound links (e.g., Trezor) are affiliate links — we may earn a commission at no extra cost to you.

Last updated: September 1, 2025