Security

NeoWalt — Wallet Security

Key principles

  • The seed phrase (12/24 words) = master key . Never enter it on a computer/phone.
  • The PIN protects access to the wallet, the passphrase protects the seed (safe inside the safe).
  • Check the address on the device screen before each sending.
  • Offline backups in two separate locations (ideally steel ), regular restoration testing.
  • Update firmware & apps from official sources.

Objective: Reduce your physical, software and social attack surfaces.

Your safety score

0%
High risk
This score is saved locally on your browser.

Common threats

  • Phishing / address poisoning : clone sites/applications, similar addresses, malicious QR codes.
  • SIM swap & social engineering : SMS/2FA takeover and human manipulation.
  • Malware / keyloggers : blind signatures, infected browser extensions.
  • Supply chain : device altered before receipt, “pre-printed” seed (classic scam).
  • Evil-Maid : stealth physical access to your equipment (office/hotel).

⚠️ Red flags

A seller already provides you with a seed or asks for your 24 words.
Installation links via private messages / social networks.
Urgent request to sign a transaction “to verify”.
Wallet received without seal or with suspicious stickers.
Application that refuses address verification on the device.

Essential best practices

  • Initialize the wallet yourself, from official sources (publisher site, verified app store).
  • 6+ digit PIN , disable automatic mobile unlocking.
  • Passphrase : Activate it to compartmentalize (a hidden wallet cannot be guessed).
  • Seed on steel (stainless steel plate type), stored in two separate locations , never a photo.
  • On-device address verification. Do not sign from public Wi-Fi.
  • Regular firmware /app updates. Back up before any updates.
  • Large amounts: choose multisig (2-out-of-3) or Shamir depending on your profile.
  • Perform a test restore on a secondary device (without reusing the tested seed).

Reception: supply-chain check

1) At opening
  • Seals intact, official packaging, no pre-filled “seed card”.
  • Visible numbers/serial, accessories conform.
2) Installation
  • Download the official app (Ledger Live / Trezor Suite / dedicated app).
  • Check the imprint or signature provided by the publisher if available.
3) Initialization
  • Generate a new seed on the device (never provided by a third party).
  • Enable the passphrase if you know how to manage it (separate storage from the seed).
  • Write down your words on a durable medium (steel recommended), in private.

Backups & Inheritance

  • 2 separate locations (geographically) for the seed; passphrase elsewhere .
  • Shamir : sharing the seed into N parts, M needed to restore (eg 2/3).
  • Multisig : multiple devices/keys required (e.g. 2-of-3); reduces the risk of a single point of failure.
  • Inheritance : sealed file (inventory, instructions, contacts), designated executor, dry run .

Choose between Shamir and Multisig depending on your operational capacity (simplicity vs. resilience & distribution).

Personal Policy Generator

Tip: Print and seal a copy, separate from your backups.

Emergency (incident) plan

Loss/theft of the device
  • Use your seed (and passphrase) to restore to a new device in a safe location .
  • Immediately transfer funds to new keys/wallets.
Potentially exposed seed
  • Move all funds immediately to a new seed/passphrase.
  • Consider multisig/Shamir to improve resilience.
Suspected malware/phishing
  • Cut the connection, isolate the machine, change your passwords offline.
  • Reinstall cleanly or use a clean machine dedicated to sensitive operations.

Quick Glossary

Seed phrase

A sequence of 12/24 BIP39 words that allows you to regenerate all your keys. Keep offline , never on a connected device.

Passphrase

Additional word/phrase (not written on the seed) that creates different wallets. Remember: without it, restoration is impossible.

Air gap

Streams without direct connection (e.g. QR codes). Reduces USB/Bluetooth risks, but requires operational rigor.

Multisig

Multiple keys required for spending (e.g. 2-out-of-3). Ideal for large amounts or shared governance.

Shamir

Sharding the seed into fragments (M-out-N). Useful for distributing trust and limiting single points of failure.

This information is for educational purposes only. Please do your own research. Never share your seed with anyone.
© NeoWalt — Security Information Page. This page does not replace your internal policies or regulatory obligations.