Shamir Backup (often implemented as SLIP-39) is a way to split a cryptographic secret into multiple pieces so that only a subset of them is required to recover the secret. Short version: instead of one 12- or 24-word seed phrase, you get several "shares" (each a set of words) and a threshold like 2-of-3 or 3-of-5 decides how many shares are needed to rebuild the private keys. Why split at all? Because it reduces single-point failures — theft, fire, or a lost wallet no longer means instant doom.
In my experience, this approach is most useful when you need redundancy or safe distribution among family, a lawyer, and a safety deposit box. (It does add operational complexity, though.)
At a high level SLIP-39 uses the math behind Shamir's Secret Sharing. The device (or recovery tool) treats the secret as data and produces N shares such that any T shares reconstruct the original. Think of it like cutting a key into pieces and knowing you only need a subset to reassemble it.
Important technical distinctions:
If you want deeper reading on device internals and secure elements, see the security architecture overview and check firmware authenticity steps in the firmware update guide.
This is a generalized setup flow — exact screens vary by device.
A full device setup walkthrough can be found in the device setup guide. And yes, testing a restore on a spare device will save you future headaches.
Paper is fragile. If you plan to store shares long-term, use purpose-built metal backup plates (stainless steel, stamped or engraved). They survive fire, flood, and time.
Best practices I use:
| Feature | SLIP-39 (Shamir) | Single 24-word seed (BIP-39) |
|---|---|---|
| Redundancy | Split and distribute (tolerant of partial loss) | Single point of failure |
| Compatibility | Limited to SLIP-39-aware tools | Widely supported |
| Complexity | Higher operational overhead | Lower overhead |
| Inheritance | Easier to distribute to trustees | Simpler but riskier |
| Recovery options | Requires SLIP-39 support | Many recovery paths |
Pros: better resilience and flexible distribution.
Cons: more complexity and limited cross-wallet compatibility.
Which is better: Shamir or multisig? They solve different problems. Multisig spreads signing authority across separate private keys (often distinct devices or custodians). Shamir splits one private key into pieces. Multisig gives stronger protection against a single compromised key because each signer must collude to spend. Shamir gives simpler restoration and is handy for distributing custody among trusted parties.
If you're storing large amounts long term, consider multisig for operational security and Shamir for ease of inheritance or redundancy. Read the multisig guide and a practical walkthrough on multisig setups for implementation notes.
Adding a passphrase (sometimes called a 25th word) creates a hidden wallet layer on top of a seed. But passphrases are not stored inside SLIP-39 shares; they remain a separate secret. That means if you use a passphrase with SLIP-39, everyone who holds shares still needs the passphrase to access the specific hidden wallet.
This is powerful for privacy and plausible deniability, but it adds a single-point memory risk: if you forget the passphrase, recovery fails. What I've found is that many users underestimate this risk. See the passphrase guide for workflows and secure storage ideas.
But complexity is not a reason to avoid Shamir. With clear procedures (and testing), it becomes manageable.
Who Shamir is good for:
Who should look elsewhere:
For strategic planning, compare single-vs-multisig strategies in cold storage strategies.
Q: Can I recover my crypto if the device breaks?
A: Yes — if you have enough SLIP-39 shares to meet the threshold you can restore on any compatible device or recovery tool. Always test a recovery on a spare device first (or follow the steps in recover if device is lost).
Q: What happens if the wallet maker goes bankrupt?
A: Your private keys belong to you; the company going under doesn't destroy your crypto. But if SLIP-39 support is rare, it may be harder to find compatible recovery tools, so keep recovery options in mind. See company bankruptcy for practical scenarios.
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth adds convenience and some additional attack surface. If you are using advanced backup strategies like SLIP-39, prefer wired or air-gapped flows when provisioning shares (or at least understand the tradeoffs). More on this in Bluetooth/USB/NFC security.
Shamir Backup (SLIP-39) is a powerful tool when you need redundancy, distribution of trust, or a more flexible inheritance plan. It is not magic — you trade simplicity for resilience. In my testing, the method saved a partner from a near-disaster when a home safe failed; proper planning matters.
Ready to set one up? Start with the device setup guide, read the seed phrase basics, and decide if metal plates make sense for you (seed backup plates). If you want stronger operational protections, compare multisig options in the multisig guide.
Want help choosing a strategy for your assets? Check the comparison and strategy pages or reach out to communities that focus on secure long-term custody. But remember: the safest plan is one you can actually execute and verify.