How Do You Run a Wallet Recovery Drill? A Semi-Annual Seed-Phrase Restore Walkthrough
The biggest hidden risk in self-custody isn’t getting hacked, it’s reaching for your backup one day and discovering you don’t know how to use it. That line came from a 2025 victim of a “wrench-attack” extortion — he had backed up his seed, etched it on a steel plate, locked it in a safe, but had never actually restored from it. Under stress he wrote down three wrong words from memory and six figures of assets stayed frozen on-chain. This post is the wallet recovery drill I run myself every six months without fail. Half an hour following this checklist tells you whether your backups actually work, rather than gambling on the moment you need them. Skim the wallet primer and security guide first for the vocabulary.
Why “I backed it up” doesn’t mean “I can restore”
The three failure modes I see again and again:
- Wrong word: one of the 24 words spelled as a similar word —
thereinstead oftheir,flourinstead offlower. These are not in the BIP39 list, so input validation will reject them. - Wrong order: the order is the entropy. Swap word 7 and word 8 and you have a completely different key.
- Backup never actually happened: a hardware wallet that was set up by skipping the “I’ve backed this up” prompt, or a cloud-note backup deleted years ago.
The drill exists to surface these problems — before you actually need the backup.
Pre-drill: three things you need
- A clean device: a laptop, tablet, or spare phone that has never touched your daily accounts. Never restore on your daily machine — a keylogger you don’t know about will see the entire seed in one go.
- A new cable and an empty USB drive — don’t plug into anything old
- An air-gapped environment: enter the seed in airplane mode or fully offline, only reconnect after verification is complete
If you can’t even put together a clean device, buy a second-hand low-end laptop dedicated to this. A modest investment buys long-term peace of mind.
Drill day: step by step
Step 1: Lay out the backups, don’t touch the live wallet
Walk to your safe or drawer and put every backup medium on the table: paper seed, steel plate, second steel plate, sealed envelope, etc. Verification grid:
| Check | Pass criteria |
|---|---|
| Count complete | All 24 (or 12) words readable, no corrosion or damage |
| Order explicit | Each word numbered 1-24, surviving a drop on the floor |
| Location matches docs | Physical location matches your “safety inventory” |
| Steel matches paper | Two independent backups verified word-for-word |
| Passphrase isolated | BIP39 passphrase stored separately — never with the seed |
Any failure ends the drill — go restock the backups before continuing.
Step 2: Install the wallet app on the clean device
Download from the official domain, not search results. Ledger Live, Trezor Suite, MetaMask, Rabby, OKX Wallet — all from their websites. After download, verify the signature or hash. People skip this because it’s tedious, but fake wallet apps on the daily machine have been one of the most active 2024-2026 attack vectors.
Step 3: Choose “restore wallet” and type the seed
Three rules while typing:
- Stay offline until you’ve finished entering and confirmed
- Read each word out loud — don’t muscle-memory it
- Include the BIP39 passphrase if you use one, otherwise you’ll derive a different empty address and mistakenly conclude the backup is wrong
When typing finishes the wallet derives addresses. The first thing to verify is whether the address matches what you use daily. On a hardware wallet, confirm the address on the device’s own screen, not just the laptop.
Step 4: Reconcile balances
Take the recovered address to Etherscan or Debank:
- Does mainnet ETH balance match?
- Do the main ERC-20 holdings match?
- Do L2 balances (Arbitrum, Base, Optimism) match?
- Do LST tokens staked at Lido or Rocket Pool match?
- Do NFT holdings match?
Any mismatch — first check whether the derivation path is wrong (BIP44 vs Ledger Legacy, etc.) before suspecting the seed. Path mismatches are way more common than seed errors.
Step 5: Send a reverse-proof transaction
The cleanest verification: send a tiny outbound transaction from the recovered wallet to another address you own. 0.001 ETH to a different wallet, or sign an EIP-712 message and verify it from the original wallet.
This proves more than “the address matched” — it proves the private key actually signs and the chain accepts it. There are edge cases where a wrong seed accidentally derives an address that looks similar (same derivation path, different wallet, same index 0 sometimes resemble each other) — signature verification is the only way to be sure.
Step 6: Destroy the drill wallet
After the drill, any seed-phrase residue on this clean device has to be wiped:
- Uninstall the wallet app
- Clear browser cache and extensions
- Wipe system logs (
Terminalhistory on macOS, event logs on Windows) - Safest: full factory reset of the device, reinstall next time
If you ran the drill on a hardware wallet (a dedicated “drill Ledger”), factory-reset the device itself so next time you re-do the whole install-to-restore loop and validate the full chain.
Write down the drill log
A short record after each drill, reusable next time:
- Drill date
- Device model
- Wallet app version
- Derivation path (Default / Ledger Live / Legacy)
- Asset reconciliation list and numbers
- Issues found and fixes applied
- Next drill date (fixed at six months out, same week)
Keep this log separate from the seed — it can live in cloud storage because it contains no sensitive material.
Drill points specific to multisig
For multisig setups, add one step: simulate one signer going completely dark.
- Pick a “missing” signer
- The remaining signers jointly propose to replace them with the backup signer
- Verify the replacement succeeds and the threshold can still be met
- Restore the original configuration after the drill
Many DAO multisigs haven’t touched their signer list in three years. The drill is what reveals that a long-departed colleague is still on the 5-signer roster — that discovery is the entire point.
The drill ends with documentation
The step people skip: every problem the drill uncovered must get written back into your safety doc.
- Word 12 etched wrong? Fix the plate now
- Steel plate B lost during a move? Regenerate and re-back up
- Passphrase blank? The survival clock is ticking — export from the live wallet to a fresh seed today
- Will you forget the derivation path next time? Document it
Then enter the next drill date into your calendar with a hard reminder. Stronger than any encryption tool, that calendar reminder is what actually keeps your security posture alive. After four drills (two years) your sense of control over your assets will feel categorically different from where you started. Twice a year beats reading a hundred security articles.