Use BIP-39 mnemonics generated on a hardware wallet or offline tool. Never type seed phrases into web pages, paste them into chat apps, or store them in plaintext files. KeyAudit does not require seed entry — only the address-hash or signature is submitted, and client-side SHA-256 via SubtleCrypto.digest() ensures the seed never reaches our server.

Avoid brain-wallet generation from reused or weak passwords — dict_derived entries in KeyAudit show that common phrases are routinely reverse-engineered from on-chain signatures. If you must use a brain wallet, feed a high-entropy passphrase through a proper KDF (e.g., 100000+ PBKDF2 iterations).

Before large sends, check the recipient address against KeyAudit’s 6.94M leaked records. Even a confirmed_stolen or sanctioned match warrants manual review. Use separate hot wallets for daily spending and cold wallets for storage — one leak in a single wallet does not cascade.

Finally, rotate any seed that appears in a public dataset. KeyAudit credits 25 sources (see /en/source) so you can verify if your wallet appears from an academic_dataset or community_curated leak. No web-based tool can guarantee full safety, but hashing seeds offline eliminates server-side exposure entirely.