HD Wallets Explained: How One Seed Phrase Controls Thousands of Addresses

A hierarchical deterministic wallet can generate millions of unique addresses from a single 12-word phrase — and every single one can be recovered from that phrase alone. Here is how that works and why it matters.

What a Crypto Wallet Actually Is

The word "wallet" is a misleading metaphor. Your crypto does not live inside a wallet the way cash lives inside a leather one. Crypto lives on the blockchain — a public ledger that records who owns what. What a wallet actually stores is the private key that proves you own a particular balance and authorises you to move it.

Think of a wallet as a keychain, not a purse. The blockchain holds the money. The wallet holds the key to it.

The Problem With the Old Way

Before 2012, most Bitcoin wallets generated addresses one at a time, randomly. Each address had its own independent private key. If you wanted to use five addresses, your wallet managed five separate keys. If you wanted a hundred, it managed a hundred.

This created a painful backup problem. Every time you generated a new address, you had to back up your wallet file again — because the new key was not connected to any of the old ones. Forget to back up after generating a new address, receive a payment to that address, and then your hard drive fails? The funds were gone.

Hierarchical deterministic (HD) wallets solved this permanently.

The Seed Phrase: One Backup to Rule Them All

An HD wallet starts with a single random number — a large one, 128 to 256 bits of entropy. This number is encoded into a sequence of words from a fixed 2048-word dictionary (defined in BIP39), producing what is commonly called a seed phrase, recovery phrase, or mnemonic.

A typical 12-word seed phrase looks like this:

witch collapse practice feed shame open despair creek road again ice least

This sequence of words is deterministic — given the same words in the same order, the wallet will always derive the exact same set of keys and addresses. It does not matter what device you use, what software you use, or when you do it. The math is the math.

Write down your seed phrase. Store it offline. Never photograph it. Never type it into any website. This is the only backup you will ever need — and losing it means losing everything.

From Seed Phrase to Master Key

The wallet runs the seed phrase through a one-way hashing function (PBKDF2 with HMAC-SHA512) to produce a 512-bit master seed. From that seed, it derives a master private key and a master chain code. Together, these two form the root of the entire key hierarchy.

The chain code is the piece that makes the hierarchy possible — it is mixed into every child key derivation step, ensuring that each level of the tree produces unique, non-repeating results.

The Tree Structure

From the master key, the wallet derives child keys. From each child key, it can derive grandchild keys. This creates a tree structure — which is why it is called hierarchical.

The path through the tree is written as:

m / purpose / coin / account / change / index

For example, the first Bitcoin receive address under the most common standard (BIP44) is at:

m/44'/0'/0'/0/0

The second is at m/44'/0'/0'/0/1, the third at m/44'/0'/0'/0/2, and so on. Each path maps to exactly one address, and every address can be re-derived from the original seed phrase at any time.

This is what deterministic means. Given the same seed, the tree is always identical.

Multiple Coins, Multiple Accounts, One Backup

The hierarchy is designed to handle multiple cryptocurrencies from a single seed. Bitcoin lives at coin type 0, Ethereum at coin type 60, and so on (defined in SLIP44). Each coin has its own subtree, completely isolated from the others.

You can also have multiple accounts within a single coin — useful for separating personal funds from a business, or keeping different projects isolated. All of them are recoverable from the same 12 or 24 words.

For merchants, this means:

One seed phrase backs up your entire crypto setup across all currencies.
You can separate a receiving account (used by a payment processor) from your cold storage account — same wallet, different derivation path, funds do not mix.
Switching devices or wallet software is non-destructive — restore from seed phrase and everything is there.

The xPub Connection

At each account level in the tree, the wallet can export an extended public key (xPub) — a public key plus chain code that allows anyone to derive all the child receive addresses for that account, without access to the private key.

This is the mechanism non-custodial payment processors use. You give the processor your xPub for a specific account. It generates fresh addresses for each order. Your funds land directly in your wallet. The processor never had the ability to move them.

The xPub only covers one branch of the tree. Everything above the account level, including the master key and the seed phrase, remains entirely private.

What the Standards Actually Are

HD wallets are built on a stack of Bitcoin Improvement Proposals:

BIP32 — defines the core hierarchical derivation algorithm
BIP39 — defines the seed phrase wordlist and encoding standard
BIP44 — defines the derivation path convention (m/44'/coin'/account'/change/index)
BIP84 — same structure but for native SegWit (Bech32) addresses

Any wallet that implements these standards will produce the same addresses from the same seed phrase. This is why you can restore a Ledger backup in Trezor Suite, or a MetaMask seed phrase in any other BIP39-compatible wallet.

The One Rule

Everything in an HD wallet traces back to the seed phrase. The security model is simple: whoever has the seed phrase owns the funds. No password reset. No customer support. No recovery option.

Write it down on paper or steel. Store it somewhere physically secure. Do not store it in a photo, a note-taking app, a cloud drive, or an email. That is it. That is the whole security model — and it is both its greatest strength and the one thing that cannot be recovered from if you get it wrong.