diff --git a/lib/bcoin/hd.js b/lib/bcoin/hd.js
index 3d0e21d4..c5497e0e 100644
--- a/lib/bcoin/hd.js
+++ b/lib/bcoin/hd.js
@@ -194,6 +194,21 @@ Mnemonic.fromOptions = function fromOptions(options) {
   return new Mnemonic().fromOptions(options);
 };
 
+/**
+ * Destroy the mnemonic (zeroes entropy).
+ */
+
+Mnemonic.prototype.destroy = function destroy() {
+  this.bits = constants.hd.MIN_ENTROPY;
+  this.language = 'english';
+  if (this.entropy) {
+    this.entropy.fill(0);
+    this.entropy = null;
+  }
+  this.phrase = null;
+  this.passphrase = '';
+};
+
 /**
  * Generate the seed.
  * @param {String?} passphrase
@@ -932,6 +947,38 @@ HDPrivateKey.prototype.__defineGetter__('xpubkey', function() {
   return this.hdPublicKey.xpubkey;
 });
 
+/**
+ * Destroy the key (zeroes chain code, privkey, and pubkey).
+ * @param {Boolean} pub - Destroy hd public key as well.
+ */
+
+HDPrivateKey.prototype.destroy = function destroy(pub) {
+  this.depth = 0;
+  this.parentFingerPrint.fill(0);
+  this.childIndex = 0;
+  this.chainCode.fill(0);
+  this.privateKey.fill(0);
+  this.publicKey.fill(0);
+
+  if (this.fingerPrint) {
+    this.fingerPrint.fill(0);
+    this.fingerPrint = null;
+  }
+
+  if (this._hdPublicKey) {
+    if (pub)
+      this._hdPublicKey.destroy();
+    this._hdPublicKey = null;
+  }
+
+  this._xprivkey = null;
+
+  if (this.mnemonic) {
+    this.mnemonic.destroy();
+    this.mnemonic = null;
+  }
+};
+
 /**
  * Derive a child key.
  * @param {Number|String} - Child index or path.
@@ -1592,6 +1639,25 @@ HDPublicKey.prototype.__defineGetter__('xpubkey', function() {
   return this._xpubkey;
 });
 
+/**
+ * Destroy the key (zeroes chain code and pubkey).
+ */
+
+HDPublicKey.prototype.destroy = function destroy() {
+  this.depth = 0;
+  this.parentFingerPrint.fill(0);
+  this.childIndex = 0;
+  this.chainCode.fill(0);
+  this.publicKey.fill(0);
+
+  if (this.fingerPrint) {
+    this.fingerPrint.fill(0);
+    this.fingerPrint = null;
+  }
+
+  this._xpubkey = null;
+};
+
 /**
  * Derive a child key.
  * @param {Number|String} - Child index or path.
diff --git a/lib/bcoin/txdb.js b/lib/bcoin/txdb.js
index 2dd2cbdb..ca99579c 100644
--- a/lib/bcoin/txdb.js
+++ b/lib/bcoin/txdb.js
@@ -1121,7 +1121,8 @@ TXDB.prototype._lazyRemove = function lazyRemove(tx, callback) {
 TXDB.prototype._remove = function remove(tx, info, callback) {
   var self = this;
   var hash = tx.hash('hex');
-  var i, path, account, key, address, input, output, coin;
+  var i, path, account, key, prevout;
+  var address, input, output, coin;
 
   this.del(layout.t(hash));
 
@@ -1149,7 +1150,7 @@ TXDB.prototype._remove = function remove(tx, info, callback) {
     for (i = 0; i < tx.inputs.length; i++) {
       input = tx.inputs[i];
       key = input.prevout.hash + input.prevout.index;
-      var prevout = input.prevout;
+      prevout = input.prevout;
       address = input.getHash('hex');
 
       if (tx.isCoinbase())
diff --git a/lib/bcoin/wallet.js b/lib/bcoin/wallet.js
index 03f01dc6..d3c0c5ee 100644
--- a/lib/bcoin/wallet.js
+++ b/lib/bcoin/wallet.js
@@ -2995,9 +2995,7 @@ MasterKey.prototype.destroy = function destroy() {
   this.stop();
 
   if (this.key) {
-    this.key.chainCode.fill(0);
-    this.key.privateKey.fill(0);
-    this.key.publicKey.fill(0);
+    this.key.destroy(true);
     this.key = null;
   }
 };
diff --git a/lib/bcoin/walletdb.js b/lib/bcoin/walletdb.js
index 74ba7b43..92b734db 100644
--- a/lib/bcoin/walletdb.js
+++ b/lib/bcoin/walletdb.js
@@ -1525,14 +1525,20 @@ WalletDB.prototype.addTX = function addTX(tx, callback, force) {
  */
 
 WalletDB.prototype.getAddressPath = function getAddressPath(wid, hash, callback) {
+  var path;
   this.getAddressPaths(hash, function(err, paths) {
     if (err)
       return callback(err);
 
-    if (!paths || !paths[wid])
+    if (!paths)
       return callback();
 
-    callback(null, paths[wid]);
+    path = paths[wid];
+
+    if (!path)
+      return callback();
+
+    callback(null, path);
   });
 };
 
@@ -1699,7 +1705,7 @@ Path.prototype.fromJSON = function fromJSON(json) {
   var indexes = bcoin.hd.parsePath(json.path, constants.hd.MAX_INDEX);
 
   assert(indexes.length === 3);
-  assert(indexes[0] >= 0);
+  assert(indexes[0] >= constants.hd.HARDENED);
   indexes[0] -= constants.hd.HARDENED;
 
   this.wid = json.wid;
@@ -1932,6 +1938,14 @@ function serializePaths(out) {
   return p.render();
 }
 
+function parseWallets(data) {
+  var p = new BufferReader(data);
+  var wallets = [];
+  while (p.left())
+    wallets.push(p.readU32());
+  return wallets;
+}
+
 function serializeWallets(wallets) {
   var p = new BufferWriter();
   var i, info;
@@ -1944,14 +1958,6 @@ function serializeWallets(wallets) {
   return p.render();
 }
 
-function parseWallets(data) {
-  var p = new BufferReader(data);
-  var wallets = [];
-  while (p.left())
-    wallets.push(p.readU32());
-  return wallets;
-}
-
 function WalletBlock(hash, height) {
   if (!(this instanceof WalletBlock))
     return new WalletBlock(hash, height);