Seed Phrase Theft
Stealing a crypto wallet's seed phrase (recovery phrase) by deception, malware, or physical means, giving the thief complete and irreversible control of all assets in the wallet.
Also known as: mnemonic theft, recovery phrase theft, 12-word phrase theft, wallet seed theft
Last reviewed: 1 June 2026
A seed phrase (also called a mnemonic or recovery phrase) is a sequence of 12 to 24 words that encodes the master private key of a cryptocurrency wallet. Anyone who knows the seed phrase can import the wallet into any compatible application and take full control of all associated addresses and assets — no passwords or hardware are needed.
Seed phrase theft is therefore one of the most catastrophic forms of crypto fraud. Attack methods include direct social engineering (convincing users to enter their phrase on a fake 'wallet recovery' site), malware that scans clipboard and screen for word lists, fake customer support that asks for the phrase to 'verify' a wallet, and physical observation or theft of written-down phrases.
Defences start with understanding that no legitimate service will ever ask for a seed phrase — it is purely a backup tool for the wallet holder. Hardware wallets keep the phrase offline and never expose it to internet-connected devices. Phrases should be stored physically (etched metal is more durable than paper) in a secure location, never photographed or typed into any online form.
Examples
- A victim receives a direct message from a fake wallet support account on social media asking them to enter their seed phrase on a linked site to 'resolve a sync issue'.
- Infostealer malware monitors the clipboard for 12-to-24 word sequences and exfiltrates any seed phrase copied during wallet setup.