Seed Phrase Phishing Targeting Bitcoin Wallets
Scammers create fake Bitcoin wallet restore portals and support sites to harvest the seed phrases of BTC holders, gaining instant access to their entire wallet balance.
Part of: Seed Phrase Phishing
Last reviewed: 1 June 2026
Bitcoin holders who use software wallets are targeted by seed phrase phishing campaigns that mimic the recovery screens of popular wallets such as Electrum, BlueWallet, and others. Entering a seed phrase on a fake restore page hands the attacker complete, irreversible control of the wallet and all its Bitcoin.
Phishing sites targeting Bitcoin wallets appear in paid search results, are distributed through compromised social media accounts, and arrive via email campaigns impersonating wallet providers announcing security upgrades.
How this scam works on Bitcoin
A victim searches for their Bitcoin wallet app after reinstalling it following a device reset. A paid search ad takes them to a convincing fake restore page that accepts their seed phrase. The wallet is emptied within seconds of submission.
Email campaigns announce a 'critical security update' requiring wallet owners to verify their seed phrase through a linked portal before a specified deadline, after which the wallet will supposedly be frozen.
Fake hardware wallet setup instructions distributed on counterfeit product packaging or via parcel-stuffed QR codes direct new hardware wallet buyers to enter their seed phrase on an attacker-controlled website during setup.
Common red flags
- Any website asking you to enter your Bitcoin wallet seed phrase
- Wallet restore portal reached via a search engine ad rather than your existing browser bookmark
- Email from a wallet provider asking you to verify your seed phrase
- Hardware wallet setup guide from a QR code rather than the manufacturer's official documentation
- Page was reached by clicking a link in a social media post or DM
- URL does not exactly match the wallet provider's official domain
How to protect yourself
- Bookmark your wallet provider's official website and use only that bookmark — never search and click
- Never enter your seed phrase on any website or in any application that is not your actual hardware wallet device
- Download wallet software only from the provider's official GitHub releases or verified app store listing
- Check the URL character by character before entering any sensitive information
- Purchase hardware wallets only directly from the manufacturer — not from third-party marketplaces
- Set up a hardware wallet offline and generate the seed phrase on the device itself, never online
How to report it
- Report the phishing URL to the wallet provider's security team and to your browser's phishing report mechanism
- Submit the URL to cybersecurity threat intelligence platforms to warn other users
- File a cybercrime report with your national authority including the transaction hash of any stolen BTC
Frequently asked questions
Can I create a new wallet with the same seed phrase to get my Bitcoin back?
No. Once the attacker has your seed phrase they can access the same wallet simultaneously and sweep any new incoming transactions. You must create a completely new wallet with a new seed phrase and move your remaining assets there immediately.