Seed Phrase Phishing
Scammers use fake support, fake wallets, or alarming prompts to trick you into revealing your wallet's recovery phrase.
Last reviewed: 1 June 2026
What this scam is
Seed phrase phishing is a category of crypto scam focused on obtaining the recovery phrase — also called a seed phrase, mnemonic phrase, or secret recovery phrase — that is the master key to a cryptocurrency wallet. Anyone who knows your seed phrase has complete, irrevocable control over your wallet and every asset it contains, on every blockchain it covers.
A seed phrase is typically twelve or twenty-four common English words, generated by your wallet when you first create it and never stored anywhere by the wallet provider. It is the only way to restore your wallet on a new device. Because of this, there is never a legitimate reason for any third party — support agent, platform, protocol, or service — to ask for it.
Despite this, seed phrase phishing remains one of the most effective and common forms of crypto theft because it requires no technical exploitation. Obtaining the seed phrase means the entire wallet can be imported to the attacker's own device in seconds, and all assets transferred before the victim is even aware.
Phishing for seed phrases happens through several vectors: fake wallet support, fake wallet software, fake recovery prompts in wallet interfaces that have been compromised or cloned, and social engineering via direct message from someone presenting as a helpful community member or support agent.
How it works
The most common delivery method is fake support. A person posts in a Discord server, Telegram group, Reddit thread, or social media platform about a wallet issue. Within minutes, they receive direct messages from accounts presenting as customer support for the wallet brand. These accounts may have similar names and profile images to the real support accounts.
The fake support agent walks the victim through a 'troubleshooting' process that culminates in asking for the seed phrase — framed as necessary to 'verify' the wallet, 'restore' access, or 'sync' with the platform. In some variants, a link is provided to a fake 'wallet recovery' portal where the victim is asked to enter their phrase directly into a web form.
Another common vector is fake wallet applications. These are malicious apps — distributed outside official app stores or via social media — that mimic a real wallet interface. When you enter your seed phrase to 'import' your wallet, the phrase is transmitted to the attacker.
Some attacks arrive through browser extensions. A fake wallet extension (or a legitimate extension that has been compromised in an update) harvests the seed phrase during wallet creation or import.
Once the phrase is obtained, the attacker imports the wallet on their own device and immediately sweeps all assets. The entire process takes seconds.
Why this scam works
The attack succeeds because seed phrases feel like account passwords — something you might share with support if you are having trouble. Most users understand that passwords should be private, but the connection between the seed phrase and absolute, irrevocable access to all funds may not be fully internalised.
Fake support agents are deployed specifically in moments of vulnerability. Someone posting about a wallet problem is in a stressed, problem-solving mindset — they want help and are receptive to it. The attacker arrives in that moment of receptivity.
The request is framed as part of a helpful process, not as a demand for something sensitive. This framing makes it feel collaborative rather than threatening.
A typical pattern
A person posts in a crypto community forum about not being able to access their wallet after a device change. Within minutes they receive two direct messages from accounts with names resembling the wallet brand's support team. One account provides a link to a 'wallet recovery tool' and asks them to enter their seed phrase to restore access. They enter it. Within seconds, their wallet is emptied across all tokens. The support accounts are fake; the wallet provider's real support operates only through official channels and never asks for seed phrases.
Common red flags
- Any request for your seed phrase from any person or platform
- DM from a 'support' account immediately after posting about a wallet issue
- Link to a 'wallet recovery' or 'wallet sync' website asking for your phrase
- Wallet app installed from a link rather than from the official app store
- Browser extension asking for your seed phrase
- Support contact that initiated contact with you rather than you contacting them
- Urgency — 'your wallet will be lost if you don't verify immediately'
- Request to enter your seed phrase into any web form or text field
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Hi, I'm from [wallet brand] support. I can help you recover your wallet — please visit [fake link] and enter your recovery phrase.
To verify and restore your wallet, please share your 12-word recovery phrase in this secure form: [fake link]
Your wallet has been flagged for unusual activity. Verify your seed phrase to prevent suspension: [fake link]
I had the same problem last week. Download this recovery tool: [fake link]. Enter your phrase to re-sync.
Our support team needs your secret recovery phrase to diagnose the issue. This is kept fully confidential.
Wallet migration required. Enter your 24-word phrase at [fake link] to complete the upgrade.
Common variations
- Fake support DM — attacker DMs after you post about a wallet problem
- Fake recovery portal — website mimicking a wallet provider requests the phrase
- Malicious wallet app — fake wallet harvests phrase on import
- Compromised browser extension — legitimate extension updated to steal phrases
- In-wallet phishing — malicious website displays a fake wallet connection prompt requesting phrase
- Social engineering via friendship — online contact builds trust then requests phrase 'for a technical reason'
How to verify before you act
The single most important rule in crypto security: no legitimate wallet provider, support agent, DeFi protocol, NFT platform, or any other crypto service will ever ask for your seed phrase. There is no legitimate reason for any external party to need it. Treat every request for your seed phrase as an attack, regardless of how it is framed.
Wallet support for legitimate providers is accessed only through their official website or official app, not via inbound DMs. If you post about a wallet issue publicly and receive DMs offering help, treat them all as fraudulent.
Install wallet applications only from the official provider's website or the official app store listing, accessed by searching yourself — not via a link sent in a message.
Your seed phrase should be written down on paper and stored securely offline. It should never be typed into any website, application, or message.
Payment methods used
- No payment — theft via wallet import using the seed phrase
Who is usually targeted
- Crypto users experiencing wallet access issues
- New crypto users unfamiliar with seed phrase security
- Anyone who posts publicly about a wallet problem
What to do immediately
- If you have shared your seed phrase, move all assets to a brand-new wallet immediately — generate a fresh phrase and transfer everything before the attacker does
- Do not send funds to the compromised wallet once it has been exposed
- Document all communications with the fake support account, including usernames and any links provided
- Report the fake support accounts to the platform and to the real wallet provider
- Report to your national fraud authority with all available evidence
- If assets have already been moved by the attacker, document all transaction hashes for reporting
- Do not engage with any recovery service offering to retrieve stolen funds — this is a third party that may also be fraudulent
How to prevent it
- Memorise this: no legitimate service will ever ask for your seed phrase
- Never type your seed phrase into any website, app, or message — ever
- Store your seed phrase only on paper, offline, in a secure location
- Treat every inbound DM offering support after you post about a wallet issue as fake
- Install wallet apps only from the official provider's website or app store
- Contact wallet support only through the official website — not via inbound contacts
- Never post about wallet issues in public communities if you want to avoid targeted attacks
- Use a hardware wallet, which stores the seed phrase in an offline chip and never exposes it
Evidence to preserve
- Screenshots of all communications with the fake support account
- Username and profile of the fake support account
- Any links provided (the URL of fake recovery sites)
- Transaction hashes if funds were stolen
- The platform or channel where you were contacted
- Your original post that triggered the contact
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Would legitimate wallet support ever ask for my seed phrase?
Never. No legitimate wallet provider, exchange, protocol, or support team has any reason to request your seed phrase. It is the master key to your wallet and is known only to you. Any request for it is always a scam.
I shared my seed phrase — what do I do right now?
Act immediately. Create a brand new wallet with a freshly generated seed phrase. Transfer all assets from the compromised wallet to the new one as fast as possible. Do not use the compromised wallet again.
Can I recover funds stolen via a leaked seed phrase?
Blockchain transactions are irreversible. Once an attacker has imported your wallet and transferred your assets, those funds cannot be recovered. Do not pay any recovery service — this is a known second scam.
Where should I store my seed phrase?
Write it on paper and store it in a physically secure location — or multiple locations if you are concerned about physical loss. Never store it digitally: not in a text file, cloud note, photo, or password manager. Never share it with anyone.
Is it safe to import my wallet on a new device?
Yes — if you are using the official wallet application from the official source. You will need to enter your seed phrase to import, but this is on your own device in a verified app. The phrase is never transmitted to the wallet provider.
What if a DM is from someone I know in the crypto community?
The account may be compromised, cloned, or impersonated. If someone you know contacts you unexpectedly about wallet recovery or asks for your seed phrase, verify through a separate channel (video call, phone) before doing anything.
Are hardware wallets safer?
Yes. A hardware wallet stores your seed phrase in an offline secure chip and requires physical confirmation for transactions. You still need to protect the seed phrase written on paper — if someone obtains the physical phrase, they can restore the wallet on any device.
Is crypto irreversible even if I was defrauded?
Yes. The irreversibility of blockchain transactions is a design property, not a bug, but it also means there is no chargeback mechanism. Reporting to authorities is important for investigations but does not result in your funds being returned.