Seed phrase phishing scam

The seed phrase (also called recovery phrase or mnemonic) is the master key to a crypto wallet — 12 or 24 words that let anyone restore the wallet on any device. Whoever has the seed phrase has the funds.

Scammers know this and design countless pretexts to trick you into typing it: a "support agent" who needs to "verify your account," a "wallet sync error" popup that demands re-entry, a "wallet upgrade" with a "migration form," a "free NFT claim" that wants you to "import the receiving wallet."

The moment you type your seed phrase into anything other than your own wallet's setup screen, your funds are gone.

• Google Ad lookalike. "MetaMask Support" or "Coinbase Support" Google ad → fake support page → "to verify, enter your recovery phrase."
• Telegram DM. "I'm from MetaMask Support — saw your error post. Let me help. Please enter your 12 words at this form."
• Browser popup. "Wallet out of sync. Re-enter recovery phrase to resync." Triggered by malicious extensions or fake update notices.
• NFT airdrop claim site. "Receive 500 USDT — connect wallet and verify with recovery phrase."
• "Wallet upgrade required." Real wallets don't ask for the phrase on upgrade.

• ANYTHING asking for your 12 or 24-word recovery phrase outside your own wallet's initial setup or restore screen.
• The request comes from a support agent, popup, browser extension, or website — not the actual wallet app.
• The wallet's "recovery phrase entry" screen has a URL that isn't the wallet's real domain.
• Urgency: "your wallet will be locked if you don't sync within 30 minutes."
• "Helpful" agent who replied to your Twitter / Reddit / Discord support post within minutes of your post.
• An "airdrop" or "free token" that wants your seed phrase.

1. No legitimate party ever asks for your seed phrase. Not wallet support, not exchanges, not blockchain projects, not airdrops, not customer service, not friends. Treat the request itself as the scam.
2. Real wallet support never DMs you first. They respond to tickets opened on their official site.
3. The seed phrase is entered only on your own device, in your own wallet, when you're restoring access.
4. If you suspect a problem with your wallet, contact support through the wallet's official website (typed in directly, not via search ads).
5. Never type the phrase into a website, form, app, or chat. Not even a "fake one to test." Some malware exfiltrates clipboard contents.

• The wallet is compromised. Move funds immediately from a fresh wallet generated on a clean device. Don't try to "secure" the same wallet — the attacker can drain it any time.
• Generate a new seed phrase on a hardware wallet (Ledger, Trezor) or a clean fresh app install.
• Transfer everything at the earliest possible block.
• Revoke smart-contract approvals on the compromised wallet so the attacker can't drain via approved contracts.
• Report the destination address to chain-analytics services.
• Expect recovery scams to appear. Don't engage.

• Do not type your seed phrase into anything other than your own wallet's restore screen.
• Do not screenshot or photograph your seed phrase — malware looks for these.
• Do not store your seed phrase in a cloud password manager (1Password, LastPass) unless you've explicitly accepted the trade-off.
• Do not trust support agents who reach out to you — always initiate via the wallet's official site.

• FTC: reportfraud.ftc.gov — the broadest US fraud intake; reports flow to thousands of law-enforcement agencies.
• FBI IC3: ic3.gov — the right destination when the scam is internet-enabled (phishing, BEC, romance, crypto).
• CFPB: consumerfinance.gov/complaint — for complaints about banks, money transmitters, payment apps, credit cards, debt collection.
• IdentityTheft.gov — if any identity information (SSN, driver's license, account credentials) was shared.
• Your bank or payment platform. Call the number on the back of your card or use the app's in-product help. Time matters — wires can sometimes be recalled within hours; ACH and Zelle are harder but worth trying.