Domain Security Reports

Search our database of flagged domains. Check if a website is a scam, phishing, or legitimate.

Total Tracked

CRITICAL THREAT

Seed Phrase Phishing: How Scammers Steal Your Recovery Phrase

Seed phrase phishing is the most devastating crypto scam — once attackers have your 12 or 24-word recovery phrase, they have permanent, irrevocable access to ALL your crypto assets across ALL chains. These sites impersonate wallet providers like MetaMask, Ledger, and Trust Wallet, showing fake "verification" or "recovery" prompts.

Domains Detected

CRITICAL

Threat Level

How This Attack Works

Unlike wallet-connect drainers that steal through smart contract approvals, seed phrase phishing captures the master key to your entire wallet — giving attackers complete and permanent control.

STEP 1

Impersonate Wallet Provider

Attackers create convincing clones of MetaMask, Ledger Live, Trust Wallet, or Phantom interfaces, often with "Support" or "Verify" branding to imply urgency.

STEP 2

Create Urgency

Users are told their wallet is "at risk," "needs verification," "requires migration," or that they need to "sync" their wallet. Fear drives immediate action without careful thinking.

STEP 3

Display Fake Recovery Form

The site shows a form with 12 or 24 input fields for seed words, styled identically to the real wallet's recovery interface. Some even validate word lists to appear legitimate.

STEP 4

Instant Total Drain

The moment all words are submitted, automated bots import the seed into a wallet, scan all chains (ETH, BSC, Polygon, Solana, etc.), and sweep all assets within seconds. The loss is total and permanent.

Technical Analysis

Seed phrase phishing sites are technically simple but devastatingly effective. The frontend is a static HTML page with 12-24 text input fields. Many implement BIP-39 word list validation (checking each word against the 2,048 valid seed words) to appear authentic.

Backend: entered phrases are sent via POST to an attacker-controlled server, often forwarded to Telegram bots for instant notification. Automated drainer scripts then import the seed using ethers.js or web3.js, derive all HD wallet paths (m/44'/60'/0'/0/x for Ethereum, m/44'/501'/0'/0' for Solana, etc.), check balances across chains, and sweep everything.

The entire drain process takes 5-30 seconds from phrase submission to complete asset theft. Some sophisticated operations even front-run pending transactions if the victim tries to move funds.

Real Cases

MetaMask Support Scam (2024)

Thousands of victims stolen

Fake MetaMask support sites running Google Ads for "MetaMask help" and "MetaMask login" keywords. Users seeking help were directed to enter their seed phrase for "wallet recovery."

Ledger Data Breach Fallout (2023-2024)

$10M+ stolen stolen

After Ledger's customer database leak, attackers sent physical mail and phishing emails to verified Ledger owners, directing them to fake "security update" sites requesting seed phrases.

Trust Wallet Migration Scam (2024)

Ongoing stolen

Fake Trust Wallet "migration" sites claiming users must re-enter their seed phrase to migrate to a "new version." Promoted via fake app store reviews and Telegram groups.

How to Detect

ANY website asking for your seed phrase — no legitimate service will EVER request this

Fake "wallet verification," "security check," or "account sync" prompts

Input form with 12 or 24 empty fields for words — this is ALWAYS a scam outside of initial wallet setup

Urgency messaging: "Your wallet will be locked," "Funds at risk," "Verify within 24 hours"

URLs mimicking wallet providers: metamask-support.com, ledger-verify.io, trustwallet-sync.app

How to Protect Yourself

1 NEVER enter your seed phrase on any website — the ONLY time you type it is during initial wallet recovery in the official app

2 Store your seed phrase offline (paper, metal plate) — never in photos, notes apps, or cloud storage

3 Official wallet apps will never ask for your seed phrase through a website

4 If someone asks for your seed phrase for any reason (support, verification, airdrop) — it is 100% a scam

5 Use a hardware wallet where the seed phrase is entered only on the physical device

Frequently Asked Questions

What is seed phrase phishing?

Seed phrase phishing tricks users into typing their 12 or 24-word wallet recovery phrase into a fake website. This gives attackers complete, permanent access to the victim's wallet and all assets on all blockchains. Unlike wallet-connect scams, seed phrase theft cannot be reversed by revoking approvals.

Should I ever enter my seed phrase on a website?

NO. Absolutely never. Your seed phrase should only ever be entered in the official wallet application (MetaMask extension, Ledger Live desktop app, etc.) during initial wallet recovery. No website, support agent, or airdrop will ever legitimately need your seed phrase.

What happens if someone has my seed phrase?

They have complete, irrevocable control over your wallet. They can drain all tokens on all chains instantly. You must immediately create a NEW wallet (with a new seed phrase) and transfer any remaining assets there. The compromised wallet is permanently unsafe.

How are seed phrase scams promoted?

Through Google/Bing ads targeting "MetaMask help" keywords, fake customer support accounts on Twitter/Discord, phishing emails after data breaches (like the Ledger leak), Telegram DMs, and fake app store listings.

Data sourced from PhishDestroy threat intelligence database — 10 domains tracked for this threat type

Seed Phrase Phishing 10 domains