Search our database of flagged domains. Check if a website is a scam, phishing, or legitimate.

0
Total Tracked
0
Detected
0
Content Alive
0
Content Dead
0
VT Pending
Seed Phrase Phishing
CRITICAL THREAT

Seed Phrase Phishing: How Scammers Steal Your Recovery Phrase

Seed phrase phishing is the most devastating crypto scam — once attackers have your 12 or 24-word recovery phrase, they have permanent, irrevocable access to ALL your crypto assets across ALL chains. These sites impersonate wallet providers like 메타마스크, Ledger, and Trust Wallet, showing fake "verification" or "recovery" prompts.

18
도메인 Detected
CRITICAL
Threat Level

How This Attack Works

Unlike wallet-connect drainers that steal through smart contract approvals, seed phrase phishing captures the master key to your entire wallet — giving attackers complete and permanent control.

STEP 1
Impersonate Wallet Provider
Attackers create convincing clones of 메타마스크, Ledger 라이브, Trust Wallet, or Phantom interfaces, often with "Support" or "Verify" branding to imply urgency.
STEP 2
Create Urgency
Users are told their wallet is "at risk," "needs verification," "requires migration," or that they need to "sync" their wallet. Fear drives immediate action without careful thinking.
STEP 3
Display Fake Recovery Form
The site shows a form with 12 or 24 input fields for seed words, styled identically to the real wallet's recovery interface. Some even validate word lists to appear legitimate.
STEP 4
Instant Total Drain
The moment all words are submitted, automated bots import the seed into a wallet, scan all chains (ETH, BSC, Polygon, Solana, etc.), and sweep all assets within seconds. The loss is total and permanent.

Technical Analysis

Seed phrase phishing sites are technically simple but devastatingly effective. The frontend is a static HTML page with 12-24 text input fields. Many implement BIP-39 word list validation (checking each word against the 2,048 valid seed words) to appear authentic.

Backend: entered phrases are sent via POST to an attacker-controlled server, often forwarded to Telegram bots for instant notification. Automated drainer scripts then import the seed using ethers.js or web3.js, derive all HD wallet paths (m/44'/60'/0'/0/x for Ethereum, m/44'/501'/0'/0' for Solana, etc.), check balances across chains, and sweep everything.

The entire drain process takes 5-30 seconds from phrase submission to complete asset theft. Some sophisticated operations even front-run pending transactions if the victim tries to move funds.

Real Cases

메타마스크 Support Scam (2024)
Thousands of victims stolen
Fake 메타마스크 support sites running Google Ads for "메타마스크 help" and "메타마스크 login" keywords. Users seeking help were directed to enter their seed phrase for "wallet recovery."
Ledger Data Breach Fallout (2023-2024)
$10M+ stolen stolen
After Ledger's customer database leak, attackers sent physical mail and phishing emails to verified Ledger owners, directing them to fake "security update" sites requesting seed phrases.
Trust Wallet Migration Scam (2024)
Ongoing stolen
Fake Trust Wallet "migration" sites claiming users must re-enter their seed phrase to migrate to a "new version." Promoted via fake app store reviews and Telegram groups.

How to Detect

ANY website asking for your seed phrase — no legitimate service will EVER request this
Fake "wallet verification," "security check," or "account sync" prompts
Input form with 12 or 24 empty fields for words — this is ALWAYS a scam outside of initial wallet setup
Urgency messaging: "Your wallet will be locked," "Funds at risk," "Verify within 24 hours"
URLs mimicking wallet providers: metamask-support.com, ledger-verify.io, trustwallet-sync.app

How to Protect Yourself

1 NEVER enter your seed phrase on any website — the ONLY time you type it is during initial wallet recovery in the official app
2 Store your seed phrase offline (paper, metal plate) — never in photos, notes apps, or cloud storage
3 Official wallet apps will never ask for your seed phrase through a website
4 If someone asks for your seed phrase for any reason (support, verification, airdrop) — it is 100% a scam
5 하드웨어 지갑을 사용하세요 where the seed phrase is entered only on the physical device

Frequently Asked Questions

What is seed phrase phishing?
Seed phrase phishing tricks users into typing their 12 or 24-word wallet recovery phrase into a fake website. This gives attackers complete, permanent access to the victim's wallet and all assets on all blockchains. Unlike wallet-connect scams, seed phrase theft cannot be reversed by revoking approvals.
Should I ever enter my seed phrase on a website?
NO. Absolutely never. Your seed phrase should only ever be entered in the official wallet application (메타마스크 extension, Ledger 라이브 desktop app, etc.) during initial wallet recovery. No website, support agent, or airdrop will ever legitimately need your seed phrase.
What happens if someone has my seed phrase?
They have complete, irrevocable control over your wallet. They can drain all tokens on all chains instantly. You must immediately create a NEW wallet (with a new seed phrase) and transfer any remaining assets there. The compromised wallet is permanently unsafe.
How are seed phrase scams promoted?
Through Google/Bing ads targeting "메타마스크 help" keywords, fake customer support accounts on Twitter/Discord, phishing emails after data breaches (like the Ledger leak), Telegram DMs, and fake app store listings.
Data sourced from PhishDestroy threat intelligence database — 18 domains tracked for this threat type
Seed Phrase Phishing 18 domains
스크린샷 of phantomsecure.net
phantomsecure.net
17 VTUnknownphantom
스크린샷 of phantomsecure.net
phantomsecure.net
스크린샷 of seedphrasefinder.xyz
seedphrasefinder.xyz
17 VTUnknown
스크린샷 of seedphrasefinder.xyz
seedphrasefinder.xyz
스크린샷 of metamask.io-backupdevice.com
metamask.io-backupdevice.com
16 VTUnknown메타마스크
스크린샷 of metamask.io-backupdevice.com
metamask.io-backupdevice.com
스크린샷 of ledgr-comstart-eu.pages.dev
ledgr-comstart-eu.pages.dev
11 VT라이브Ledger
스크린샷 of ledgr-comstart-eu.pages.dev
ledgr-comstart-eu.pages.dev
스크린샷 of phantom-wallet-support.blogspot.com
phantom-wallet-support.blogspot.com
11 VTUnknownPhantom
스크린샷 of phantom-wallet-support.blogspot.com
phantom-wallet-support.blogspot.com
스크린샷 of getting-started-ledgr-easily.pages.dev
getting-started-ledgr-easily.pages.dev
10 VT라이브Ledger
스크린샷 of getting-started-ledgr-easily.pages.dev
getting-started-ledgr-easily.pages.dev
스크린샷 of ledgrre-com.pages.dev
ledgrre-com.pages.dev
7 VT라이브Ledger
스크린샷 of ledgrre-com.pages.dev
ledgrre-com.pages.dev
스크린샷 of mmwalletsecurity.gt.tc
mmwalletsecurity.gt.tc
7 VTUnknown메타마스크
스크린샷 of mmwalletsecurity.gt.tc
mmwalletsecurity.gt.tc
스크린샷 of recoveryassaetmgmt.icu
recoveryassaetmgmt.icu
7 VTUnknown
스크린샷 of recoveryassaetmgmt.icu
recoveryassaetmgmt.icu
스크린샷 of phanthom.net
phanthom.net
6 VT라이브Phantom
스크린샷 of phanthom.net
phanthom.net
스크린샷 of satoshi-savers.com
satoshi-savers.com
6 VT라이브Google
스크린샷 of satoshi-savers.com
satoshi-savers.com
스크린샷 of ledger-hardware-wallet-recovery.com
ledger-hardware-wallet-recovery.com
5 VTUnknownLedger
스크린샷 of ledger-hardware-wallet-recovery.com
ledger-hardware-wallet-recovery.com
recoverseeddphrase.wixstudio.com
5 VTUnknown
스크린샷 of cold-wallet.org
cold-wallet.org
1 VT라이브Ethereum
스크린샷 of cold-wallet.org
cold-wallet.org
스크린샷 of ismyseedphrasesafe.com
ismyseedphrasesafe.com
1 VTUnknownLedger
스크린샷 of ismyseedphrasesafe.com
ismyseedphrasesafe.com
스크린샷 of seedphrasedrainer.pages.dev
seedphrasedrainer.pages.dev
라이브wallet_draineracross
스크린샷 of seedphrasedrainer.pages.dev
seedphrasedrainer.pages.dev
www.cryptorecoveryagent.com
Unknown
스크린샷 of xellox-website.pages.dev
xellox-website.pages.dev
라이브Bitcoin
스크린샷 of xellox-website.pages.dev
xellox-website.pages.dev

Other Scam Types

AML Scam 1,936 Seed Phrase Theft 18 Airdrop Scam 8,047 Investment Scam 266