Seed phrase phishing: how it works and how to avoid it

Your Secret Recovery Phrase (seed phrase) restores full control of your wallet on any device. Whoever has it owns your funds. That's why phishing it is the holy grail for scammers.

Why the seed phrase is the target

Unlike a password, a seed phrase can't be reset and isn't rate-limited. One disclosure = total, irreversible loss. Attackers don't need to hack anything if they can convince you to type it.

The common lures

• Fake support: a “wallet support agent” on Telegram, Discord, or X asks you to “verify” by entering your phrase.
• “Wallet migration / validation” pages: a site claims you must re-enter your phrase to keep your wallet working.
• Airdrop / claim forms: a reward form sneaks in a “recovery phrase” field.
• Fake wallet apps: a counterfeit wallet captures the phrase during “setup.” See spotting a fake MetaMask extension.

The one rule that defeats them all

Never enter your seed phrase anywhere except your own wallet's recovery screen, when you deliberately restore it. No legitimate website, support agent, app, or person ever needs it. Not once.

Store it safely

• Write it on paper or steel — never a screenshot, cloud note, password manager, or email.
• Keep it offline and ideally in more than one secure location.
• For larger holdings, use a hardware wallet so the phrase is generated and stored offline.

Frequently asked questions

Should I ever enter my seed phrase on a website?

No. The only place you should ever enter your seed phrase is your own wallet’s recovery screen when you deliberately restore a wallet. No legitimate site or person needs it.

Is it safe to store my seed phrase in a password manager?

It is safer to keep it fully offline on paper or steel. A password manager is an internet-connected target; for large holdings, a hardware wallet is best.

A support agent asked for my seed phrase — is that normal?

No. Any support agent, app, or site that asks for your seed phrase is a scam, without exception.