Seed Phrase & Wallet Drainer Scams
๐ 10 min read
Quick Answer
The promise of self-custody is simple and powerful: hold your own keys and no exchange can freeze or lose your coins. But it relocates the risk rather than removing it. The bank vault is gone; in its place is a twelve-or-twenty-four-word phrase, and a whole industry of scammers exists to trick you into revealing it or signing it away. Most self-custody losses are not sophisticated hacks. They are people, smart people, being socially engineered into handing over the one secret that controls everything.
โ ๏ธ The key that is the house
Your seed phrase is not like a password you can reset. It is more like the deed, the keys, and the spare keys to your house all fused into one slip of paper, that also works from anywhere on earth. Anyone who reads it owns the house instantly and silently. Scammers do not pick the lock; they convince you to read the deed aloud, or to sign a document that quietly transfers ownership while you think you are doing something else.
The one rule that prevents most losses
Everything starts here: your seed phrase (recovery phrase) should never be typed into any website, app, chat, form, or "support" tool, and never photographed, emailed, or stored in the cloud. No legitimate wallet, exchange, or support agent will ever ask for it, ever, for any reason. It exists only to restore your wallet on a device you control. If anything or anyone asks you to enter or share it, that is the scam, full stop. Internalize this single rule and you defeat the majority of self-custody theft.
Fake wallet support and seed-phrase phishing
The classic attack: you post a problem in a forum, Discord, or app store review, and a "support agent" messages you, helpful, official-looking, urgent. They walk you to a fake "wallet validation" or "sync" page that asks for your recovery phrase, or they just ask directly. Others run fake wallet apps and browser extensions that capture the phrase on setup, or phishing sites impersonating MetaMask, Ledger, Trust Wallet and others. The moment your phrase touches their screen, your wallet is emptied, often within seconds, automatically.
Wallet drainers and malicious approvals
The subtler threat does not need your seed phrase at all. Connect your wallet to a malicious site, fake airdrop, fake mint, fake DeFi app, and approve a transaction that looks routine but actually grants the attacker permission to move your tokens. "Wallet drainer" kits make this a turnkey crime. You did not reveal your key; you signed away access. This is why you must read what you sign: an approval for "unlimited" spending of a token, or a strange signature request, is how drained wallets are drained. When in doubt, reject.
Address poisoning and clipboard malware
Two more quiet ones. Address poisoning: the attacker sends you a tiny transaction from an address that looks almost identical to one you use, hoping you copy it from your history for your next transfer and send funds to them. Clipboard malware silently swaps a crypto address you copy for the attacker's. The defense for both is the same discipline: never trust a copied address blindly, verify the first and last several characters every time, and send a tiny test amount first for large transfers.
The self-custody safety stack
Put it together into habits. Use a hardware wallet for meaningful amounts so signing happens on a device malware cannot reach. Buy hardware only from the manufacturer, never second-hand. Write your seed phrase on paper or metal, store it offline, and never digitize it. Verify every receiving address character by character. Read every transaction and approval before signing, and periodically revoke old token approvals. Bookmark official wallet sites instead of searching for them. Self-custody is safe, but it makes you the security, and these habits are the job.
๐ Key takeaway
Self-custody moves risk from the exchange to your seed phrase, and scammers specialize in stealing it. The unbreakable rule: never type or share your recovery phrase anywhere, no legitimate service ever asks for it. Beyond phishing, wallet drainers steal via malicious transaction approvals (read what you sign; reject unlimited approvals), while address poisoning and clipboard malware swap addresses (verify every character, send test amounts). The safety stack: hardware wallet bought direct, offline seed storage, careful signing, revoked approvals, bookmarked official sites.
Why this matters for you
As self-custody adoption rises across Asia, driven by exchange distrust after collapses and by users escaping capital controls, seed-phrase and drainer scams follow the growth. Teaching the never-share-your-phrase rule and safe-signing habits protects the fast-growing population of Asian self-custodians from the most common and total form of crypto loss.
Frequently asked questions
Will a wallet or exchange ever ask for my seed phrase?โผ
Never. No legitimate wallet, exchange, or support agent will ever ask for your recovery phrase, for any reason. It exists only to restore your wallet on your own device. Any request to enter or share it, by a person, website, app, or "support" tool, is always a scam. This single rule prevents most self-custody theft.
How can my wallet be drained if I never shared my seed phrase?โผ
Through malicious transaction approvals. When you connect your wallet to a scam site (fake airdrop, mint, or DeFi app) and sign what looks like a routine transaction, you can be granting permission to move your tokens, a "wallet drainer." You did not reveal your key; you signed away access. Always read what you sign, reject unlimited approvals, and periodically revoke old ones.
What is the safest way to hold crypto in self-custody?โผ
Use a hardware wallet bought directly from the manufacturer for meaningful amounts, so signing happens on a device malware cannot reach. Store your seed phrase offline on paper or metal, never digitized. Verify receiving addresses character by character, read every transaction before signing, revoke old token approvals, and bookmark official wallet sites rather than searching for them.
Keep reading
Related topics across the hub
๐ Sources & further reading
Authoritative references and primary sources used in this guide.