Bitcoin Forum

Seed phrase phishing na one of the most common and most successful Bitcoin - stealing ways today.scammers no even need to hack the blockchain they just dey find your 12/24 word's. Once e reach their hand your Bitcoin don go.                                                                                                Here na practical guide to help you avoid this seed phrase theft.

1. You go try to know and get knowledge of the Golden rule.
Try to remember say No wallet, no exchange, and no update go ask you for your seed phrase so dey careful make you no full victim.

2. Scam app dey oo and scam websites dey too.
You need to be careful because fake websites and fake apps dey many, so that you no go talk say them scam you some of them when you dey see self if you click the link e go open after sometime e don log you out so just dey careful and try to verify well before any other thing.

3.Beware of fake customer care.
Alot of this scammer dey act like say then be real customer but na fake oo some self go try to convince you say then be Admin so that you go believe then just to gain your trust and get something from you in details but fake , some go even say make you send then your seed phrase make them help you renew  am to your wallet, carry for mind say no support admin needs your seed words to try to be vigilant and careful to avoid regrets.

4.Try to know say we still get Fake Airdrops & Giveaways.
 Most of this scammer go dey tell you say make you enter your seed phrase so that you go receive your reward no try do anything like that oo try to secure and protect your seed phrase very well to avoid all this as a good investor.

Most important of all you don mention na the awareness say no blockchain or network service providers go contact with to send ur seed phrase to dem, some scammers go tell u say dem dey do with software updates to enhance wallet securities and then ask u to reveal their seed phrase to dem. Just ignore such information.
Since everything we dey talk about na all about threats of loosing our funds, make we also dey aware say some scammers go want redirect you to send ur bitcoin to specific wallet claiming say e go dey safe there all the while of the so called network servicing

Other means to loose your wallet securities to scammers na through backing ur seed phrase online or device way the security don dey vulnerable to specific malicious malwares.
So e dey safer to secure ur seed phrase off line where online scammers no fit get am but be sure to counter physical threats.

The most common seed phrase phishing attack is through the email or a fake website. If you click on the website, it will take you to a page that will request you of your seed phrase. If you provide your seed phrase, your wallet will be compromised.

This method is also common to compromise your wallet through wallet connect. As long as it is bad actor, if you see connect wallet and you connect your noncustodial wallet, consider your coins will be all gone.

Protecting the seed phrase is not a difficult task. Try to keep the device where the wallet is installed away from the internet connection as much as possible and protect yourself from temptation. If you do not make any mistakes, scammers or hackers do not have the ability to steal the seed phrase, so they can force you to make mistakes by showing temptation, you need to be aware of that. Some steps can be taken to keep the seed phrase safe -

• Never enter the seed phrase on the device, limit it to a hard copy.
• Keep the device where the wallet is installed away from the internet, do not store cold storage on the device you use daily.
• Create a wallet and save a hard copy of the seed phrase and delete the wallet from the device.
• Do not enter any links and ignore tempting offers.
• Do not talk to strangers for too long, especially do not exchange any personal information.

For this era them no suppose tell anybody say your seed phrase Na only you and your trusted person for knw am but were I think say they need create more awareness Na the part of fake website wey go dey ask for seed phrase we fit Dey talk about.

Scammers go create website just to scam person, how them dey run am be say them go tell you say make you enter your seed phrase to like your wallet if you do like that them don save am for their backend.

Na this one I they always warn people about and I dey always tell people say if you go do Airdrop abeg no use the same wallet way you dey use accumulate and hold for your Bitcoin long term investment, create a new wallet make that wallet be only for airdrop, because some AirDrop go ask you to connect your wallet and as soon as you connect am you done give them access to your wallet and then fit from there withdraw all your Bitcoin way you done dey hold for long term, I done do Airdrop before and I dey always see airdrop way dey go ask me to connect my wallet, and I want una to know one thing a lot of airdrop way dey now na scam they won just fine way to use steal your Bitcoin so dey very careful so you no go fall victim.

To my knowledge we should follow these steps to avoid wallet seed phrase phishing attacks, and we should accept that sharing the passkey with anyone in any critical situation would be more pointless. Also, OP, clicking on suspicious emails, scam app, messages and links will still expose our wallet seed phrase to phishing attacks.

Never enter the seed phrase into the device, this little idea you mentioned was reasonable but limiting the pass key to just a hard copy can lead to unconcerned moments and may unknowingly put the portfolio at risk because this will definitely increase the risk of theft or loss, which could result in the OP mentioned here losing wallet funds if they act on this advice. From what I understand, it would probably be better to make multiple copies of this and using an encrypted file would suffice.

Seed Backup Tool Study this post,

• Bitcoin Seed Backup Tools (https://bitcointalk.org/index.php?topic=5263482.msg54837299#msg54837299)
• Crypto Security - Additional Protection For Your Seed/Private Keys. (https://bitcointalk.org/index.php?topic=5230920.msg53976837#msg53976837)

One of the easiest ways for scammers to steal Bitcoin is seed phrase phishing, therefore your points are useful. The key idea is simple; no real wallet, exchange, or even support team that will ever ask you for your seed phrase. False apps, false sites, false support accounts, including false giveaways all operate the same way, they trick you into typing those phrase where you don't have to. The moment you do, all the funds will vanish for good.

Caution is the best option for protection: make sure to verify links, stay away from unofficial downloads, overlook those claiming to be support, and do not enter your seed phrase anywhere unless your own wallet's recovery screen the time you decide to restore it.

Almost all are social engineering scams which are the most dangerous scams at the moment because no matter how secure a system is if they can breach or manipulate the owner they will have their way.


Passkey is different here, the right term is seed phrase or maybe private key but I think this is much difficult to write since there is a tendency of missing characters.

By the way, storing it offline is still a safe means there are vault to store this, even against fire and water hazards. It's not like the encryption methods isn't flawed, with time they would likely be able to computationally break ot or even find a flaw. Encryption is not forever, we just need to be careful who will share our information with and stay updated.

Scammers no fit hack the Blockchain bro, every transaction already added there don dey verified by the nodes and e no dey possible to alter am, same reason Bitcoin transaction dey irreversible.

When you wan download wallet, always go their official site and make sure say you verify em digital signatures if e get to make sure say na the original one you download

This na why dem talk say, Don't trust, verify. Any information you get maybe from the providers of your hardware wallet, try reach dem official site take verify if dat info na legit, no take action from your email, ignore the action buttons and even if de info na legit, take action from dem official site or verified app.

Why do you feel so? Not everyone into crypto even understands the basic things that protect their wallets.

If you enter Twitter now and ask some web3 boys about one of the safest software wallets, dem go tell you say na Trust wallet, many of them no dy send about the hardware wallet and the software wey dem know no pass Trust wallet and you think people don't need to know about these informations. We need to educate people so that whenever people search about wallet, seed phrase and other related securities about wallet and address, them go redirect them to some of this pages.

As simple as it sounds, na everyday them dy hack wallet address of people even some institutional investors dey alwsyd dy affected of this wallet and seed phrase. The other day I check Lookonchain, dem announce say person lost entire coin due to wallet exposure and everything in the wallet was taken away, na some of the things we dy discussed for here wey you think no dy relevant they happen so.

This na where hardware wallet sure pass because na cold storage and e get Secured Element chips wey make am dey difficult for anyone to easily get access to your seed phrase. The seed phrase always dey offline making it difficult for online attack. However, that one no mean say scammers no go still send you fake email say na from your wallet company in order for you to give them access to compromise your wallet.

Wettin u talk mak sense well well, nd I dey ur back hundred percent.
But I go lyk 2 add some sand to d root of ur tree, so dat e go bi more stronger. 2 avoid seed phrase Phishing Attacks.

** Make u enable two factor authentication on any exchange or wallet wey u dey use, so dat u go know wen people dey try to login into your account.

** Make u dey verify d Url every time.

** Make u keep ur backup 4 a secure offline location, e no dey advisable 2 dey keep a digital copy 4 ur phone.

Once you sabi say you no suppose enter your seed phrase anywhere online, you no go fit fall for phishing attacks. Wetin this scammers dey do na to put fear in their victims. Them go send you email say make you perform a security update or that your funds dey at risk, so make you click the link wey dem go provide, so you go protect your assets. Dem know say that one go make the person wan act quickly, even without thinking. Ignore random emails and do not click on random links, it is very easy to avoid falling victim to scammers.

In order to avoid seed phrase phishing scams, one must first understand that it centres around the principle of never saving them on your digital device/keeping digital copies on your device, never ever sharing your phrase with anyone, mostly anyone who claim to be a support customer assistance and ensure strict adherence to physical security measures that may involve a broader scope on physical and digital security.

It is wise to never use paper or fire loving materials to store key phrases but the use of metal plates, stainless steel or titanium would be great and the use of secure locations that are fireproof, bank deposit box would do too to stay far from phishing attacks.

The use of hardware wallets is never underrated like Trezor or ledger would be better than leaving fund on a hot wallet for even the shortest time.

Also, when using a passphrase you can add a 25th word and store them in separate locations.
The most important is knowing how to spot these phishing techniques that is being used by watching out for the URLs, grammar, use of tenses and spelling errors and files that come with .exe for execution and installation of malwares or keyloggers to steal your data.

This might not sound like much but many have fall victim through one of these ways so it's very important to always know this. Your seed phrase are exclusive to you alone and no one has the right to request this. Most beginners are not aware of this that why they are the easiest to target with such formats. Whenever someone asks you for your seed phrase or private key it should be a red flag of scam, they are only trying to get access to your wallet and steal your funds no matter how they contact you, be it as a customer support, a stranger or an online site asking for your seed phrase don't ever trust them and reveal your phrase.

This is a very tricky one, there are a lot of fake website where scammers try to impersonate legit website so they can easily target their victims who click on their sites. The best thing to do is be careful with the kinds of links we click, we should always double check and confirm the link you are clicking on and most importantly avoid any messages that offer giveaway or something unrealistic they are mostly fake just trying to lure you to click on them.

You know what is our general problem as human being is greed, greed has over clouded our sense of reasoning and has make it easier for scammers to penitrate  us in recent time. You we see someone with an investments worth millions of naira but that little give away that worth peanuts or the air drop that it safety is never garruantee is where our whole interest lies forgetting it could be a strategy for the scammers to get access to our asset. It is right time we understand that their is nothing actually free in free town rather a strategy or technics applied in getting you fall for their cheap scam and until we know all these we will continue to be a victim to it.

Yes, the reason why most people dey mostly fall inside all these scammers trap na mostly due to ignorance, you know wetin our people talk, say wetin person no know na e pass am, and na this ignorance be the major tool these scammers dey mostly use to enter people, and them dey mostly enter elderly people because them know say young people them sabi what’s up. Na this be why e dey good to always equip yourself with as much knowledge as you fit, so that even if them come with any kind of lie to deceive you into releasing your funds or compromising the safety of your funds, you go just catch them without even stressing yourself. Because when you get the knowledge, e go even hard for you to entertain them, let alone to hear wetin them wan tell you, because na when you give them listening ear first wey them go fit enter you.

Aside from this list or point wey you don make OP, make i also remind us say  e get some app wey you think say dey function as normal for wetin dem design am for but in reality, these apps na spy apps wey you just download put for phone maybe through advert or recommendation. All that stuff na big lie. The funny thing be say the app go want you to authorise or grant am access to your pictures and lots more. The moment you do that, them don mirror your phone for you. No dey surprise say dem go dey see your keys anytime you open am for your app, and most times people dey lose their assets na this format dem dey use collect dem rapid don't tell anybody.  So na to dey careful the kind app you dey download dey grant access as well.

Another thing wey we go dey try to dey avoid na to dey give people our phone to hold, any phone wey get your wallet inside no need to dey enter people hand anyhow, safeguard like egg because nobody can be trusted these days. You had better avoid moving about with it, or you hold it to yourself for your own safety. Such a phone should not be a public affair, as it contains your assets. Except you are just being too careless about it.

Your points are clear and on point as well, in one word, we fit say once person don create him wallet, make he no ever enter him seed phrase anywhere again except him won import that wallet to another wallet app, which on top something like this, he or she must still be very careful and ensure say the new wallet app wey him download na the real deal..

Personally, wetin me I dey do be say, if e get any new wallet wey I decide say I won try, I dey download am, but I no dey import my old wallet go there, I go simply create new wallet which mean say I go generate new seed phrase, I go begin use that new wallet app as a fresh wallet, if I don use the app for sometime and I don get full trust say the wallet dey legit, then I fit import my previous wallet account come the new app just to keep my funds in one place and reduce the number of wallet apps on my device.

Don't click on random links sent to your emails, and never blindly fill out your security information in any form online, also avoid connecting your wallet to any smart contracts and if you are engaging in any activity that involves you connecting your non-custodial wallet to a smart contracts, make sure the wallet is a throw away wallet created for that purpose.