# Crypto phishing and seed phrase theft — how wallets get emptied

Phishing steals crypto by tricking you into revealing your seed phrase or approving a malicious transaction. No legitimate wallet, exchange or support agent will ever ask for your seed phrase — anyone who does is stealing from you. Type addresses yourself, verify before signing, and store recovery words offline only.

## Key facts
- Your seed phrase is the wallet: anyone holding those words controls the crypto instantly.
- No genuine support team, wallet app or exchange ever asks for a seed phrase — ever.
- Fake 'security alerts' create urgency; real custodians do not rush you into revealing secrets.
- Malicious sites imitate wallet apps and airdrop pages to capture phrases or wallet approvals.
- Signing a transaction you do not understand can grant a contract permission to drain tokens.
- Store recovery words on paper or metal offline — never in photos, cloud notes or email drafts.

## What attackers actually want

Two things empty wallets: the seed phrase itself, or your approval signature. Phishing for the phrase uses fake wallet-restore pages, fake support chats and 'validation' forms. Approval attacks are subtler — a site asks you to sign something that quietly grants its smart contract permission to move your tokens. Both rely on you acting quickly on a page you did not navigate to yourself.
## The common lures

A message that your wallet 'needs migration' or your account 'will be suspended'. A support agent in a Telegram or Discord group who direct-messages first and offers to fix your problem via a 'sync' page. An airdrop claiming free tokens if you connect and approve. A Google or social ad for a wallet site one letter off the real address. Each ends at a page asking for recovery words or an unlimited token approval.
## Habits that defeat phishing

Never type or photograph your seed phrase except when restoring a wallet you initiated yourself, on a device you trust. Bookmark your exchange and wallet sites and use only the bookmarks. Treat anyone who direct-messages you first about crypto support as a scammer — real support does not open with a DM. Read what you are signing; if a signature request mentions approvals you do not understand, reject it. For meaningful holdings, use a hardware wallet so signing happens on a separate device.
## If your phrase or approval leaked

Assume total compromise and act in minutes, not hours. Move remaining funds to a brand-new wallet with a freshly generated phrase — not one the attacker may have seen. Revoke token approvals using a reputable revocation tool if an approval was signed. Then report to Action Fraud with transaction IDs. Funds already moved are rarely recoverable, so speed on what remains is the priority.

## FAQs
### My exchange emailed asking me to verify my account. Is that phishing?

Treat it as suspect. Do not click the link — log in by typing the address or using your bookmark. Genuine account notices appear inside your account; phishing emails depend on their link being the only door you use.
### Is it safe to keep my seed phrase in a password manager?

It is better than a plain note but still an online copy that goes wherever that account goes. For long-term holdings the standard is offline storage — written or stamped, kept somewhere secure, with no digital copy at all.
### What is an approval or allowance attack?

When you sign a transaction giving a smart contract permission to spend your tokens. Malicious sites request unlimited allowances, then drain the token later. Review and revoke allowances periodically.

## Sources

- [Action Fraud — report fraud and cybercrime](https://www.actionfraud.police.uk/)
- [FCA ScamSmart](https://www.fca.org.uk/scamsmart)

---

— Digital Assets UK (https://digital-assets.co.uk/scams/phishing-seed-phrase-theft/), reviewed 2026-07-17. Source: https://www.actionfraud.police.uk/
