Editorial mirrorBrand mentions redacted to public IDs. Hover to inspect. Everything else is theatre.How it works
THE ENABLERS REGISTRYRegistrar accountability archive
Archive LiveRead-only public record · No ads · No tracking
Case file folder with redacted documents and confidential investigation report.
CASE / KO / DOMAIN

시드 문구 피싱 Scam — Recovery Phrase Theft Sites

The Enablers Registry·Editorial mirror·/ko/domain/

Public record copy. Brand names withheld, public accreditation numbers preserved. If the body below says “we”, that means the original publisher, not this mirror. TER only preserves, redacts, and re-contextualizes.

시드 문구 피싱
CRITICAL THREAT

시드 문구 피싱: How Scammers Steal Your Recovery Phrase

Seed phrase possibly phishing is the most devastating crypto scam — once attackers have your 12 or 24-word recovery phrase, they have permanent, irrevocable access to ALL your crypto assets across ALL chains. These sites impersonate wallet providers like 메타마스크, [REDACTED], and [REDACTED], showing fake "verification" or "recovery" prompts.

30
Domains Detected
CRITICAL
Threat Level

How This Attack Works

Unlike wallet-connect drainers that steal through smart contract approvals, seed phrase possibly phishing captures the master key to your entire wallet — giving attackers complete and permanent control.

STEP 1
Impersonate Wallet Provider
Attackers create convincing clones of 메타마스크, [REDACTED] 라이브, [REDACTED], or [REDACTED] interfaces, often with "Support" or "Verify" branding to imply urgency.
STEP 2
Create Urgency
Users are told their wallet is "at risk," "needs verification," "requires migration," or that they need to "sync" their wallet. Fear drives immediate action without careful thinking.
STEP 3
Display Fake Recovery Form
The site shows a form with 12 or 24 input fields for seed words, styled identically to the real wallet's recovery interface. Some even validate word lists to appear legitimate.
STEP 4
Instant Total Drain
The moment all words are submitted, automated bots import the seed into a wallet, scan all chains (ETH, BSC, Polygon, Solana, etc.), and sweep all assets within seconds. The loss is total and permanent.

Technical Analysis

Seed phrase possibly phishing sites are technically simple but devastatingly effective. The frontend is a static HTML page with 12-24 text input fields. Many implement BIP-39 word list validation (checking each word against the 2,048 valid seed words) to appear authentic.

Backend: entered phrases are sent via POST to an attacker-controlled server, often forwarded to [REDACTED] bots for instant notification. Automated drainer scripts then import the seed using ethers.js or web3.js, derive all HD wallet paths (m/44'/60'/0'/0/x for Ethereum, m/44'/501'/0'/0' for Solana, etc.), check balances across chains, and sweep everything.

The entire drain process takes 5-30 seconds from phrase submission to complete asset theft. Some sophisticated operations even front-run pending transactions if the victim tries to move funds.

Real Cases

메타마스크 Support Scam (2024)
Thousands of victims stolen
Fake 메타마스크 support sites running Google Ads for "메타마스크 help" and "메타마스크 login" keywords. Users seeking help were directed to enter their seed phrase for "wallet recovery."
[REDACTED] Data Breach Fallout (2023-2024)
$10M+ stolen stolen
After [REDACTED]'s customer database leak, attackers sent physical mail and possibly phishing emails to verified [REDACTED] owners, directing them to fake "security update" sites requesting seed phrases.
[REDACTED] Migration Scam (2024)
Ongoing stolen
Fake [REDACTED] "migration" sites claiming users must re-enter their seed phrase to migrate to a "new version." Promoted via fake app store reviews and [REDACTED] groups.

How to Detect

ANY website asking for your seed phrase — no legitimate service will EVER request this
Fake "wallet verification," "security check," or "account sync" prompts
Input form with 12 or 24 empty fields for words — this is ALWAYS a scam outside of initial wallet setup
Urgency messaging: "Your wallet will be locked," "Funds at risk," "Verify within 24 hours"
URLs mimicking wallet providers: [REDACTED]-support.com, [REDACTED]-verify.io, [REDACTED]-sync.app

How to Protect Yourself

1 NEVER enter your seed phrase on any website — the ONLY time you type it is during initial wallet recovery in the official app
2 Store your seed phrase offline (paper, metal plate) — never in photos, notes apps, or cloud storage
3 Official wallet apps will never ask for your seed phrase through a website
4 If someone asks for your seed phrase for any reason (support, verification, airdrop) — it is 100% a scam
5 하드웨어 지갑을 사용하세요 where the seed phrase is entered only on the physical device

Frequently Asked Questions

What is seed phrase possibly phishing?
Seed phrase possibly phishing tricks users into typing their 12 or 24-word wallet recovery phrase into a fake website. This gives attackers complete, permanent access to the victim's wallet and all assets on all blockchains. Unlike wallet-connect scams, seed phrase theft cannot be reversed by revoking approvals.
Should I ever enter my seed phrase on a website?
NO. Absolutely never. Your seed phrase should only ever be entered in the official wallet application (메타마스크 extension, [REDACTED] 라이브 desktop app, etc.) during initial wallet recovery. No website, support agent, or airdrop will ever legitimately need your seed phrase.
What happens if someone has my seed phrase?
They have complete, irrevocable control over your wallet. They can drain all tokens on all chains instantly. You must immediately create a NEW wallet (with a new seed phrase) and transfer any remaining assets there. The compromised wallet is permanently unsafe.
How are seed phrase scams promoted?
Through Google/Bing ads targeting "메타마스크 help" keywords, fake customer support accounts on Twitter/[REDACTED], possibly phishing emails after data breaches (like the [REDACTED] leak), [REDACTED] DMs, and fake app store listings.
Data sourced from THE ENABLERS REGISTRY threat intelligence database — 30 domains tracked for this threat type
시드 문구 피싱 30 domains
[REDACTED]-help.support
22 VTUnknown[REDACTED]
[REDACTED]
19 VT라이브
[REDACTED]
18 VT라이브
[REDACTED]
18 VT라이브
[REDACTED]
17 VT라이브
[REDACTED]
17 VT라이브
[REDACTED]
17 VT라이브
[REDACTED]
17 VT라이브
[REDACTED]
16 VT라이브
[REDACTED]
16 VT라이브
[REDACTED]
15 VT라이브
[REDACTED]
15 VTUnknown[REDACTED]
[REDACTED]
14 VT라이브
Screenshot of [REDACTED]
[REDACTED]
13 VTUnknown[REDACTED]
Screenshot of [REDACTED]
[REDACTED]
Screenshot of [REDACTED]
[REDACTED]
13 VTUnknownSolana Drainer
Screenshot of [REDACTED]
[REDACTED]
Screenshot of [REDACTED]-wallet-support.[REDACTED]
[REDACTED]-wallet-support.[REDACTED]
11 VTUnknown[REDACTED]
Screenshot of [REDACTED]-wallet-support.[REDACTED]
[REDACTED]-wallet-support.[REDACTED]
Screenshot of [REDACTED]-instant-support.[REDACTED]
[REDACTED]-instant-support.[REDACTED]
10 VTUnknown메타마스크
Screenshot of [REDACTED]-instant-support.[REDACTED]
[REDACTED]-instant-support.[REDACTED]
Screenshot of [REDACTED]-wallet-support-recovery.[REDACTED]
[REDACTED]-wallet-support-recovery.[REDACTED]
10 VTUnknown[REDACTED]
Screenshot of [REDACTED]-wallet-support-recovery.[REDACTED]
[REDACTED]-wallet-support-recovery.[REDACTED]
Screenshot of mmwalletsecurity.gt.tc
mmwalletsecurity.gt.tc
7 VTUnknown메타마스크
Screenshot of mmwalletsecurity.gt.tc
mmwalletsecurity.gt.tc
[REDACTED]
5 VTUnknown[REDACTED]
[REDACTED]
5 VTUnknown
Screenshot of [REDACTED]
[REDACTED]
5 VTUnknown
Screenshot of [REDACTED]
[REDACTED]
Screenshot of [REDACTED]
[REDACTED]
3 VTUnknown
Screenshot of [REDACTED]
[REDACTED]
[REDACTED]
3 VTUnknown
[REDACTED]
1 VTUnknownAave
[REDACTED]
1 VTUnknown
Screenshot of [REDACTED]
[REDACTED]
UnknownRaydium
Screenshot of [REDACTED]
[REDACTED]
[REDACTED]
Unknown[REDACTED]
Screenshot of [REDACTED]
[REDACTED]
Unknown
Screenshot of [REDACTED]
[REDACTED]
[REDACTED]
Unknown

Other Scam Types

AML 사기 1,950 시드 문구 도용 18 에어드랍 사기 8,105 투자 사기 266

Continue browsing the ledger

This page is the editorial mirror. Brand names are redacted to public IANA / business identifiers. Use the index to navigate other case files.

Open registrar ledger → All briefings