Cybersecurity firm Kaspersky revealed that malicious actors have created a new scam using seed phrases to target unsuspecting crypto users, according to a December 23 blog post.
This sophisticated scheme takes advantage of individuals’ curiosity and dishonesty, leading to financial losses for unsuspecting victims.
How the scam works
Seed phrases, crucial for restoring access to crypto wallets, are manipulated by scammers posing as inexperienced users seeking help online through social media platforms such as YouTube.
These fraudsters post their fake seed phrases on these platforms to entice individuals to gain access to seemingly valuable wallets. Upon accessing these wallets, users will find large amounts of stablecoins like Tether’s USDT, creating the illusion of easy profits.
However, withdrawing this money requires a gas fee, usually paid in Tron’s TRX. The wallet is deliberately left without enough TRX, prompting users to transfer their funds to complete the transaction.
Once this money is sent, it is immediately forwarded to a wallet controlled by the scammers.
Meanwhile, the central key to this scheme lies in the wallet configuration. The scammers consider it a multi-signature wallet, requiring approval from multiple parties for each transaction. This ensures that the USDT cannot be transferred by the unsuspecting user even after paying the gas fees.
$2 billion in losses
The seed phrase scheme is part of a broader wave of crypto fraud that has increased sharply in 2024.
According to blockchain security firm Cyvers, crypto-related fraud has resulted in losses of more than $2.3 billion this year, marking a significant increase compared to previous years. However, it remains 37% below the more than $3 billion recorded in 2022.
The company noted that malicious actors are using a variety of attack schemes, including access control breaches, which have emerged as the top threat, accounting for $1.9 billion in losses from 67 incidents. Smart contract exploits follow closely behind, with $456.3 million stolen through 98 attacks.
Meanwhile, Cyvers noted that pig slaughter scams have become a dominant fraud tactic this year. In these scams, fraudsters build trust with victims over time, often through dating apps or text messages, before convincing them to invest in fake crypto projects and ultimately steal their money.
The company identified more than $3.6 billion in victim funds across more than 150,000 addresses and 800,000 transactions in 2024, highlighting the scale and sophistication of this scam.