You entered your seed phrase into a fake website
Scammers create convincing copies of legitimate wallet sites, exchanges, and dApps. They use similar domain names, identical designs, and urgent messaging to trick you into entering your seed phrase. The moment you enter it, they have full access to your wallet.
No legitimate service will ever ask for your seed phrase. Ever.
How this attack works
Phishing sites are pixel-perfect clones of real wallet, exchange, and dApp pages, served from lookalike domains (a swapped letter, an extra word, a different ending) and often promoted through paid search ads or DMs.
The fake site invents a reason you must enter your secret: 'validate your wallet,' 'sync your account,' 'claim your airdrop,' or 'recover stuck funds.' The instant your 12 or 24 words or private key hit that page, the attacker imports your wallet and drains it.
No legitimate service ever asks for your seed phrase — entering it anywhere online is the moment of compromise.
Warning signs
- •You typed or pasted your seed phrase into a website or popup.
- •You reached the site from an ad, DM, email link, or search result.
- •The domain was subtly misspelled or used the wrong ending (.com vs .app).
- •The site pushed urgency or 'verification' to get your phrase.
What to do right now
- •Never enter your seed phrase into any website
- •Bookmark official sites and only use those bookmarks
- •Be extremely suspicious of any site asking for your seed phrase
- •Create a brand new wallet with a fresh seed phrase
Not sure this is what happened to you?
Run the 2-minute diagnostic