Your seed phrase was stolen from a file on your computer
Text files, notes apps, and documents on your computer can be accessed by malware, synced to cloud services without you realizing, or found if someone gains access to your machine. Hackers use automated tools to scan computers for anything that looks like a seed phrase.
How this attack works
A seed phrase saved in a text file, a notes app, a password-manager note, or a document sits in plaintext on a networked machine. Info-stealer malware — bundled with cracked software, fake installers, and malicious attachments — searches your disk for files and wallet data that look like keys or recovery phrases.
Many notes and document apps also sync silently to the cloud, so the file may exist in more places than you realize, each one a separate way in.
Stealers exfiltrate quietly in the background; the first sign is usually the funds leaving.
Warning signs
- •Your phrase or private key is in any file, note, or document on a computer.
- •You've installed software from unofficial or 'cracked' sources.
- •The file syncs to a cloud service you may have forgotten about.
What to do right now
- •Delete any digital copies of seed phrases
- •Create a brand new wallet with a fresh seed phrase
- •Write it down on paper or metal only
- •Never store seed phrases on any digital device
Not sure this is what happened to you?
Run the 2-minute diagnostic