Your seed phrase was stolen from your phone
Screenshots and photos are automatically backed up to cloud services, synced across devices, and accessible to apps with photo permissions. Hackers know this and specifically look for seed phrase photos.
Many people make this mistake thinking it's a quick, convenient backup. Unfortunately, it's one of the easiest ways to lose your funds.
How this attack works
Taking a screenshot or photo of your seed phrase feels convenient, but that image doesn't stay on your phone. It's backed up to iCloud or Google Photos, synced across your devices, and readable by any app you've granted photo-library access.
Malicious apps — and even some 'cleaner' or 'wallpaper' apps — scan the photo library for images that look like recovery sheets. Optical character recognition turns a photo of your phrase into plain text in seconds.
A lost or stolen unlocked phone, or the cloud photo backup itself, exposes the phrase the same way.
Warning signs
- •You have a photo or screenshot of your seed phrase in your camera roll.
- •You installed apps that requested photo-library access without an obvious need.
- •Your photos back up to iCloud or Google Photos (they almost certainly do).
What to do right now
- •Delete any photos of seed phrases from your phone AND cloud backups
- •Create a brand new wallet with a fresh seed phrase
- •Write it down on paper or metal only
- •Store it somewhere physically secure
Not sure this is what happened to you?
Run the 2-minute diagnostic