Your hardware wallet may have been pre-compromised
Hardware wallets bought from unofficial sources (Amazon third-party sellers, eBay, secondhand) may have been tampered with. Scammers buy devices, extract or pre-generate seed phrases, then resell them as "new."
Always buy hardware wallets directly from the manufacturer.
How this attack works
A genuine hardware wallet generates a brand-new seed phrase on first setup that only you ever see. Devices bought from Amazon third-party sellers, eBay, or other resellers can arrive pre-initialized with a phrase the seller already knows — sometimes shipped with a "use this PIN and recovery sheet" card.
Once you fund a wallet whose phrase someone else generated, they can drain it whenever they like. Tampered packaging and "replacement" devices sent after a fake security alert are variants of the same trick.
Warning signs
- •The device came with a pre-filled recovery sheet or a preset PIN.
- •You bought it second-hand or from a third-party marketplace seller.
- •Setup didn't have you generate and write down a fresh phrase yourself.
What to do right now
- •Only buy hardware wallets from official manufacturer websites
- •Never use a hardware wallet that came with a pre-filled seed phrase
- •When setting up, the device should generate a new seed phrase
- •Consider your current hardware wallet compromised
Not sure this is what happened to you?
Run the 2-minute diagnostic