Watch out for this new scam method

Someone messaged me in a forum group about a token I own, asking how to start a token on the blockchain along with a few other questions. After chatting back and forth, they offered to pay me upfront for my help.

I thought they must be a scammer, but I was curious about their plan since they wanted to send money first. So I decided to keep the conversation going.

They told me they couldn’t send the money to my wallet address because they had been scammed before by trusting people too quickly. Instead, they asked me to set up a new wallet and share the new recovery phrase with them, promising to load it with funds.

We all know that the recovery phrase is private and should never be shared, so I directly confronted them and asked why they were lying and how the scam worked. Surprisingly, they cooperated and shared the details.

It turns out when you create a new recovery phrase in a wallet app like Phantom or MetaMask, scammers can use that phrase to access not only the new wallet but also all other wallets you have on that app, allowing them to steal your money.

I really hope this post helps others avoid falling for scams like this.

Someone is misunderstanding something here.

One seed phrase has no ties to another even if generated by the same wallet in a row. This just isn’t true.

The scammer wants you to make a new wallet, not a new seed phrase. Then they want you to supply the seed for that new wallet which will also be the seed for your other wallets.

This is a low effort, low skill level scam.

@Sia
I see it as a slight of hand trick, simple yet effective… easy to confuse someone by focusing attention on the wallet. A new seed phrase you create for a new wallet is also the new phrase for all wallets in your MetaMask.

@chloesuge
I think the real issue is poor wallet design that doesn’t make it clear that new accounts use the same seed, just a different derivation path.

Even tech savvy users might not remember their seed phrase they backed up, so they don’t connect it with the existing seed.

Just adding a note saying do not share your seed would be a simple step in wallet design. And always use multi-signature schemes when multiple people need wallet access.

@chloesuge
Sleight of hand.

Brennan said:
@chloesuge
Sleight of hand.

Sleigher of Han

@chloesuge
MetaMask is a single wallet. The right term should be account, not wallet.

Each account has its own keys. In MetaMask, these are generated by one seed/master password, or by importing a different private key.

@Charlotte

If you’d like to create and manage multiple MetaMask accounts, you could do so simply by adding more accounts. Each of these is associated with the same Secret Recovery Phrase: think of your wallet as holding one or more accounts.

Can you read it yourself?

Only way to get another seed is to use a different browser profile or device.

@chloesuge

I wasn’t discussing MetaMask. Other wallets like Bitget and OKC can load different seeds onto a single wallet.

Can you read it to yourself?

Only way to have a different seed is to use another browser profile or device.

You’re clearly lacking reading skills since I NEVER said MetaMask can load multiple seed phrases. Accounts aren’t the same as seed phrases. Please read the docs.

@Charlotte

I wasn’t talking about MetaMask.

You were clearly talking about it. Get lost :joy:

MARIE said:
@Sia
[deleted]

Not sure that’s laziness. People who know this area tend to be very careful, so they target those who are both gullible and not informed.

Lex said:

MARIE said:
@Sia
[deleted]

Not sure that’s laziness. People who know this area tend to be very careful, so they target those who are both gullible and not informed.

The first mistake made was replying to a stranger’s DM on a forum.

MARIE said:
@Sia

Are you really correcting my wording while talking about a scam that uses wording tricks?

Bro, that’s literally what I meant. Did you get lost in my use of wallet and seed instead of calling them account and wallet?

I wrote it like this to keep it in line with the terms the person used. Do you even see that or are you a classic ‘well actually’ type?

@Sia
Only replied because you said this

You or they are misunderstanding something here.

Both were confused. Your terms are confusing for everyone else here. Accurate terms matter a lot here, because this is where the confusion starts.

@Charlotte
What part of my phrasing confused anyone other than you?

I continued right after that with exactly what you outlined but in different terms. Terms that don’t confuse at all.

Most folks see a wallet as a public and private key pair, and a seed as the passphrase.

Your insistence on saying account seems to just be causing problems.

@Charlotte
So we’re just going to pretend I misphrased my comment rather than using terms that OP used in my reply.

How did that get past you? lol

I understand what you’re describing, I wrote it in the same terms as the OP.

Do you see how you’re coming off as a ‘well actually’ guy, throwing shade while trying to correct someone who clearly isn’t lost?

Thanks for trying to set me straight though. Maybe someone found it useful.

@Sia
How can they access your money if no seed is shared?

Jace said:
@Sia
How can they access your money if no seed is shared?

They can’t. The entire scam is about tricking you into giving up your seed phrase.

Lex said:

Jace said:
@Sia
How can they access your money if no seed is shared?

They can’t. The entire scam is about tricking you into giving up your seed phrase.

I lost funds without giving them my phrase. So they must have done something. Could they have seen my screen when I typed it in? Sorry, not the OP but my experience is similar and I’m still trying to understand what happened.
Edit. OP

@Jace
Your phone or computer was likely compromised already. You should consider them to be at risk and switch to a hardware wallet. Avoid typing your seed on your phone or computer, or reset both back to factory settings.