Seed phrase leak

Seed phrase leak is the single most destructive form of compromise for a self-custodial wallet. Knowing the 24 words gives an attacker full and irrevocable signing power over every address derived from that phrase, across all wallet-contract versions. This is not a “risky situation” — it is a loss already in progress, where the clock until a drainer empties the funds is measured in minutes.

Common scenarios

• Fake “recover wallet” pages. A victim receives a Telegram message about a “wallet issue” with a link to a site that asks for the seed “to recover”. This is the most common vector by far. Real wallets never ask for the seed online.
• Cloud screenshot. The user took a photo of the paper backup; it auto-synced to iCloud / Google Photos. Any later compromise or partial share of that cloud account leaks the seed.
• Plain-text file and clipboard. The seed was saved in a .txt on the desktop, forwarded to “Saved Messages” in Telegram or simply copied — straight into a clipboard-stealing malware.
• Keylogger. An infected keyboard or browser extension captures the keystrokes when the victim enters the seed after a reinstall.
• Social engineering. A fake Tonkeeper “support” in Telegram asks the victim to “verify the order of the words”, and the user dictates them. Same category: fake surveys and AMAs.
• Paper backup in plain sight. A house guest, a relative, a renovation crew — there are real cases, especially around larger balances.
• Cloud password managers without proper end-to-end encryption. With weak master-password protection the manager becomes a single point of failure.

What happens after a leak

The reaction window is minutes, in large cases seconds:

1. The attacker immediately derives addresses for every wallet-contract version (v3R2, v4R2, v5R1, highload variants) and checks balances.
2. If any address holds TON, jettons or NFTs — a drainer runs a batch transfer of everything to the attacker’s address.
3. NFTs usually go to a separate address for fast resale on popular marketplaces.
4. Staking positions (stTON, tsTON, hTON) are moved like ordinary jettons — the pool does not distinguish a legitimate owner from an attacker.

A seed phrase cannot be revoked. There is no “change password” on a blockchain. Any transaction signed using the leaked seed is valid.

What to do the moment you suspect a leak

If the seed may have leaked but funds are still in place:

1. Create a new wallet immediately on a clean device, ideally on a different machine and from a fresh seed.
2. Move every liquid asset over: TON, jettons, LSTs, USDT.
3. NFTs and staking positions go in the second wave — they take longer to move but usually still need to be evacuated.
4. Do not try to wait it out in the hope that the attacker did not find your seed. If the seed is out, the migration is the only reliable step.

Sometimes there is luck: the drainer is not configured for TON, or the address never made it into its pool. You cannot rely on that.

Prevention

• Hardware wallet. The seed never leaves the device; even on a compromised host, signing still requires confirmation on the Ledger screen.
• Multisig. Leaking one key does not allow a transfer without the other signatures. Appropriate for large balances and DAO treasuries.
• Hot / cold split. Small daily balance on a hot wallet, the bulk on a cold or hardware wallet.
• No online copies of the seed. Only paper or metal backup, no photos, no cloud sync.
• Domain check on connect. TON Connect’s real protection is that the user sees the domain — but only if they read what they sign.
• A separate wallet for risky signing. Mini-apps, airdrops, new contracts — better routed through an address with minimal balance.

A seed leak rarely happens as a single event. It is usually a chain of small compromises: a cloud, an old backup, one careless signature on a scam site. Strong key hygiene does not remove the risk completely, but it moves it from “question of when” to a genuine anomaly.