Russia’s Kaspersky warns scammers post crypto wallet seed phrases on YouTube to steal funds

Scammers are taking advantage of YouTube’s comments section by sharing key phrases to lure greedy individuals into a multi-signature wallet scam.

Bad actors appear to have found a new way to exploit crypto users by sharing seed phrases, tricking victims into attempting to steal funds from a multi-signature wallet, only to fall victim to the scam themselves.

Russia’s approved cybersecurity firm Kaspersky revealed a scam in a blog post published on December 23, following a comment under a financial YouTube video. The user shared the seed emoticon and asked for help transferring money from his wallet; experts immediately flagged this as suspicious.

Binance founder Changpeng Zhao stated in an

I’ve seen a few examples recently where people bought crypto by purchasing a private key or hardware wallet.

This is a bad idea.

The donor still has access to these cryptos. You must move the crypto to an address that belongs to you. Or better yet, ask the giver to send it…

— CZ 🔶 BNB (@cz_binance) December 22, 2024

A seed phrase is a unique string of words required to access a cryptocurrency wallet, and sharing it openly could lead to theft. Kaspersky notes that the comment appears to have been made by a newbie, and that similar comments all come from “newly created accounts.” These messages included basic statements and requests for assistance regarding fund transfers.

In the scam, a thief who accesses the wallet will see that it is full of Tether (USDT). But to withdraw the money, the thief will need TRON (TRX).

“Unfortunately, there is not enough TRX in the wallet, so the thief tries to transfer TRX from his personal wallet, only to discover that the tokens he transferred immediately end up in a completely different, third wallet.”

Kaspersky

The trick lies in the multi-signature setup of the wallet, analysts say, adding that such wallets require approval from multiple parties to authorize transactions. As a result, even if the fraudster paid the required fees, he would not be able to steal the money.

Kaspersky warned that this scam was an example of how scammers can manipulate thieves and encouraged users to avoid sharing seed phrases and be wary of similar schemes. In June, the Biden administration sanctioned 12 senior leaders at Kaspersky Lab, citing cybersecurity risks, a day after the Russian company announced plans to ban the sale of its antivirus software.