Seed Phrase Exposed? What to Do Before Your Crypto Is Stolen
If your recovery phrase was photographed, cloud-saved, typed into a form, or shown to the wrong person, act fast. Here is the safest order for moving crypto before the wallet is drained.
How we checked this guide
- Ledger support says anyone with your Secret Recovery Phrase can drain all accounts tied to it, and recommends moving remaining funds to accounts secured by a new recovery phrase.
- Trezor support says a wallet backup that may be compromised should be treated as compromised immediately, with funds moved to a new wallet backup as soon as possible.
- Tangem's seed-phrase help center says anyone who gains access to a seed phrase can use it; Tangem's seedless setup avoids a written seed phrase but requires careful backup-device setup.
If your seed phrase was exposed, do not wait for a second opinion. Treat the wallet as compromised and move funds as soon as you can do it safely.
A recovery phrase is the master key to the wallet. If someone photographed it, stored it in the cloud, asked you to type it into a website, or briefly got physical access to the written copy, the correct default is simple: assume the phrase can be used and rotate to a new wallet.
Short answer
If the phrase may be exposed, the safest order is:
- prepare a safe destination controlled by a different recovery method
- move assets out before the old wallet is emptied by someone else
- create a new wallet and backup
- stop using the old phrase forever
Do not keep receiving funds to the old wallet while you think it over. Crypto theft is usually irreversible once the attacker signs the transaction.
Quick triage table
| Situation | Best move |
|---|---|
| You typed the phrase into a website, app, note, or cloud document | Treat it as compromised and move funds now. |
| Someone photographed or copied the written phrase | Treat it as compromised even if the wallet still looks normal. |
| You use a passphrase wallet and the attacker likely saw only the seed words | The passphrase may still help, but rotate anyway and do not assume permanent safety. |
| You have no spare hardware wallet ready | A temporary exchange account or temporary software wallet under a different seed can be acceptable for an emergency move. |
| You use Tangem in the default seedless setup | There is no seed phrase to leak, but backup devices and access-code recovery still matter. |
Why seed phrase exposure is an emergency
Ledger support is blunt on this point: anyone with the recovery phrase can control every account derived from it across blockchains. Trezor says the same in different words: if your wallet backup might be compromised, you should assume that it is.
That is why a compromised seed phrase is different from a stolen phone, a broken screen, or a forgotten PIN. Those problems can still leave you time. An exposed seed phrase gives the attacker the one thing that matters most.
Common exposure mistakes include:
- taking a photo of the phrase
- saving it in iCloud, Google Drive, email, or notes
- typing it into a fake wallet-recovery page
- sharing it with fake support
- importing it into the wrong wallet app on an internet-connected device
If any of those happened, focus on moving funds, not on debating whether the wallet vendor was hacked.
What to do in the first 30 minutes
1) Stop using the old wallet for new deposits
Do not send more crypto to addresses derived from the exposed phrase. Pause recurring deposits and tell anyone paying you not to use the old addresses.
2) Prepare a safe destination controlled by a different backup
The best destination is a wallet controlled by a different recovery method:
- a spare Ledger or Trezor initialized with a new backup
- a brand-new hardware wallet setup
- in an emergency, a temporary exchange account or software wallet that does not use the exposed phrase
Trezor explicitly says a temporary third-party wallet can be used in an emergency, but it is still a less safe environment than self-custody on a properly prepared hardware wallet.
If this is pushing you toward a simpler long-term setup, compare best seedless crypto wallets, our Tangem review, and should you buy a second hardware wallet as a backup?.
3) Move assets in a careful order
Ledger's recovery-phrase change guide includes an easy-to-miss but useful detail: send tokens first, then send the native coin such as ETH, SOL, or BNB last so you still have gas for the remaining transfers.
While moving funds:
- verify the receiving address on the device or app you trust
- send a small test transaction first for larger balances
- do not copy destination addresses from transaction history
- avoid rushing into blind signatures or random approval prompts
If you need a refresher, read address poisoning scams and blind signing on hardware wallets before moving a large balance.
4) Empty the old wallet, then reset and replace it
Once the old wallet is empty:
- wipe or reset the device if appropriate
- create a new seed phrase or new wallet backup
- write it down offline
- test the backup before funding it heavily again
- never reuse the exposed phrase
If the old wallet still works but you are missing the written backup instead of exposing it, the safer process is slightly different. See lost seed phrase but wallet still works.
Does a passphrase change anything?
Sometimes, yes — but not enough to justify delay.
Ledger and Trezor both describe passphrases as an extra layer that creates separate wallets derived from the seed plus the passphrase. That means a hidden passphrase wallet may still be protected if the attacker saw only the seed words and does not know the passphrase.
The problem is operational certainty. You may not know whether the passphrase was also exposed, whether every balance is actually inside the passphrase wallet, or whether you will make a mistake while recovering under stress. For most people, the right move after any real exposure is still to rotate to a fresh wallet.
If you are unsure whether a passphrase helps or makes your recovery risk worse, read should you use a passphrase on your hardware wallet?.
Where Tangem fits after a seed-phrase scare
Tangem is relevant here because its default seedless setup removes the written recovery phrase that many people mishandle. That does not make it automatically better for everyone. It simply changes the failure mode from "protect a written secret" to "protect and understand your backup cards or ring set."
Tangem's help center also makes clear that if you choose a seed-phrase-based Tangem setup, that phrase is still a full-control secret like any other wallet backup. So the lesson is not "buy Tangem and forget security." The lesson is to choose the recovery model you are actually able to manage correctly.
Bottom line
If your seed phrase may have been exposed, act like the race has already started. Move funds to a wallet secured by a different recovery method, replace the old backup, and stop using the compromised phrase permanently.
The goal is not to prove that an attacker definitely has the words. The goal is to make those words worthless before they can be used against you.
Get the Coin Buyer Guide digest
A practical weekly email with new wallet, exchange, card, tax, and crypto security guides — plus useful industry notes. No hype.