Seed phrase theft occurs when someone obtains a wallet’s recovery phrase and uses it to drain funds; in this case ex-SAF diver Teo Rong Xuan admitted photographing a 24-word seed phrase and transferring $1.7M in USDT, illustrating the irreversible risk of exposed seed phrases.
-
Seed phrase theft enabled $1.7M USDT theft by photographing a 24‑word phrase.
-
The attacker reused a condo access card to re-enter the victim’s unit and copy the Ledger Nano X seed phrase.
-
Infrastructure attacks on private keys and seed phrases made up 70% of stolen funds last year (TRM Labs).
Seed phrase theft: ex-SAF diver Teo Rong Xuan admitted stealing $1.7M in USDT by photographing a 24-word seed phrase—read secure wallet tips and next legal steps.
What is seed phrase theft and why is it irreversible?
Seed phrase theft is when an attacker obtains the recovery phrase (typically 12–24 words) that controls a crypto wallet’s private keys. Once a seed phrase is compromised, access to the wallet is irrevocable because seed phrases cannot be reset, and funds can be moved instantly on-chain.
How did Teo Rong Xuan steal $1.7 million in USDT?
According to court records, 34-year-old Teo Rong Xuan met the victim in mid-2022 and kept a condominium access card. On December 31, 2022, he re-entered the victim’s unit, photographed a paper containing the 24-word seed phrase for a Ledger Nano X hardware wallet, and used it to transfer $1.7M in USDT the next day. Blockchain investigators later linked the transactions to his wallet.
What do investigations and industry data reveal about seed phrase attacks?
Security firms report that infrastructure attacks targeting private keys and seed phrases accounted for roughly 70% of stolen funds in the prior year (TRM Labs). Attack vectors commonly include poor storage practices, phishing, and malware. In this incident, the attacker leveraged physical access and human vulnerability rather than technical compromise.
Frequently Asked Questions
How was the seed phrase obtained in this case?
Teo retained a condominium access card after a social gathering, returned to the unit while the owner was out on December 31, 2022, and photographed a piece of paper containing the 24-word seed phrase for a Ledger Nano X hardware wallet.
How can long-term holders prevent similar thefts?
Long-term holders should store seed phrases offline in multiple secure locations, consider fireproof metal backups, use bank safety deposit boxes, or adopt multi-signature schemes to reduce single-key risk.
Key Takeaways
- Physical security matters: Treat seed phrases like cash or keys; physical access enables irreversible theft.
- Human behavior is critical: Secure storage practices and disciplined routines prevent most seed phrase compromises.
- Recovery is limited: Blockchain transactions are final—rapid reporting and forensic tracing are the primary mitigation after theft.
Conclusion
This case shows that seed phrase theft remains a leading cause of crypto loss. Individuals practicing self-custody should prioritize hardware wallets, secure physical backups, and multi-signature arrangements to reduce risk. COINOTAG will continue to monitor legal outcomes and security guidance for digital asset holders.