Criminals are creating fake websites offering to recover lost cryptocurrency wallet access codes, but instead install malware that harvests personal data. The scam targets investors who have forgotten their seed phrase—a 12 to 24-word code needed to access digital assets.
How the scam works
After holding cryptocurrency for years, investors may decide to cash in but struggle to remember the access code. Searching online for a recovery tool can lead to malicious software. Alex Holland of HP Security Lab explains: “Scammers are preying on people’s desperation to recover their cryptocurrency wallets. Perhaps the victim has forgotten the seed phrase used to access their wallet. If you wanted a way of recovering that, you could search ‘free cryptocurrency recovery tool’, which I did, and lo and behold one of these fake malware-laden tools came up in my search results.”
One such tool, named “Lost crypto wallets finder – cryptocurrency recovery toolkit,” claimed to be “invaluable for both new and seasoned users who want to reclaim their assets and don’t lose access to their digital wealth.” The site hosting it is now down.
Data theft after download
Once downloaded, the malware collects passwords from web browsers, documents, photos, and other sensitive files. This information is packaged into a Zip file and sent to criminals for future fraud. The scam is lucrative enough for criminals to invest in setting up fake websites.
Protection tips
If you forget your seed phrase, don’t panic—that’s what fraudsters want. “They’re preying on emotions. They want to take advantage of that moment of vulnerability,” says Holland. Legitimate recovery tools exist, but check online reviews before using them. If you suspect malware, remove it with reputable security software and reset passwords immediately, starting with banking ones.
