Episode 1 – Seed Phrase Stored Online, 163 ETH Gone
Episode 1 of ‘How I Got Hacked’ tells the story of Monty Munford, who lost 163 ETH due to improper storage of his seed phrase. Unfortunately for Monty, attackers were able to compromise the seed phrase for his software wallet because he made a fatal Opsec error – storing his seed online in his Gmail drafts.
| Date: | June 2019 |
| Type of Hack: | Compromised Seed Phrase |
| Type of Storage | Software Wallet |
| Value of loss (at time): | Approx. $50,000 |
| Value on Jan 1st, 2025: | Approx $570,000 |
A seed phrase compromise is a security breach that occurs when attackers gain access to a victim’s cryptocurrency by exploiting their secret recovery phrase.
Getting Self-Custody Wrong
With great power comes great responsibility. That’s the tradeoff when it comes to self-custody. As important as it is to practice self-custody, it’s that much more important to practice it the right way. Here are a couple of places where Monty went wrong on his self-custody journey.
“I’ve had the slow dawning… oh no, please, not me. And then, after that, I felt sick as a dog. I had lost 163 Ether.”
Mistake #1: Storing seed phrase online
You should never store your seed phrase online in any form, whether in a text document or an image on the cloud, or even on an internet-connected device, as this makes it accessible to hackers and other malicious actors, who can easily compromise your phone or laptop. For example, there are specific kinds of malware that specifically scan your files, images, and PDFs for seed phrases.
Mistake #2: Using a software wallet
Software wallets generate your private keys online and store them on devices that are always connected to the internet, putting them at risk. Hackers have gotten very good at extracting private keys remotely from people’s always-online devices. It’s also possible for attackers to steal the password for your wallet or even alter the wallet addresses that you copy and paste, if they’ve compromised your device.
“That Ether could be worth 10 million. It could be worth zero, who knows? And sometimes I get happy when crypto goes down, because it’s a smaller house I lost.”
Doing It Right
Keeping both your seed phrase and your private keys offline and isolated from the internet is one of the most important steps you can take to protect your crypto.
Using a hardware wallet, which generates and stores private keys offline, prevents them from being accessed by bad actors via the internet.
For some more tips on getting self-custody, read our articles on Ledger Academy to learn how to keep your seed phrase safe and the risks of using a software wallet.
Watch Episode 1 of ‘How I Got Hacked’ for the full story.
