Scammers are targeting cryptocurrency users who have lost access to their wallets, according to reporting from NewsData. The attack preys on a specific desperation: users who have forgotten or mislaid their seed phrases or private keys.

The mechanics are straightforward. A user locked out of their wallet searches for recovery help. Scammers intercept that search or contact them directly through social channels, offering to restore access. Once the user hands over their seed phrase or private key in hopes of regaining control, the attacker drains any remaining funds in the wallet.

This works because locked wallets are already a loss. A user who has already forgotten their access codes has little left to protect and will take risks a normally cautious holder would not. The scammer's pitch is simple: we fix your problem. The cost of trying is just the secret key itself. By the time the user realizes the secret should never have been shared, the wallet is empty.

The attack vector relies on human desperation more than technical sophistication. No wallet vulnerability must be found. No zero-day exploit is needed. The attacker simply waits for someone in pain and offers relief.

Users attempting to recover locked wallets should never share their seed phrases or private keys with anyone, regardless of credentials or promises. Legitimate wallet recovery firms operate only if the user still holds the hardware device (such as a hardware wallet or backup file). If a wallet is truly lost and the user has no backup, the funds in it are unrecoverable. No third party can access a wallet without its private key or seed phrase.

The broader risk lies in search pollution and social engineering. If scammers can rank high in searches for "recover cryptocurrency wallet" or establish credibility through cloned websites or verified-looking social accounts, they will catch users at their most vulnerable. Each trapped user is one who has already suffered a loss and is unlikely to report the secondary scam—adding shame to financial harm.

NewsData did not specify the geographic scope of this campaign, the number of reported victims, or whether law enforcement agencies have opened investigations. The publication offered no timeline for when the scam began or whether it is still active.