Education

The Error That Opens the Door to Loss: Sharing a Recovery Phrase

By Walid Mograbi · 2026-06-06 · 2 min read

A recovery phrase is the master key to a wallet, not a support credential. It should only be used during initial setup or verified recovery scenarios; any unexpected request by message or link is usually a scam.

Core lesson

If you receive a message asking for your recovery phrase, the safest default is this: treat it as suspicious until proven legitimate. For most users, that request is not from real support.

What the recovery phrase is

Your recovery phrase gives access to the wallet’s accounts and linked funds. One leak can let a third party take full control of your balance. The risk is not small; it is complete account compromise.

When to use the phrase

Use your phrase only in two cases:

• Creating the wallet the first time.
• Restoring it after device loss, reinstallation, or a real wallet crash.

Everything else is outside normal use.

10-second support check

Before interacting further with a request, run a fast safety test:

• Is the request coming from inside the official wallet app?
• Does it match a legitimate recovery need (new install or device failure)?
• Is there no unexpected message, email, or social link requesting the phrase?

If any answer is unclear, stop.

Quick checklist before entering any seed data

• Confirm the source is in-app only.
• Confirm the reason is valid and documented.
• Stop immediately if a person asks for the phrase via chat, DM, email, or phone.
• Never proceed from unknown links.

Warning you should remember

Sharing the phrase grants immediate and total control to whoever receives it. If they use it to move assets, recovery is often uncertain and losses can be permanent.

Practical response to a suspicious request

Do not provide the phrase, do not follow links, and end the interaction with that channel. Report the attempt and re-open the app through official settings to verify account status. The goal is simple: keep the phrase local and offline.

Lesson outcome

This lesson is meant to make support requests manageable in about ten seconds: verify intent, verify channel, verify legitimacy, then decline anything that fails the checklist.