Stolen Seed Phrase Case Exposes Flaws in Crypto Self-Custody Model

Generated by AI AgentCoin World
Thursday, Oct 2, 2025 11:35 am ET2min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
USDT
--
Aime RobotAime Summary

- A former SAF naval captain stole $1.7M in USDT by photographing a victim’s cryptocurrency wallet seed phrase.

- He exploited physical access to the victim’s condominium, using a retained access card to re-enter and capture the 24-word phrase in December 2022.

- The case highlights vulnerabilities in self-custody practices, with 70% of crypto thefts involving seed phrase compromises, urging stronger physical security and storage protocols.

- Teo spent the funds on luxury items and gambling, admitting to financial distress post-FTX collapse, and will be sentenced in 2025 without restitution.

- Experts emphasize secure storage solutions like encrypted hardware wallets and multi-signature setups to mitigate risks, as blockchain transactions are irreversible once compromised.

A former Singapore Armed Forces (SAF) Naval Diving Unit captain has pleaded guilty to stealing $1.7 million in

USDT
after photographing a victim's cryptocurrency wallet seed phrase. Teo Rong Xuan, 34, exploited physical access to the victim's condominium, using a retained access card to re-enter the property and capture the 24-word phrase linked to a Ledger Nano X hardware wallet. The theft, which occurred in December 2022, underscores the vulnerabilities of self-custody practices and the irreversible nature of blockchain transactions once a seed phrase is compromised.

Teo's actions unfolded during a social gathering at the victim's home in mid-2022, where he obtained a condominium access card under the pretense of assisting a guest. After failing to return the card, he used it on December 31, 2022, to re-enter the unit and photograph the seed phrase stored on a paper document. The following day, Teo transferred the entire 1.7 million USDT-equivalent to $1.7 million at the time-to his own wallet. The victim discovered the theft in March 2023 after noticing the missing funds and engaging blockchain security firm SlowMist, which traced the transactions to Teo's account.

Court records reveal that Teo spent the stolen funds on luxury watches, gambling, and mortgage payments. Approximately $1.1 million was converted to fiat and transferred to his bank account. He admitted to the crime after the victim confronted him, citing financial distress linked to the 2022 collapse of cryptocurrency exchange FTX as a motivating factor. Teo, who left the SAF in 2023, will be sentenced on November 14, 2025, with no restitution paid to the victim.

The case highlights the prevalence of seed phrase theft in cryptocurrency crimes. According to TRM Labs, infrastructure attacks targeting private keys and seed phrases accounted for 70% of stolen funds in the prior year. Unlike passwords, seed phrases cannot be reset, rendering compromised wallets irreversibly vulnerable. Experts emphasize that physical security and secure storage practices are critical for self-custody users. Veronica Wong of SafePal noted, "User behavior is as important as product security," advocating for hardware wallets with encrypted chipsets or multi-signature arrangements to mitigate risks.

Blockchain investigators and legal proceedings have underscored the challenges of recovering stolen assets. While Teo's wallet activity was traced, the decentralized nature of USDT transactions limited recovery options. Petr Kozyakov of Mercuryo added that best practices include storing seed phrases on fireproof materials or in secure locations like safety deposit boxes, though no method guarantees absolute protection.

The Ministry of Defence (Mindef) stated that Teo was discharged from the SAF, emphasizing that service personnel violating disciplinary standards are dealt with according to the law. The case serves as a cautionary example of how human error and weak storage practices can undermine digital asset security, even in institutional contexts.

---