Cybersecurity firm Kaspersky has issued a detailed warning about a novel cryptocurrency scam that preys on greed and inexperience. In a blog post published Monday, the company described a trap where fraudsters post wallet seed phrases in YouTube comments, luring victims into thinking they have stumbled upon free money.
The Setup
According to Kaspersky, a typical example involves a comment under a finance-related video. The comment says: “I have a question. I have USDT stored in my wallet, and I have the seed phrase. How to transfer my funds to another wallet?” The entire seed phrase – usually 12 or 24 words – is then listed openly. Even a beginner knows not to share such sensitive data, but scammers bank on the fact that some users will try to access the wallet out of curiosity.
The Trap: Multisignature Wallet
When a victim imports the seed phrase into a wallet interface, they see a balance of thousands of dollars in USDT (a popular stablecoin). However, any attempt to withdraw triggers a message: “You need to pay a small fee in TRX (the TRON network’s native token) to cover the network fee.” Since the wallet has no TRX, the victim transfers TRX from their own personal wallet. But that TRX never reaches the required fee address—it is instantly redirected to a completely different wallet controlled by the scammers.
Kaspersky explains the technical trick: the “free wallet” is actually a multisignature wallet. In such wallets, outgoing transactions require approval from two or more private keys. The victim only has one key (from the leaked seed phrase), so they cannot authorize any transfer out of the wallet. The scammers hold the second key and have set up the wallet so that any incoming TRX (sent as “fees”) is automatically forwarded to their own address via a separate smart contract or wallet script. The USDT remains locked and immovable.
“So the scammers are impersonating beginners who foolishly share access to their cryptowallets, tricking equally naive thieves – who end up becoming the victims,” Kaspersky noted.
Why It Works
The scam exploits two human tendencies: the allure of free money and the belief that “if I only pay a small fee, I can unlock huge gains.” Victims convince themselves that a few dollars in TRX is a worthwhile risk. The multisig mechanism ensures that the victim never gains control, while the TRX sent is pure profit for the scammers. Kaspersky emphasizes that any wallet whose seed phrase is publicly posted is almost certainly a trap. Legitimate wallets never require sending a separate fee to a specific address; blockchain transaction fees are deducted automatically from the sender’s balance.
Protection Tips
Kaspersky offers clear guidance: never try to access or take funds from a wallet you do not own, even if you have the seed phrase. If a seed phrase appears in a public comment, it is 100% a scam. Always generate your own wallet securely and keep your private keys offline. Be wary of any scenario that asks you to send cryptocurrency to unlock another balance – this is a classic hallmark of “advance fee” fraud.
Staying informed about the latest attack vectors is the best defense. The crypto space is full of creative attempts to separate users from their assets, and vigilance is the only reliable countermeasure.

