In brief
- A former Singapore Armed Forces diver stole $1.7 million in USDT after photographing the victim’s seed phrase in their bedroom.
- He spent the money on luxury watches, gambling and mortgage payments.
- Seed phrases are the master keys to crypto wallets and a major target for hackers worldwide.
A former Singapore Armed Forces (SAF) diver has admitted in court to stealing $1.7 million in cryptocurrency after secretly photographing a seed phrase belonging to a Chinese national living in Singapore.
34-year-old Teo Rong Xuan, who previously served in the military’s Naval Diving Unit, admitted to charges including housebreaking, misusing a computer system and dealing with ill-gotten gains in court on October 1, according to the Straits Times.
Seed phrases—typically a sequence of random words—act as the master key to cryptocurrency wallets. Unlike a password, a stolen seed phrase cannot be reset, meaning access to funds is irrevocably lost once compromised.
Seed phrase theft is one of the most common ways for thieves and hackers to obtain access to a person’s wallet. Infrastructure attacks targeting private keys and seed phrases made up 70% of stolen funds last year, according to TRM Labs. The firm added they are often obtained through poor storage practices, phishing campaigns and malware deployment.
Court records show that Teo met the 30-year-old victim in mid-2022 through a mutual friend. During a football match gathering at the victim’s home, Teo obtained a condominium access card under the pretense of helping another guest. He failed to return the card.
On December 31, 2022, Teo exploited that access to re-enter the victim’s unit while the victim was out. He found and photographed a piece of paper containing the 24-word seed phrase for the victim’s Ledger Nano X hardware wallet. The next day, Teo used the seed phrase to transfer $1.7 million in the USDT stablecoin to his own wallet.
Prosecutors said Teo spent the money on luxury watches, online gambling, and mortgage payments. About $1.1 million was converted into US dollars and moved into his bank account. Teo later admitted to the crime after the victim discovered the missing funds and blockchain investigators linked the theft to his wallet.
Teo claimed he was motivated by heavy financial losses following the 2022 collapse of cryptocurrency exchange FTX.
Crypto wallet security
Industry experts said the case illustrates how human error and weak storage practices continue to undermine digital asset security.
“This case is a strong reminder that user behaviour is as important as product security,”Veronica Wong, CEO and Co-Founder of crypto wallet suite SafePal, told Decrypt.
She recommended that long-term holders use hardware wallets with encrypted chipsets, while active traders might consider cloud backups, though she cautioned such methods also introduce risks tied to third-party encryption and account access.
Petr Kozyakov, Co-Founder and CEO of payments platform Mercuryo, added that the case highlighted how securely safeguarding a seed phrase is of critical importance for individuals practicing self-custody.
“Storage in a secure location, such as a bank safety deposit box, is best practice. However, there is unfortunately not a panacea in regard to keeping digital assets safe,” he said.
He said other best practices would be to write a seed phrase on a durable material such as fireproof metal plates, and store it in multiple secure locations, or to use a multi-signature wallet, which requires approvals from two or more private keys to authorise any transaction from their wallet.