Executive Summary
A former Singapore Armed Forces diver has pleaded guilty to stealing $1.7 million in Tether (USDT) by photographing a victim's cryptocurrency seed phrase, underscoring critical vulnerabilities in digital asset self-custody.
The Event in Detail
Teo Rong Xuan, a 34-year-old former captain in the Singapore Armed Forces Naval Diving Unit, admitted to charges related to the theft of 1.7 million USDT, valued at $1.7 million at the time of the incident in December 2022. Teo exploited physical access to the victim's condominium, using a retained access card to re-enter the property while the victim was absent. During this unauthorized entry, he located and photographed the 24-word seed phrase associated with the victim's Ledger Nano X hardware wallet, which was stored on a physical document. The following day, Teo utilized the compromised seed phrase to transfer the entire 1.7 million USDT to his personal wallet.
Court records indicate that Teo subsequently spent the stolen funds on luxury watches, online gambling, and mortgage payments, converting approximately $1.1 million into fiat currency and transferring it to his bank account. The victim discovered the theft in March 2023. Blockchain security firm SlowMist assisted in tracing the transactions, linking the stolen funds to Teo's accounts. Teo, who left the SAF in 2023, attributed his actions to financial distress stemming from the 2022 collapse of cryptocurrency exchange FTX. He is scheduled for sentencing on November 14, 2025, with no restitution having been made to the victim.
Market Implications
This incident highlights the persistent and evolving nature of security risks within the cryptocurrency ecosystem, particularly concerning self-custody. The method of theft—compromising a seed phrase through physical access—reinforces the notion that even sophisticated hardware wallets are vulnerable to lapses in operational security. According to TRM Labs, infrastructure attacks targeting private keys and seed phrases accounted for nearly 70% of stolen funds in 2024, with a total of $2.2 billion stolen in hacks and exploits during that year. This represents a 17% increase from 2023, bringing the three-year total to over $7.7 billion. The irreversible nature of seed phrase compromises means that once these keys are stolen, the associated digital assets are typically lost permanently, presenting significant challenges for recovery.
The broader market impact includes heightened caution among users regarding self-custody practices and a renewed focus on improving personal security protocols. The incident serves as a critical reminder that robust digital security measures must be complemented by equally stringent physical and personal operational security to protect digital assets effectively.
Industry experts consistently emphasize the critical importance of secure seed phrase storage and responsible user behavior. Unlike traditional passwords, seed phrases cannot be reset, making their compromise catastrophic. Best practices advocated by security specialists include the use of cold wallets (hardware wallets like Ledger and Trezor) which store private keys offline, and employing burner wallets for interactions with new or experimental decentralized applications (dApps). For higher-value holdings, multi-signature (multi-sig) wallet setups are recommended, requiring multiple approvals for transactions and significantly reducing the risk of a single point of failure.
Furthermore, advice for securing seed phrases includes never storing them online (e.g., in cloud storage, notes apps, or emails). Instead, physically secure methods such as steel plates or Shamir Secret Sharing are recommended. The implementation of two-factor authentication (2FA) and vigilance against phishing attacks remain crucial. Experts maintain that user error continues to be the weakest link in wallet security, stressing that a proactive and vigilant approach is imperative to prevent irreversible losses.
Broader Context
The theft by Teo Rong Xuan contributes to a growing trend of cryptocurrency-related crime. Recent reports indicate that over $3.1 billion was lost to hacks in the first half of 2025 alone, surpassing the total for the entirety of 2024. Personal wallet compromises specifically accounted for 23.35% of these stolen funds, with an estimated $8.5 billion still unrecovered on-chain. This persistent vulnerability underscores the ongoing challenge for law enforcement in blocking and recovering stolen digital assets, particularly as illicit actors increasingly utilize decentralized services and diverse blockchains to move funds quickly.
In response to these challenges, collaborative efforts are emerging within the industry. For instance, TRON, Tether, and TRM Labs established the T3 Financial Crime Unit (T3 FCU) in August 2024 to foster public-private collaboration against illicit activities on the TRON blockchain. Such initiatives aim to enhance the traceability and freezing of illicit proceeds, although the rapid and efficient nature of blockchain transfers often complicates recovery efforts. This ongoing cat-and-mouse game between security measures and sophisticated threat actors highlights the continuous need for adaptation, innovation, and cooperation across the regulatory, law enforcement, and private sectors to fortify the crypto ecosystem against crime.
source:[1] Thief Snaps Photo of Victim’s Seed Phrase in Apartment, Steals $1.7M in Crypto - Decrypt (https://decrypt.co/342693/thief-snaps-photo-o ...)[2] Stolen Seed Phrase Case Exposes Flaws in Crypto Self-Custody Model - AInvest (https://vertexaisearch.cloud.google.com/groun ...)[3] Thief Snaps Photo of Victim's Seed Phrase in Apartment, Steals $1.7M in Crypto - Decrypt (https://vertexaisearch.cloud.google.com/groun ...)
Edgen Crypto·Oct 02 2025, 16:38
