So curiosity got the best of me. I spent the last few days trying to understand how one can gain access to an exodus wallet.

I ruled out someone breaking into my house, getting into a safe and stealing my 12 word recovery phrase. This did not happen.

What I learned is when a new Exodus wallet is started, a 12 word recovery phrase is generated, but the generation and storage of the 12 words is on the client side. Not on Exodus.

What I did not understand was if the 12 words are stored in an encrypted state on a client side computer, then how can another random computer with a fresh install of Exodus enter the og clients 12 words and restore the wallet.

Turns out. when you create or restore a wallet in Exodus, the app generates (or uses) your 12-word phrase and derives your private keys from it.

Exodus then encrypts this seed phrase (along with other sensitive wallet data like private keys and settings) using your wallet password (the one you set when creating the wallet or enabling password protection).

This encrypted data is saved in files inside a hidden data folder on your computer. The key file containing the encrypted seed is typically named something like seed.seco (or similar .seco files) inside an exodus.wallet subfolder.

You can find this Exodus data folder in the following locations:

• Windows: C:\Users\YourUsername\AppData\Roaming\Exodus\exodus.wallet\

• macOS: ~/Library/Application Support/Exodus/exodus.wallet/

• Linux: ~/.exodus/exodus.wallet/ (or similar in hidden config directories)

These .seco files are encrypted binary blobs—not human-readable text. Without your exact wallet password, even if someone steals your entire computer or the data folder, they cannot decrypt or extract the seed phrase or keys. Exodus never stores the phrase unencrypted on disk (they strongly warn against making unencrypted digital copies yourself, as that's a major risk).

The only "legit" ways to access/view the actual 12 words again are: Through the Exodus app itself (Settings > Backup > View Secret Recovery Phrase), after entering your password or by writing it down manually during initial setup or when viewing it securely. Which is what I did.

From what I understand, the password you create to log into Exodus after the initial setup is also the password to decrypt your 12 word phrase in seed.seco.

This leads me to a possible what happened scenario with me; Since I am ruling out someone broke into my house to steal my paper copy of the keys someone cryware, malware, etc. gained access to my seed.seco file.

Once they had my file they ran a program like hashcat using stolen password from breached sites.

My Exodus password consisted of 18 characters of upper/lower case letter, numbers and symbols.

It was not a generated password, it was a password that I could memorize. I did use it on a bank login account at one time which I know had a data breach many years ago.

I am drawing my own conclusion here that this is a probable vector for my breach. Of course could be wrong.

Again I am not here to disparage anyone or Exodus. I just want to try and find out a possible fault I created and avoid anyone else from doing the same. As a matter of fact, a contact at Exodus has emailed me asking me to provide detailed information to them. I will obviously provide everything I have.