Crypto hackers and scammers use different techniques to drain innocent victim’s wallets. While your secret recovery phrase or private key is the way to control your wallet, attackers can trick you into giving them access to your digital assets through sophisticated phishing or smart contract exploits.
If your wallet has been drained, this article is for you. It explains the steps you need to take to handle the situation and minimize your losses.
Wallet Drained: How Did It Happen?
The first thing to do is find out how your assets were stolen from your wallet. There are a range of techniques the scammers may have used, but here are some of the most common ones:
- A seed phrase or private key leak
Scammers may have gained access to your wallet seed phrase or private key, especially if you stored them online or on your PC (which is a big no-no). You may have sent the phrase as an email to yourself or saved it as a picture or file on your device, making it easier to find once your device has been compromised.
On the other hand, the attacker may have physically stolen a paper backup of your seed phrase.
Notably, you may also have leaked your seed phrase or private key stored on your computer or smartphone while giving access to your device for several activities, such as getting on a whitelist for a crypto and non-fungible token (NFT) mint, downloading and installing a new application or game, and opening suspicious files from unknown sources.
If your assets suddenly disappear from your wallet without you executing any recent transactions, the case may be a seed phrase or private key leak.
- App approvals and allowances
In this situation, hackers may have taken advantage of smart contract approvals for dapps that had requested it. Did you swap, claim, or mint an asset? Then, you may have unintentionally given the smart contract you interacted with access to your assets, and worse still, you failed to revoke the approval. Malicious actors may have exploited the open approval.
Alternatively, scammers may have lured you to a phishing website that imitates real crypto services and asked you to connect your wallet or sign a malicious transaction. They must have gained access to your wallet after you clicked on a link or approved a transaction that popped up, enabling them to steal your assets.
You can use tools specified later in this guide to determine which allowances you currently have in your wallet.
Secure Your Remaining Assets and Other Wallets
Once you have deciphered how your wallet was drained, the next step is to quickly secure any assets unaffected by the exploit. You need to extract all assets from drained wallets by transferring them to a new and safe wallet address that has been properly backed up.
Whether your seed phrase was leaked or open approvals exploited, the best thing to do is create a new wallet with a new seed phrase in a new device or another browser profile. Remember that creating a new wallet entails installing a fresh self-custody crypto wallet app like MetaMask, Trust Wallet, or Phantom, even if you previously had them installed on your device. Getting a fresh wallet will provide you with a new seed phrase and private key for your wallet.
DO NOT use the “Create Wallet” button on your existing wallet app because some wallets would only issue a new address under the same seed phrase, which may have been compromised.
In addition, you shouldn’t save your new seed phrase online, as scammers can retain access to your assets if your device or online account, such as email, is compromised.
Perform a Security Check
If you are worried your device has been compromised, the next step is to perform a security check. You can also extend the check to other gadgets where you may have stored your seed phrase or private key.
Before performing a security check, you should disconnect your device from the internet, especially if you feel the exploit is from a remote attacker.
You can start the process by examining your browser extensions to remove suspicious software. You can also delete extensions that are no longer in use. Another step is to review and remove recently installed applications that appear suspicious or are not in use. You should also revisit your app permissions to revoke access to tools you no longer want them to be connected to.
Once done, if the attack took place within your PC, you should format your PC immediately.
Revoke Approvals/Access to Your Wallet
Suppose your wallet was drained through open approvals, and you do not want to create a new one. In that case, you can consider revoking approvals you may have given to any smart contracts, addresses, or decentralized applications (dApps). During your interactions with these contracts, you must have approved all kinds of transactions, including phishing links, thereby exposing your wallet and undermining its security.
There are several platforms for reviewing and revoking smart contracts’ access to your wallet. For tokens on the Ethereum network, you can revoke access to your wallet using Etherscan’s Token Approval tool or Revoke.cash. Other blockchain explorers also offer this feature. The tool reveals the number of smart contracts you have approved on your wallet and guides you through revoking them.
You can revoke access to your wallet by taking these steps:
- Visit the blockchain explorer to find the network of the affected tokens. Create an account or sign in if you already have one.
- To find the token approval checker, paste your wallet address into the search box and click the search button.
- You will see all approved smart contract interactions for your wallet.
- Connect your wallet to the network explorer.
- Once connected, click the “Revoke” button for each dApp or smart contract you wish to revoke. Note that you will be charged gas fees during this process.
It is best to keep your token approval list empty to avoid more compromises from open approvals. You can always approve access when interacting with the contracts or dApps again.
Report The Theft
If you wish to, you can report the theft of your assets to appropriate authorities, such as the platform where the incident occurred (in case of centralized entities like exchanges), the provider of the affected wallet, anti-phishing organizations, law enforcement, and local agencies.
This step will not only enable the relevant authorities to track your stolen assets but also help fight scammers and protect individuals from similar incidents.
You can report the theft to the support team behind the wallet in question, the blockchain explorer of the tokens stolen, the website domain name service, and the hosting provider of the malicious addresses.
You can also have your assets flagged as stolen if they are NFTs. Platforms like OpenSea have systems that mark items from verified thefts as stolen, making buying, selling, or transferring the collectibles impossible.
Lastly, sharing your story on social media platforms like Twitter or Reddit could help others better protect themselves from losing their assets to the same scam or exploit.
Can I Recover My Stolen Assets?
Recovering stolen assets can be challenging and sometimes almost impossible because the transactions are finite and irreversible. Claiming ownership of your assets can be challenging if you have lost your private keys or seed phrase.
Full or partial recovery may be possible if you apply legal measures or get assistance from law enforcement agencies, but this would require uncovering the scammers’ identities. As the crypto space is filled with anonymous and pseudonymous identities, it would be difficult to find out who the malicious actors truly are.
However, you might have a better chance to recover your stolen assets if you use a non-custodial wallet offered by centralized exchanges like Binance and Coinbase. These platforms may be able to freeze the stolen funds before they are moved out of their reach. This could happen if you report the theft on time and the exchange’s support team responds quickly.
Unfortunately, self-custodial wallets cannot reverse transactions or restore stolen assets since they do not control access to user accounts. This means your assets may be irrecoverable, and non-custodial wallet providers cannot intervene.
Note: Some platforms claim they can help users recover crypto assets stolen from self-custody wallets. These platforms usually use the opportunity to prey on users desperate to recover their stolen assets. So don’t fall for it.
Tighten Your Security
Whether you can recover your stolen assets or not, it is paramount that you tighten your security by learning and applying the safest measures to prevent a repetition of the incident. Here are a few steps you can take to guard your wallet against threats and attacks:
- DO YOUR OWN RESEARCH BEFORE INVESTING. Only connect your wallet to dApps and projects you have verified.
- Beware of links and ads you click on.
- NEVER share your seed phrases or private keys with anyone, and NEVER store them online to avoid a leak in case your device becomes compromised.
- Have multiple wallets for different purposes. Keep most of your valuable assets in cold storage, and ensure your hot wallets have fewer assets to mitigate losses during attacks.
- Always keep your token approval list empty to avoid exploits through open approvals.
- Activate two-factor authentication (2FA) for your accounts to toughen up the security of your funds.
- Use sophisticated web3 security tools like Blockfence to identify risks and threats quickly.
- Always stay alert.
While these methods may not guarantee 100% security for your assets, they can protect your funds from being easily accessed by malicious actors.
What Else?
As the crypto industry grows and expands, scammers are creating new ways to steal users’ assets. To keep your assets safe, keep learning and stay up-to-date with the newest scam methods. You can regularly check our blog section for the latest security information in the crypto world.
Since you’re primarily in total control of your wallet, you must always be on guard.