What to do if my wallet has become compromised (I've been hacked/scammed)?

This article addresses the urgent steps you should take if you suspect your wallet has been compromised. Acting swiftly is crucial in limiting potential damage and securing your assets.

Immediate Steps

1. Check for Unauthorized Access:
   Use https://revoke.cash/ to inspect and revoke any unauthorized allowances from your wallet on the Ethereum network.
   
   

2. Device Safety Measures:
   If you've downloaded files or otherwise engaged with the scam site, it's critical to delete the files immediately and scan your device with a reputable antivirus program to eliminate potential threats. Note that new threats might not be detected by your antivirus.
   
   

3. Setup a New MetaMask Wallet:
   On a new device (or a new browser), create a fresh wallet. Write down and securely store the new wallet’s Secret Recovery Phrase.
   We recommend the use of a hardware wallet for additional security.
   
   

4. Transfer your Assets to the New Wallet:

   • Return to your compromised wallet and send any remaining funds and NFT to the new wallet.
   • Migrate your LOKA staked tokens to the new wallet if eligible
   • If a sweeper script (a script that automatically transfers out funds) is suspected on the compromised account, don't send additional ETH or tokens to cover gas fees.
     Metamask Guidance to fight back against sweeper bots: https://support.metamask.io/hc/en-us/articles/5716855323675

5. Discontinue Using the Compromised Wallet:
   Once funds are transferred, stop using the old wallet and any associated accounts.

The decentralized nature of blockchain technology means that once a transaction has been confirmed, it is immutable and cannot be reversed. This is one of the core principles of blockchain, ensuring trust and transparency, but it also means that we, at Illuvium, do not have the authority or capability to reverse or alter any transactions

Understanding How It Happened

1. Possible Causes of Compromise:

   • Malicious software on your computer accessing stored private information.
   • Visiting phishing websites that stole your information.
   • Sharing your Private Key or Secret Recovery Phrase.
   • Granting unlimited access to your funds to a dapp or smart contract.
   • Installing a fake wallet extension.
     
     

2. Analyzing and Protecting Against Future Attacks:

   • Review your browser history for suspicious sites.
   • Conduct a thorough scan of your computer for malware.
   • Report any phishing websites you find to our support team 
     
     

3. Education on Staying Safe in Web3:
   Learn about common scams and security best practices in Metamask's ‘Staying Safe in Web3’ section: https://support.metamask.io/hc/en-us/sections/11294597751963.

In the decentralized world of Web3, maintaining the security of your wallet is paramount. Understanding potential risks and knowing how to respond in case of a compromise can significantly reduce the impact of such incidents. Always be cautious with your wallet’s information and stay updated on security practices.

Report the incident to your Local Cyber Crime Authorities

They have the resources and expertise to handle such situations.

• United States: the FBI's IC3 service
• European Union: Europol portal (redirects to your chosen country)
• United Kingdom: Action Fraud
• Philippines: CICC form
• Brazil: This varies depending on state. You will likely have to contact your state's specialized cyber crime unit, potentially in person.
• Indonesia: Directorate of Cyber Crime (Patroli Siber)

Back to Top