# Guide - Seed Phrase Compromised

{% hint style="info" %}
**NEED URGENT SUPPORT NOW**

If your matter is urgent you can reach out to us today - See the ['Contact Us'](/contact-us.md) Section
{% endhint %}

{% hint style="warning" %}
**For the purposes of writing below, we'll assume that your seed phrase is compromised**. These actions will minimise the damage immediately, regardless of how your wallet was compromised.
{% endhint %}

## Is my Seed Phrase or Private Key Compromised?

To determine what has been compromised check for the following signs

### <mark style="color:blue;">Seed Phrase Compromise</mark>

Assets from multiple wallets on the same seed phrase are being transferred.

### <mark style="color:blue;">Private Key Compromise</mark>

Assets from a single wallet on the same seed phrase are being transferred. See this [Section](#private-key-compromise)

### <mark style="color:blue;">Many Wallet Types/Seed Phrases Are Compromised</mark>

There are rare cases where multiple wallets types are compromised e.g. MetaMask and Trust Wallet are both compromised. There are many reasons why your accounts may be compromised, from email or cloud storage unauthorised access through to malware.

### **If this happens to you do the following:**

1. Route all remaining assets into a brand new wallet on a separate device.
2. **DO NOT** store the seedphrase on a device, write it down on paper and store it somewhere safe

## Quick Guide - Seed Phrase Compromise

1. **Move ALL remaining assets, from the compromised wallet to a brand new seed phrase. DO NOT create a new wallet in the same seed phrase.** Follow these steps:
   * Using a new device if possible (if not, then use the same device)
   * Create a brand new seed phrase
   * Copy the address of the new wallet on the new seed phrase
   * Send all remaining assets from the compromised wallets to this new wallet address
   * Take your time
   * Always check the first, last and middle 4 digits *(NOTE: If you only check the first and last digits, you might be exposing yourself to a different attack vector -* [*Address poisoning*](https://x.com/Intell_On_Chain/status/1732192720171520205?s=20)*)*
   * Start with the most valuable assets first
2. **Follow the assets using the relevant blockchain scanners.**

   If you see that your funds have headed out to an exchange, then contact them immediately requesting a freeze. Provide them with the following:

   * Provide the CEX deposit address
   * Provide the transaction into the exchange (inc. time & date)
   * The transaction hashes from the theft
   * Any approvals (transaction hashes)
   * Any other evidence they request (for example, a chart visualising where the funds went)
3. **Report the matter to your local police force**
4. **Report the matter to your national police force - See** [**'Reporting Crime to Authorities'**](/reporting-crime-to-authorities.md)
5. If required, seek assistance from a Lawyer. Lawyers can sometime subpoena an exchange quicker than the police. *Please note that some exchanges will only work with law enforcement*

{% hint style="danger" %}
If you're in urgent need of assistance, contact <admin@intelligenceonchain.com>
{% endhint %}

## Why do I need to report to the Police?

Assuming that your stolen assets end up on a centralised exchange (CEX), most of the time you're going to need an email from law enforcement, requesting the freezing of the suspected perpetrators account

The police have the powers to request the freezing of accounts or information from accounts.&#x20;

## Why would I need a lawyer then?

In our experience, some exchanges will work with lawyers (but not all). Assuming your stolen assets end up in a Centralised Exchange (CEX) and the police are slow to react (which is sometimes the case) Lawyers might be able to offer a letter of demand (for information/freezing) or a subpoena.

## Will I get my money back without either a lawyer or law enforcement?

Nothing is impossible but the degree of difficulty becomes much higher. Use law enforcement and/or lawyers to give yourself the best possible chance.

{% hint style="danger" %}
**Beware of scammers:** *If you have publicly shared that your wallet was drained or you have an ENS address (like a .eth address) that is connected with your social profiles, you may be targeted for a follow up scam.* \
\
**If someone approached you and guarantees a return of stolen assets, with an up front cost - this is a scam!**
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ioc.support/victim-guide-what-to-do-next/guide-seed-phrase-compromised.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.