Guide - Seed Phrase Compromised
This guide will help people who have fallen victim to their wallet being drained. The aim is to minimise damage and then prepare to work with Centralised Exchanges (CEXs).
For the purposes of writing below, we'll assume that your seed phrase is compromised. These actions will minimise the damage immediately, regardless of how your wallet was compromised.
Is my Seed Phrase or Private Key Compromised?
To determine what has been compromised check for the following signs
Seed Phrase Compromise
Assets from multiple wallets on the same seed phrase are being transferred.
Private Key Compromise
Assets from a single wallet on the same seed phrase are being transferred. See this Section
Many Wallet Types/Seed Phrases Are Compromised
There are rare cases where multiple wallets types are compromised e.g. MetaMask and Trust Wallet are both compromised. There are many reasons why your accounts may be compromised, from email or cloud storage unauthorised access through to malware.
If this happens to you do the following:
Route all remaining assets into a brand new wallet on a separate device.
DO NOT store the seedphrase on a device, write it down on paper and store it somewhere safe
Quick Guide - Seed Phrase Compromise
Move ALL remaining assets, from the compromised wallet to a brand new seed phrase. DO NOT create a new wallet in the same seed phrase. Follow these steps:
Using a new device if possible (if not, then use the same device)
Create a brand new seed phrase
Copy the address of the new wallet on the new seed phrase
Send all remaining assets from the compromised wallets to this new wallet address
Take your time
Always check the first, last and middle 4 digits (NOTE: If you only check the first and last digits, you might be exposing yourself to a different attack vector - Address poisoning)
Start with the most valuable assets first
Follow the assets using the relevant blockchain scanners.
If you see that your funds have headed out to an exchange, then contact them immediately requesting a freeze. Provide them with the following:
Provide the CEX deposit address
Provide the transaction into the exchange (inc. time & date)
The transaction hashes from the theft
Any approvals (transaction hashes)
Any other evidence they request (for example, a chart visualising where the funds went)
Report the matter to your local police force
Report the matter to your national police force - See 'Reporting Crime to Authorities'
If required, seek assistance from a Lawyer. Lawyers can sometime subpoena an exchange quicker than the police. Please note that some exchanges will only work with law enforcement
If you're in urgent need of assistance, contact admin@intelligenceonchain.com
Why do I need to report to the Police?
Assuming that your stolen assets end up on a centralised exchange (CEX), most of the time you're going to need an email from law enforcement, requesting the freezing of the suspected perpetrators account
The police have the powers to request the freezing of accounts or information from accounts.
Why would I need a lawyer then?
In our experience, some exchanges will work with lawyers (but not all). Assuming your stolen assets end up in a Centralised Exchange (CEX) and the police are slow to react (which is sometimes the case) Lawyers might be able to offer a letter of demand (for information/freezing) or a subpoena.
Will I get my money back without either a lawyer or law enforcement?
Nothing is impossible but the degree of difficulty becomes much higher. Use law enforcement and/or lawyers to give yourself the best possible chance.
Beware of scammers: If you have publicly shared that your wallet was drained or you have an ENS address (like a .eth address) that is connected with your social profiles, you may be targeted for a follow up scam. If someone approached you and guarantees a return of stolen assets, with an up front cost - this is a scam!
Need Help?
If your matter is urgent you can reach out to us today - See the 'Contact Us' Section
Last updated