If you are here because this has happened to you, we are truly sorry.
It will feel horrendous right now, but you are not alone and there are some things you can be doing immediately to help protect yourself.
If your wallet gets hacked do you know what to do?
Our answer was no, so we decided to find out!
We have pulled together the best information we could find from respected cyber-security and crypto wallet websites, as well as contacting industry experts directly (see references at the end) to save you all that frantic searching when something goes wrong!
Here is a checklist / process we came up with.
7-Step Plan for when your Wallet has been Hacked
WARNING: In all cases, you should assume your PC/Mobile device has also been hacked!
DO NOT use it for logging into ANYTHING as you may simply be giving the hacker further access!
(DO NOT delete your wallet > See Tracking the Hack)
Step 1: Use a “Clean” PC or Mobile?
A device that you have never used before to access your crypto accounts?
Assume that the devices you usually use to access your crypto wallet (phone/pc) may be compromised. The next thing to do is try and log into your wallet from a “clean device” you have never used for crypto stuff.
If you do not have access to a clean device then go to Step 6 first and then return to Step 2.
Step 2: Can you Login to your crypto wallet account?
If YES continue below..
If No go to Step 5
If you CAN log into your wallet you need to:
– Check the wallet transactions log to see if any of your crypto or NFTs have left the wallet without you knowing about it.
- If there are transactions you don’t recognize assume you have been hacked and focus first on protecting your funds.
Go to Step 3
- If your Crypto/NFT’s are currently untouched your priority is to immediately change your login details as these may have been compromised.
Go To Step 4
Step 3: If you have crypto or NFT’s still in your wallet.
If you still have Crypto or NFTs left in your hacked wallet you need to move them to a new wallet now.
If you DO HAVE an existing hardware wallet or another software wallet you trust, move your crypto there.
If you DONT HAVE another wallet you will need to create a new one first to move your funds into.
Do not move your crypto into anyone else’s wallet and DO NOT ACCESS any of your other crypto sites on a pc or mobile that may be compromised!
NOTE: DO NOT delete your hacked wallet as it may contain information that can track your lost assets if you choose to contact a crypto recovery service to help you.
Step 4: Change Login Details
To do this you need to create a brand new unique password, we discuss what a good password is and why it’s important here.
Where possible enable 2-factor authentication using an authenticator app on a clean device. Try and avoid using your phone number/SMS for authentication.
If your wallet supports it, enable extra security that will notify you before any further transactions can take place. Write down all your new login details somewhere safe OFFLINE. Our FREE recording sheets can be downloaded here.
If you still have doubts about the security of the wallet now would be the time to create a new one, with two(!) new email addresses. Assume your old email is compromised so DO NOT use it even as a recovery email address! We discuss suitable email providers here.
Go To Step 5
Step 5: Lockdown Access to your Wallet and linked accounts
If you CANNOT LOG IN with your usual details OR you know / suspect you have been hacked you need to do two things now.
- Go to the website homepage of your crypto wallet by physically typing the correct website address into the address bar. (Don’t click on links or use your favorites/history)
Follow your wallet provider’s instructions for freezing your wallet account/reporting fraud on your account. The good crypto wallet companies will talk you through what to do next; we have the support contact details for the most popular wallets at the end of the article.
- If you have a bank account or credit card linked to that wallet, contact the bank or service provider immediately using their “report fraud process” and explain that there may have been fraud on your account.
( NOTE: Don’t log into your bank account to check if anything is missing using your usual mobile or PC. Assume they may be compromised because of the hack)
- Ok….now breathe!
Now go to Step 6
Step 6: Scan all your potentially affected devices.
Using a respected anti-malware program!
If you don’t already have anti-malware software running on your pc or mobile. This is your next step. There are fake malware programs/websites out there so beware and choose a well-known name and only download directly from their genuine website/app store
If you do have anti-malware software, run it on all your devices. If anything is detected follow the steps to remove it and re-scan your device to make sure it is gone.
Go To Step 7
Step 7: Have you used that email or password before?
We have all done it, used the same email address in lots of different places or created variations of the same password to make them easier to remember.
The email and password you created for your hacked wallet are no good to you now. The information is probably out there and makes you vulnerable. But let’s fix that now.
So, you need to create some new email accounts and passwords. There are lots of reputable email providers out there but you should choose an email that offers full encryption. (See our secure email and passwords blogs for tips and suggestions)
When you sign up for a new email account you are invited to create an email address. This time you need to get creative. Avoid using your name and birthdate combinations @blahmail.com. It is too easy to guess. The harder it is for you to initially remember, the safer it will probably be. The same goes double for your password!
Please read our blog on passwords to get a head start on which types of passwords are the safest.
We use paper recording sheets for all our login accounts. As you will be creating and changing any login details that may be compromised, now would be a good time to start recording yours somewhere safer too.
Remember to create a new email address/password as your Crypto recovery address. It should only ever be used just for recovery emergencies!
( If you want to try out our recording sheets you can download them free from our website. We have made it a read-only pdf because it’s safer that way.)
Tracking the Hack
Recovering stolen crypto is rare but not impossible. Some of the key information you will need is contained in your wallet transaction log which is why it is important NOT to delete your affected wallet. If you no longer have access to your affected wallet there are still steps you can follow below to gather as much information as possible.
Below we outline some of the kind of information you will want to gather. Keep this information factual and concise.
(Adding in your own theories of what might have gone wrong may lead you down an unnecessary and stressful rabbit hole and may also increase the time it could take an investigator to process the information you have provided)
Any transaction that takes place in your wallet has a Transaction ID.
This is a unique string of letters/numbers that represent a record of the movement of a cryptocurrency/NFT from one address to another.
The ID contains information about the date, time, sending address, receiving address, and amounts that were sent.
- Make a record of all the Transaction IDs you believe to be fraudulent by writing these down, taking a screenshot, or a photo of your transaction history.
- Make a record of the last transaction ID you believe you made legitimately from your wallet (before it was compromised) with details of why, where, and who was sending/receiving the crypto.
Transaction IDs can allow an investigator to “follow your money”.
Writing a clear history of your recent use of your crypto wallet can really help piece together what may have happened and may aid in investigations.
- This should include any sites you may have linked this wallet to such as gaming, NFT marketplaces, exchanges, crypto projects, social media, or other wallets you may hold or have interacted with.
- Any communications you may have received in relation to this wallet such as text messages, emails, notifications, social media posts, etc
- Any other accounts you may hold that you believe have been compromised.
- A timeline of what initially alerted you to the fact that your wallet may have been compromised including dates and times and the process you followed to discover and report the problem. Include your communication with wallet support services, banks, police, and other relevant authorities.
Proof of Ownership
It is important to be able to prove you own the wallet in question and are the original owner of any funds it contained if you can.
You can do this by:
- Generating a statement from your cryptocurrency wallet that shows your account ID, name, the amount of your holdings, and the valuation of your crypto assets.
- Signing a message with your private key ( please contact your wallet provider for instructions on how to do this as the process varies from wallet to wallet)
- Gathering financial records that show you have funded this wallet from other financial accounts that you can prove you own such as your bank/credit card/PayPal account etc
- Gathering information to prove that you have bought assets and moved them to your affected wallet, such as exchange account records/NFT marketplace records.
Recovering your lost Crypto/NFTs
If you have come here looking to find out how to track your hacked crypto, we know in some cases it is possible, and some people manage to get some of their Crypto back with the help of a Crypto Recovery service.
What is less clear is who to trust and how much it will cost?
So I went searching for an answer and checked all the usual places for answers. What I found was a scammy landscape of bot replies faking concern and suggesting anonymous, shadowy figures who could help if you clicked on a link….. But that was after 6 hours of scrolling through this junk….
I didn’t get one solid lead after my search.
Crypto Recovery Companies
I didn’t even know “Recovery Fraud” was a “thing” until I started looking for help. I went hot and cold when I then came across this article by the USA Commodity Futures Trading Commission which spells out how fake asset-recovery companies draw you in, demand money, then disappear.
It sounded like every company advert I had scrolled past so far!
I am sure there are some excellent recovery services out there but frankly, their lights are not shining brightly enough for me to find them amongst the rest, to be able to share them with you, with confidence.
If you are still planning to go down the route of contacting a crypto recovery service, please read the commissions article first so you know what to watch out for!
Please also DYOR as security processes and recommendations are being revised all the time. We will do our best to keep updating you if you are already on our mailing list.
Do bookmark our site so it is easy to find us again. Sooner or later you are going to come across someone who could really use this help!
Support Page Links for Popular Wallets :
Note: It would have been very easy for us to include the following support pages as LINKS but hopefully you understand the danger in including something that may be easily hacked. Instead either retype the addresses below or cut and paste them into your search bar.