Wallet Hacked? The First 10 Things to Do Right Now
What to do if your crypto wallet gets hacked: a practical, step-by-step emergency plan to move your funds, revoke approvals, lock down your accounts, and report the incident safely.
Realizing your wallet has been hacked is a terrifying moment, and the first instinct is usually panic. But the worst thing you can do right now is act rashly — or freeze up. The first few minutes matter, and the good news is there's a clear, ordered set of steps you can follow to limit the damage and protect what's left.
Take a deep breath, open this checklist, and start from the top.
Before You Start: Make Sure It's Really a Hack
Sometimes a delayed transaction or a display glitch causes panic for nothing. But if you see any of the following, treat it as a real hack immediately:
- Outgoing transactions you didn't make.
- Your balance suddenly disappearing, or a string of transfers to an unfamiliar address.
- An app or website asked for your "Seed Phrase," and funds started moving shortly after.
If your seed phrase or private key has been exposed (typed into a site, sent to someone, or stored on an infected device), consider the entire wallet permanently burned. It cannot be "fixed" — everything must be moved to a brand-new wallet.
The Emergency Plan: 10 Steps, In Order
1. Disconnect Immediately
Take the device offline if you can, and close any open wallet or platform sessions. If the breach came through a browser extension or app, shut it down. The goal: stop the bleeding before you think about anything else.
2. Set Up a Clean New Wallet
On a different device you trust (not the compromised one), create a brand-new wallet with a brand-new seed phrase. A hardware wallet is best if you have access to one. Never reuse the old seed phrase, ever.
3. Move Your Valuable Assets First
Transfer whatever is left to the new wallet, starting with what's most valuable and easiest to move: stablecoins like USDT first, then larger holdings. Watch the network fees, and double-check the address character by character before sending.
4. Revoke Dangerous Approvals
Many thefts don't even need your private key — it's enough that you once granted a smart contract permission to withdraw. Use a trusted revoke tool (like the official revoke pages on blockchain explorers) to pull any open approvals.
| Item | Do This Now |
|---|---|
| Old token approvals | Revoke all of them, especially "unlimited" ones |
| dApp connections | Disconnect every active session |
| Unfamiliar tokens you received | Don't touch or sell them |
5. Change Passwords From a Safe Device
From a clean device, change your email password first (since it's the key to everything), then move on to connected platforms and apps. Use strong, unique passwords for every service.
6. Enable 2FA and End All Sessions
Turn on 2FA using an authenticator app (not SMS, if you can help it), and log out of every device on your important accounts. Review the list of trusted devices and remove anything you don't recognize.
7. Scan Your Device for Malware
The root cause could be malware or a fake extension. Run a full scan, and remove any browser extension you don't remember installing. If in doubt, wipe and reset the device to a clean state before using it for funds again.
8. Check Your Email and Recovery Settings
Confirm the recovery settings on your email and phone number haven't been changed, and that no strange forwarding rules were added to your inbox. Attackers sometimes leave a "backdoor" in your email to come back later.
9. Document Everything
Record the suspicious transaction hashes, timestamps, amounts, and any link or message you received. Screenshots matter. This documentation helps when reporting the incident and helps you understand how it happened.
10. Report It to the Right People
- The platform or service where the breach happened: open a support ticket right away — sometimes an account or a related transaction can be frozen.
- Paperino support: if the issue involves your account with us, reach out directly so we can secure it.
- Local authorities in your country if a financial theft has occurred.
Blockchain transfers cannot be reversed. No one can bring back funds that have already left an address. The point of reporting is to secure what's left and prevent another breach — not to recover what's lost. Be extremely wary of "recovery experts" who promise to get your funds back for a fee; that's a second scam.
Once the Storm Has Passed
Once the urgent steps are done, take time for a calm review:
- Understand the entry point: Was it a phishing link? A seed phrase written down somewhere it shouldn't have been? A malicious extension? Knowing the cause prevents a repeat.
- Separate your layers: Keep a "cold" wallet for long-term savings that never connects to any site, and a small "hot" wallet just for everyday use.
- Golden rule: No one — not even genuine support staff — will ever ask for your seed phrase. Anyone who does is a scammer.
Quick Reference: Do's and Don'ts
| Do | Don't |
|---|---|
| Move funds to a clean new wallet | Don't reuse the old seed phrase |
| Revoke open approvals | Don't share your key with a "recovery expert" |
| Enable 2FA and end all sessions | Don't click "support" links in private messages |
| Document and report | Don't rush to pay any fee to "recover" your funds |
A hack is a harsh experience, but it isn't the end of the road. What matters now is acting calmly and in order: stop the bleeding, save what's left, then rebuild your security on stronger foundations. Users who learn from one incident often end up far more secure than most.
This article is for general security awareness only and is not financial, legal, or security advice tailored to your situation. The right steps depend on the type of wallet, network, and nature of the breach. When in doubt, stop before sending anything, and consult a trusted or qualified source before taking any step that may not be reversible.
Related articles
The rewards are real — cross, collect, and they're yours.