What to Do If Your Wallet is Compromised

Introduction

If you suspect your wallet has been compromised (for example, your funds were stolen or otherwise transferred without your permission), it’s important to act immediately to protect your funds and secure your assets. This article will guide you through the necessary steps to reduce any further risks and ensure your wallet's security.

Understand the implications of a compromised wallet

Web3 is decentralized and is not controlled by a centralized entity. So when dealing with crypto and Web3, it’s essential to understand that transactions on the blockchain cannot be reversed by anyone (not even by Trust Wallet), and assets cannot be recovered once transferred out of your wallet.

The decentralized nature of blockchains prevents central authorities from intervening in such situations, making it crucial to take immediate action upon discovering a breach. If you find that you’re wallet is compromised, take the following steps.

1. Create a new wallet and migrate your funds

To secure your funds do the following:

1. Set up a new wallet and backup your secret phrase (commonly called a mnemonic, seed, or recovery phrase) securely.

   This is critically important because anyone who has your secret phrase has full access and control of your funds.

2. Transfer any remaining funds in the compromised wallet to your new wallet's address.

Use the below guides to help you in migrating your funds

• Set up a new wallet address if you’re using the Trust Wallet Mobile App
• Set up a new wallet address if you’re using the Trust Wallet Browser Extension

Once your funds are transferred to the new address, do not reuse the compromised seed phrase, password, or any associated credentials from the previous wallet.

2. Check your devices for malware and security threats

Ensure that the device you use to access your wallet is free from malware or security vulnerabilities by running a thorough scan using reputable antivirus and anti-malware software. Removing any security threats will help prevent further attacks on your new wallet.

3. Review your online accounts and passwords

It’s possible that your wallet's breach is a result of compromised online accounts or passwords.

For example, if you saved your wallet’s secret phrase on your Google Drive and your Google account password was exposed via a data breach.

Be sure to review your email, social media, and other online accounts for any unauthorized access or suspicious activity. A good resource to see where your online credentials may have been exposed is HaveIBeenPwned.

If you’re credentials have been exposed then change your passwords, ensure passwords are unique across your accounts, and enable two-factor authentication wherever possible to safeguard your online presence. A password manager is a good tool for helping to create and store passwords that are strong and unique.

4.  Create a ticket at support.trustwallet.com

Scammed funds are generally not retrievable, but our support team wants to understand the details. Report the incident to law enforcement and create a support ticket at support.trustwallet.com. Include all relevant information, such as your receiving QR code, transaction details, links you connected your wallet to, conversations with suspected scammers, and the amount of stolen funds. 

5. Learn and implement best security practices

To prevent such incidents from occurring in the future, educate yourself about the best practices for maintaining crypto wallet security. These may include using hardware wallets for storing large amounts of cryptocurrency, understanding signs of phishing attacks, and routinely updating software to maintain a secure environment.

Conclusion

While dealing with a compromised self-custodial crypto wallet can be a challenging experience, following the steps outlined above will help minimize the damage and secure your assets moving forward. Always stay informed about current security threats and best practices to safeguard your digital assets.