Skip to main content
All CollectionsSecurity and Privacy
What to Do if You’ve Had Your Funds Stolen
What to Do if You’ve Had Your Funds Stolen

Seeing transactions from your wallet that you don't recognize? Your wallet could be compromised - here's what to do next.

Katya Michaels avatar
Written by Katya Michaels
Updated over a week ago

Phishing, scams, and loss of assets through compromised wallets are unfortunately very common in the crypto space.

It's important to understand that non-custodial, client-side crypto wallets like MEW are not 'hacked' – we don't collect user data, we don't hold it on servers, and we don't have any access to user wallets, so there's nothing to 'hack' on our side.

Instead, scammers find ways to trick users into giving up their keys or into sending crypto to a scammer address. Other times, users expose their recovery phrase without realizing – either by storing it online, by entering it on a phishing website, or by importing an old, compromised phrase into a new wallet.

No one can freeze, reverse, or refund transactions on the blockchain. If you are seeing transactions in your wallet that you don't recognize, your wallet must have been compromised through a scam or the exposure of your recovery phrase. While there is nothing we can do to recover that crypto, we can help you figure out how it may have happened and how to make your wallet more secure going forward.

Step 1: Identify the method

The first step is identifying how it happened. New schemes and phishing methods are being invented every day, but there are a couple of main attack vectors.

  • Check your history. Have you recently visited any unfamiliar sites where you interacted with your wallet? Did you enter your information on a fake MEW after clicking a link? (Look carefully at the URL. Do you see any tiny dots or accents over or under the letters? Fake sites try to make the URL look as close as possible to the real one.)

  • Did you recently interact with a DApp, a DeFi platform, or NFT marketplace that asked you to give permissions/sign messages? Phishing sites can trick you into signing bad contract permissions with your wallet, giving them access to transfer tokens out of your wallet without you knowing about it.

  • Are you storing your phrase securely? You shouldn't keep it on a computer, in an email, on a cloud service, in a messenger app, or any other storage that is connected to the internet. It should be written down on paper or in a special phrase storage device, and kept in a secure location known only to you.

  • Scan your computer for malware. It’s possible your files have been compromised.

  • Did anyone help you create the wallet? Did you import a phrase from a different wallet into your current MEW wallet? Think carefully about how your wallet was created and whether anyone could have had access to your recovery phrase besides you, even if it was a long time ago.

  • Do you have any remote-access software installed, i.e. Teamviewer? These can be accessed remotely to view the information right from your screen.

  • What method do you use to access your wallet? Private keys, keystore/JSON files, and mnemonic phrases are not recommended for online access because they put your wallet at higher risk of compromise.

Step 2: Make a new wallet.

Since your old wallet was compromised, you will need to discontinue its use and set up a new wallet. There is no way to 'reset' a wallet phrase or add a password to it retroactively. Once it's compromised, it's compromised forever.

  • Note: if an attacker stole all your ETH but left some tokens in the wallet, be careful about putting in ETH for gas to move those tokens out. This might be a trap – the attacker may have set up a bot that will move any ETH that's put in the compromised wallet out to the attacker's wallet immediately.

MEW offers multiple ways of creating a secure wallet:

  • MEW wallet is our fully-fledged mobile app, which allows users to buy, hold, and send ETH and tokens right from their smartphone, swap tokens, and interact with decentralized applications via the built-in browser. It’s simple, fast, and secure.

  • Enkrypt is a multichain browser extension wallet created by MEW that supports Ethereum and other chains including Bitcoin, Polygon, BNB Chain, Arbitrum, Optimism, and Polkadot. Use it to create a wallet, manage assets on different networks, as well as interact with DApps and web3.

  • For a larger amount of crypto, the best thing you can do for your security is to purchase a hardware wallet. These are generally around ~$100 but can save you thousands in the long run.

Step 3: Learn about best security practices.

When it comes to crypto, there is no such thing as being too educated. This is a very new field, so even the experts always have more to learn. The more you know, the more prepared you’ll be.

  • MEW offers a lot of educational materials that can help. Start with our Pro-Tips on how to avoid phishers.

  • Follow us on Twitter and Reddit for any current MEW-related scams or updates that might be going on.

  • Google everything! Before sending money to any service, search it on Google. Read people’s opinions on it, check Twitter and Reddit. Do your research!

  • If in doubt, email us at and we'll do our best to help.

Step 4: Use your experience to help others.

To avoid these scams, other users need to know that they’re happening. Take screenshots and write down what happened, while it’s still fresh.

  • Send us the information! We cannot recover stolen funds, but we can help warn others. We’re always available at Make sure to include all relevant addresses, transaction hashes, screenshots, and details about how it happened.

  • Let people know on Twitter, Reddit, Etherscan, etc. Blow up those comments. Let your voice be heard.

We know these attacks can be very demoralizing, but let it be an opportunity for learning. If these phishers deter you from using crypto, then they win. Show them that you’re a force to be reckoned with!

~ If you haven't already, feel free to check us out on Twitter and Reddit ~


mewwalletios, mewwalletandroid, whatis, funds, stolen, tips

Did this answer your question?