> For the complete documentation index, see [llms.txt](https://docs.coin98.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.coin98.com/products/coin98-super-wallet/mobile/security-and-privacy/what-to-do-when-wallet-hacked.md). # What should you do when your wallet has been hacked or scammed? Compromised account could be one of the worst Web3 user's nightmare, we are truly sorry for what you are going through. It's completely understandable to feel overwhelmed and upset right now. However, there's still a chance to save some of your funds if we act quickly. Let's focus on recovering what we can for now. So, the burning question is: ## What should you do immediately if your wallet has been hacked or scammed? If your wallet is compromised, transfer out all remaining tokens as quickly as possible and stop using that wallet. *(If all of your tokens have already been transferred out, you can skip this section.)* 1. **If you think the hack came from your device, use a different device first**. You can install Coin98 Super Wallet or Coin98 Extension on another device before taking the steps below. 2. **Create a new multichain wallet in Coin98 Super Wallet or Coin98 Extension.** Follow the official wallet creation guides. 3. **Save the seed phrase for the new wallet in a safe place.** Never share your seed phrase with anyone. 4. **Move the remaining funds from the compromised wallet to the new wallet.** If you suspect a sweeper script is active in the compromised wallet, do not send additional tokens just to pay gas. A sweeper script can instantly move incoming funds out of the wallet. 5. **Stop using the old wallet after the transfer is complete**. Do not reconnect it to dApps, sign transactions with it, or store new assets in it. After securing your remaining funds. There's still a task to do, we first need to reassess the cause of this accident and take preventive measures to prevent this from happening in the future. ## Why did this happen? The rapid growth and profitability of the cryptocurrency industry have made it a prime target for hackers. No matter how secured your app or your phone, you are just one simple mistake away from being hacked. A wallet can be compromised for several reasons. Check whether any of the following applies: 1. **Your computer or mobile device has malicious software.** Malware can steal passwords, browser data, keyboard input, or clipboard content. 2. **You visited a phishing website.** A fake website may have captured your wallet details or tricked you into signing a harmful transaction. 3. **You shared your seed phrase with someone, a website, or a scam app**. Anyone with your seed phrase can control the wallet. 4. **You approved unlimited access to your funds for a scam site or scam smart contract.** A malicious approval can let a contract transfer tokens from your wallet later. 5. **You approved unlimited access for a site or smart contract that was later exploited.** Even a legitimate dApp can become risky if the contract is compromised. ## How can you prevent this from happening again? 1. Always double-check any software before installing it on your device. * **Pro tip**: Many people choose to keep a separate phone specifically for cryptocurrency activities. This "crypto phone" is used solely for managing crypto and isn't involved in any other tasks. 2. **Never share your seed phrase with anyone, ever!** * Do not send it to anyone, and do not enter it into websites, chat apps, or support forms. 3. Double-check dApps before interacting with them. Make sure the site is legitimate before connecting your wallet or signing a transaction. 4. Revoke wallet access after you finish using a dApp. You can revoke wallet access after completing transactions using our [Wallet Approval tool](https://docs.coin98.com/products/terminal/wallet-approval). 5. Use separate wallets for different activities. Keeping a small active wallet for dApp interactions and a separate storage wallet can limit damage if one wallet is compromised. ### Key terms * dApp: A decentralized application that connects to a wallet for on-chain actions. * Token approval: Permission that lets a smart contract spend tokens from your wallet. * Unlimited approval: A permission that allows a contract to spend as many tokens as it can access, until you revoke it. * Sweeper script: A malicious script that automatically moves funds out of a wallet as soon as new assets arrive. ## FAQs #### Can Coin98 block transactions from my hacked wallet? No. Coin98 is a non-custodial wallet, so Coin98 does not control individual user wallets and cannot block transactions from them. #### Can a blockchain transaction be reversed? No. Once a transaction is confirmed on the blockchain, it cannot be reversed or undone. #### Should I keep using the compromised wallet after I move the funds? No. Stop using the old wallet immediately after you transfer any remaining funds. Treat it as unsafe. #### What should I do if I already shared my seed phrase? Assume the wallet is fully compromised. Create a new wallet immediately and move any remaining assets out of the exposed wallet as fast as possible. #### What should I do if I approved a malicious token allowance? Create a new wallet if needed, move remaining assets out, and revoke any unnecessary approvals using the Wallet Approval tool. #### What if the attacker is using a sweeper script? Do not send extra funds to cover gas if you believe a sweeper script is active. Incoming tokens may be removed immediately, which can make recovery impossible from that wallet. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.coin98.com/products/coin98-super-wallet/mobile/security-and-privacy/what-to-do-when-wallet-hacked.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.