What To Do If Your Funds Are Stolen
Victim of a Phishing Attack, We Are Sorry This Happened.
Unfortunately, we encounter these phishing scams/attacks on a daily basis. Typically, the reason for these incidents is entering your private key on a malicious website. Sometimes it is a fake MyCrypto site (e.g. mycryqto[.]com), and other times it is a fake ICO, airdrop, or EthZero-like website. You may encounter these on social media (e.g. Reddit, Twitter, Slack), via email, ads on legitimate sites, or even in your search results when looking for a real project. Other major brands like Apple, Google, and PayPal are also vulnerable and they are used as lures for phishing attacks as well. If you enter your private key (or keystore file, mnemonic phrase, passwords) on a malicious website, they have complete access to your funds. You will never need to provide a private key to these sites.
Because of the nature of the blockchain and cryptography, there is no way to reverse transactions or reset your passwords. Once a transaction is on the blockchain, it's final. For this reason, you need to move the rest of your funds as soon as possible to a new address and discontinue use of the address that was phished.
What We Do To Ensure User Safety
We actively attempt to track down the people behind these sites and do what we can to warn others, take down the site, or whatever we can given the particular situation. We also offer a lot of advice and guidance to users on how to do everything they can do to secure their funds and themselves in this new and hectic space. Read here for security tips.
There are things you can do to help as well. You can help us document these phishers and protect others from also becoming victims of phishing. Help make the community safer. We can't always scan through the world wide web by ourselves.
Document & Collect Information
- Look through your history for any URLs that look like MyCrypto.com but are actually a very similar URL (e.g. mycrypto . su or mycrypto . com . co).
- Fill out the form here: https://etherscamdb.info/report/
- Include your address, the URL you visited, and any additional information, including which Slack channels you were a part of or how you accessed the malicious link.
Move your Funds ASAP & Protect Yourself Moving Forward
- Create new accounts, safely, and move any funds from any existing accounts to these new accounts as soon as you are in a place to do so. (Rushing does not help, doing it safely is the most important thing.)
- Never enter your private keys, passwords, sensitive data on a website that you were sent via message
- ONLY unlock your wallet when you want to send a transaction. Check your balance via https://etherscan.io/ or https://ethplorer.io/
- Do not trust messages or addresses or URLs sent via private message. Always verify information w/ a secondary source.
- Install EAL
- or Install MetaMask
- or Install Cryptonite by Metacert
Tokens that haven't been distributed / can't be moved yet
If you recently participated in an ICO, you may have tokens remaining in your wallet that are not currently transferable, or perhaps these tokens will be distributed at a later date to your now compromised wallet. You will need to find out when you can send these tokens from your wallet. The easiest way to determine that is to reach out to that token's creators and ask them for the information and if they can be of further assistance.
Once you know when you can move the tokens, you will need to plan on moving your tokens as close to that time as possible. First, send 0.01 ETH into your wallet (to cover the cost of gas) and then send your tokens out of your wallet to your new, secure wallet. You should do this as quickly as possible as soon as the tokens can be moved.
We hope this unfortunate event does not happen to you again, or to anyone else. Please take your time to read through our Knowledge-Base to arm yourselves with the Knowledge to protect yourself against the phishers.