What to Do If Your Funds Are Stolen
Last updated: 2019-04-01
Victim of a phishing attack? We are sorry this happened
Unfortunately, we encounter these phishing scams / attacks on a daily basis. The most common cause for these incidents is entering your private key on a malicious website. Sometimes it is a fake MyCrypto site (e.g., mycryqto[.]com) and other times it is a fake ICO, airdrop, or EthZero-like website. You may encounter these imposters on social media (e.g., Reddit, Twitter, or Slack), via email, ads on legitimate sites, or even in your search results when looking for a real project. Other major brands like Apple, Google, and PayPal are also vulnerable and they are used as lures for phishing attacks as well. If you enter your private key, Keystore file, mnemonic phrase, or password on a malicious website, the scammer will have complete access to your funds. You will never need to provide a private key to these sites.
Because of the nature of the blockchain and cryptography, there is no way to reverse transactions or reset your passwords. Once a transaction is on the blockchain, it's final. For this reason, you need to move the rest of your funds as soon as possible to a new address and discontinue use of the address that was phished.
What we do to ensure user safety
We actively attempt to track down the people behind these sites, warn others, take down the sites, and whatever else we can to help, given the particular situation. We also offer a lot of advice and guidance to users on how to do everything in their power to secure their funds and themselves in this new and hectic space. Read here for security tips.
There are things you can do to help as well. You can help us document these phishers and protect others from also becoming victims of phishing. Help make the community safer. We can't always scan through the world wide web by ourselves.
Document and collect information
- Look through your history for any URLs that look like MyCrypto.com but are actually a very similar URL (e.g., mycrypto . su or mycrypto . com . co).
- Fill out the form here: https://etherscamdb.info/report/
- Include your address, the URL you visited, and any additional information, including which Slack channels you were a part of or how you accessed the malicious link.
Move your funds ASAP and protect yourself moving forward
Create new accounts, safely, and move all funds from existing accounts to these new ones as soon as you are in a place to do so. (Rushing does not help. Doing it safely is the most important thing.)
Never enter your private keys, passwords, or sensitive data on a website that you were sent via message.
Do not trust messages or addresses or URLs sent via private message. Always verify information w/ a secondary source.
or Install MetaMask.
or Install Cryptonite by Metacert.
Tokens that haven't been distributed / Can't be moved yet
If you recently participated in an ICO, you may have tokens remaining in your wallet that are not currently transferable or, perhaps, these tokens will be distributed at a later date to your now compromised wallet. You will need to find out when you can send these tokens from your wallet. The easiest way to determine that is to reach out to that token's creators and ask them for the information and whether they can be of further assistance.
Once you know when you can move the tokens, you will need to plan on moving them as close to that time as possible. First, send 0.01 ETH into your wallet (to cover the cost of gas) and then send your tokens out of your wallet to your new, secure wallet. You should do this as quickly as possible, as soon as the tokens can be moved.
We hope this unfortunate event does not happen to you again, or to anyone else. Please take your time to read through our Knowledge-Base to arm yourself with information on to protect yourself against the phishers.