Unfortunately, we encounter these phishing scams / attacks on a daily basis. The most common cause for these incidents is entering your private key on a malicious website. Sometimes it is a fake MyCrypto site (e.g., mycryqto[.]com) and other times it is a fake ICO, airdrop, or EthZero-like website. You may encounter these imposters on social media (e.g., Reddit, Twitter, or Slack), via email, ads on legitimate sites, or even in your search results when looking for a real project. Other major brands like Apple, Google, and PayPal are also vulnerable and they are used as lures for phishing attacks as well. If you enter your private key, Keystore file, Secret Recovery Phrase, or password on a malicious website, the scammer will have complete access to your funds. You will never need to provide a private key to these sites.
Because of the nature of the blockchain and cryptography, there is no way to reverse transactions or reset your passwords. Once a transaction is on the blockchain, it's final. For this reason, you need to move the rest of your funds as soon as possible to a new address and discontinue use of the address that was phished.
We actively attempt to track down the people behind these sites, warn others, take down the sites, and whatever else we can to help, given the particular situation. We also offer a lot of advice and guidance to users on how to do everything in their power to secure their funds and themselves in this new and hectic space. Read here for security tips.
There are things you can do to help as well. You can help us document these phishers and protect others from also becoming victims of phishing. Help make the community safer. We can't always scan through the world wide web by ourselves.
Create new accounts, safely, and move all funds from existing accounts to these new ones as soon as you are in a place to do so. (Rushing does not help. Doing it safely is the most important thing.)
Never enter your private keys, passwords, or sensitive data on a website that you were sent via message.
Do not trust messages or addresses or URLs sent via private message. Always verify information w/ a secondary source.
or Install MetaMask.
or Install Cryptonite by Metacert.
If you recently participated in an ICO, you may have tokens remaining in your wallet that are not currently transferable or, perhaps, these tokens will be distributed at a later date to your now compromised wallet. You will need to find out when you can send these tokens from your wallet. The easiest way to determine that is to reach out to that token's creators and ask them for the information and whether they can be of further assistance.
Once you know when you can move the tokens, you will need to plan on moving them as close to that time as possible. First, send 0.01 ETH into your wallet (to cover the cost of gas) and then send your tokens out of your wallet to your new, secure wallet. You should do this as quickly as possible, as soon as the tokens can be moved.
We hope this unfortunate event does not happen to you again, or to anyone else. Please take your time to read through our Knowledge-Base to arm yourself with information on to protect yourself against the phishers.
Didn't find what you were looking for? Contact Us
MyCrypto is an open-source tool that allows you to manage your Ethereum accounts privately and securely. Developed by and for the community since 2015, we’re focused on building awesome products that put the power in people’s hands.
Subscribe to MyCrypto
Get updates from MyCrypto straight to your inbox!