Beware of Sweeper Bots

  • Updated

🤖 What Is a Sweeper Bot?

A sweeper bot is an automated script that monitors deposits into a compromised wallet and immediately transfers the assets to an address controlled by the attacker. These bots function in real-time, as they constantly scan for pending blockchain transactions and are able to react much faster than any human could.

Sweepers are particularly dangerous because:

  • They act invisibly — users often don’t realize they’ve been compromised until funds are long gone.
  • They move assets more quickly than could be done through manual efforts

🔍 How Do Sweeper Bots Get In?

In order for a sweeper bot to be installed, the bad actor must have access to your Secret Recovery Phrase or private key. Here’s how attackers usually obtain it:

  • Phishing scams: Fake support messages, impersonated help desks, or fake websites requesting your seed phrase.
  • Malicious DApps: Scam websites that prompt you to “import” a wallet or reveal your key.
  • Browser extensions or apps: Installed from untrusted sources, these can log sensitive data.

Once an attacker has your recovery phrase, they can set up a sweeper bot using your private key. From that point forward, the bot gains control of your wallet activity, sweeping out tokens as soon as they arrive, all without your knowledge

🧯 What Should You Do if You Have a Sweeper Bot?

✅ DO:

  • Immediately stop using the compromised wallet.
  • Create a brand new wallet with a fresh Secret Recovery Phrase.
  • Secure your devices:
    • Run malware scans on all computers and phones.
    • Remove suspicious extensions and apps.
    • Update your OS and browsers.
  • Report the scam:
    • Tag the attacker’s address on a Solana block explorer.
    • Report the scam at Chainabuse.
    • Notify local authorities

❌ DO NOT:

  • Do NOT deposit more funds — they will be swept out.
  • Do NOT create new accounts within the same recovery phrase — they’re compromised too.
  • Do NOT trust any third party asking for your seed phrase.

🧠 Can I recover my assets?

In some cases — with enough technical know-how — you may be able to rescue assets using advanced tools. For example:

  • Private transaction bundling (e.g. Flashbots on Ethereum): Not currently available on Solana but similar strategies may exist.
  • Self-destruct smart contracts: Used on Ethereum to transfer ETH without exposure in the public mempool.

⚠️ These techniques are very technical and not recommended unless you’re an experienced developer or working with a trusted Web3 security expert.

🛡️ How to Stay Safe Going Forward

🔐 Protect your Secret Recovery Phrase

Your seed phrase gives full control of your funds. Never share it, not even with “support agents”. Phantom will never ask for it.

🧊 Use a hardware wallet

Hardware wallets like Ledger keep your keys offline and away from malware or browser-based attacks.

🧠 Stay skeptical

Always:

  • Double-check DApps before connecting your wallet.
  • Avoid downloading unknown extensions or apps.
  • Use official links and verify URLs carefully.

If a DApp or person ever asks for your seed phrase or private key — it’s a scam.

👻 TL;DR — Phantom safety checklist

  • Suspect a sweeper bot? Stop using the wallet immediately.
  • Create a new Phantom wallet with a fresh Secret Recovery Phrase.
  • Never reuse compromised phrases or keys.
  • Secure your devices and uninstall risky apps/extensions.
  • Report the attacker’s address and get help if needed.

Was this article helpful?

1 out of 1 found this helpful
Can't find what you're looking for?

Start a chat