Beware of sweeper bots

  • Updated

What sweepers bot are

A sweeper bot is a script that hijacks your wallet and auto-steals anything new that lands in it. The second you deposit funds? Gone. It’s fast, quiet, and brutal. These bots run 24/7, scanning the blockchain for any incoming transactions and reacting instantly—way faster than a human ever could. Most people don’t realize they’ve been compromised until the damage is already done.

How sweeper bots get in

To set up a sweeper bot, attackers need access to your secret recovery phrase or private key. And unfortunately, that usually means you gave it to them—often without realizing it.

Phishing scams are a common tactic. These could be fake support chats, convincing imposter websites, or emails that nudge you to “verify” your wallet. Others fall victim to malicious DApps — sites that ask you to import a wallet or connect, only to steal your credentials. Sometimes it’s as simple as installing a shady browser extension or app that quietly logs your data.

Once the attacker has your phrase, the sweeper bot takes over — watching for deposits and instantly draining anything new that hits your wallet.

What to do if your wallet is compromised

If you suspect a sweeper bot is active, stop using that wallet immediately. Don’t send more funds, and don’t attempt to fix the issue from inside the compromised account.

Do this instead:

  1. Create a new Phantom wallet with a fresh secret recovery phrase. Don’t reuse the old one.
  2. Secure your devices by running a full malware scan on any computer or phone you used with the compromised wallet.
  3. Uninstall risky extensions or apps and update your browser and operating system.
  4. Report the scam:
    1. Tag the attacker’s wallet using a Solana block explorer.
    2. File a report at chainabuse.com.
    3. Consider alerting local authorities, especially if a large amount was stolen.

Never share your secret recovery phrase—even with someone claiming to help you.

Asset recovery options

In rare cases, expert developers may be able to recover funds using advanced techniques like private transaction bundling (on Ethereum) or smart contracts that self-destruct after execution. These strategies are complex, risky, and not supported on Solana.

For most users, once funds are swept, they are unrecoverable.

How to protect your wallet going forward

The best protection is prevention. Your secret recovery phrase is everything—never share it with anyone, not even Phantom Support.

  • Use a hardware wallet like Ledger to store your keys offline.
  • Only connect to trusted dApps and verify URLs before signing anything.
  • Avoid downloading unknown browser extensions or apps.
  • Block direct messages (DMs) from strangers on social platforms.

If anyone or any website asks for your secret recovery phrase or private key, it’s a scam. End of story.

Safety checklist

  • Suspect a sweeper bot? Stop using the wallet immediately.
  • Create a new Phantom wallet with a fresh secret recovery phrase.
  • Never reuse compromised phrases or keys.
  • Secure your devices and uninstall risky apps or extensions.
  • Report the attacker’s address and get help if needed.

Was this article helpful?

5 out of 6 found this helpful
Can't find what you're looking for?

Start a chat