Beware of sweeper bots in your Phantom wallet

  • Updated

What sweeper bots are

A sweeper bot is a script that hijacks your wallet and auto-steals anything new that lands in it. The second you deposit funds? The funds are gone—fast, quiet, and brutal. These bots run 24/7, scanning the blockchain for any incoming transactions and reacting instantly—way faster than a human ever could. Most people don’t realize their wallet has been compromised until the funds are already gone.

How sweeper bots get in

To set up a sweeper bot, attackers need access to your Secret Recovery Phrase or private key. And unfortunately, that usually means you gave it to them—often without realizing it.

Phishing scams are a common tactic. These could be fake support chats or convincing imposter websites, or emails that nudge you to “verify” your wallet. Others fall victim to malicious apps, which are sites that ask you to import a wallet or connect, only to steal your credentials. Sometimes it’s as a malicious browser extension or app quietly logging your data.

Once the attacker has your phrase, the sweeper bot takes over—watching for deposits and instantly draining anything new that hits your wallet.

What to do if your wallet is compromised

If you suspect a sweeper bot is active, stop using that wallet immediately. Don’t send more funds, and don’t attempt to fix the issue from inside the compromised account.

Do this instead:

  1. Create a new Phantom wallet with a fresh Secret Recovery Phrase. Don’t reuse the old one.
  2. Run a full malware scan on any computer or phone you used with the compromised wallet.
  3. Uninstall risky extensions or apps and update your browser and operating system.
  4. Report the scam:
    • Tag the attacker’s wallet using a Solana block explorer such as Solscan.
    • File a report at Chainabuse.
    • Alert local authorities if a large amount was stolen.

Never share your Secret Recovery Phrase—even with someone claiming to help you.

Asset recovery options

In rare cases, developers may attempt to recover funds using advanced techniques such as private transaction bundling (on Ethereum) or self-destructing smart contracts. These methods are complex, risky, and not supported on Solana.

For most users, once funds are swept, they are unrecoverable.

How to protect your wallet going forward

The best protection is prevention. Your Secret Recovery Phrase is everything, so never share it with anyone, not even Phantom Support.

  • Use a hardware wallet, such as a Ledger, to store your keys offline.
  • Only connect to trusted apps and verify URLs before signing anything.
  • Avoid downloading unknown browser extensions or apps.
  • Block direct messages (DMs) from strangers on social platforms.

If anyone or any website asks for your secret recovery phrase or private key, it’s a scam. End of story.

Safety checklist

  • Stop using the wallet immediately if you suspect a sweeper bot.
  • Create a new Phantom wallet with a fresh Secret Recovery Phrase.
  • Never reuse compromised phrases or keys.
  • Secure your devices and uninstall risky apps or extensions.
  • Report the attacker’s address and get help if needed.

Was this article helpful?

10 out of 14 found this helpful
Can't find what you're looking for?

Start a chat