I was scammed or my wallet was drained. What can I do?

Losing crypto to a scam or unauthorized transaction is stressful, and we're sorry you're dealing with this. This guide walks you through everything you can do right now to protect any remaining funds, understand what happened, explore your reporting and recovery options, and strengthen your security going forward.

Phantom is a non-custodial wallet, which means only you control your private keys. Blockchain transactions are final and cannot be reversed by Phantom or any other wallet provider. While this means we cannot recover stolen funds, there are still meaningful steps you can take. In some cases, law enforcement or exchanges have helped freeze or recover assets.

Act fast: secure your wallet right now

If you believe your wallet has been compromised, take these steps immediately. Acting quickly can prevent further losses.

Step 1: Disconnect suspicious apps

1. Select your profile avatar in the upper left.
2. Go to Settings → Connected Apps.
3. Disconnect any app you do not recognize. To be safe, you can select Disconnect All.

Disconnecting stops apps from reading your wallet data, but it does not revoke spending permissions they may already have.

Step 2: Revoke token approvals

Some scams grant ongoing spending permissions that remain active even after you disconnect. Revoking approvals stops further unauthorized withdrawals.

• Solana: Use Famous Fox's Revoker. Connect your Phantom wallet, then select Revoke all.
• Ethereum and EVM networks (Ethereum, Base, Polygon, Monad): Use Revoke.cash. Connect your Phantom wallet, review active permissions, and revoke any you don't recognize.

Revoking approvals is different from disconnecting. Disconnecting removes the app's ability to view your wallet. Revoking removes the app's ability to move your funds.

Step 3: Move remaining assets to a new wallet

Even after disconnecting apps and revoking approvals, your wallet may no longer be safe, especially if your Secret Recovery Phrase was exposed. Create a new wallet and transfer your remaining assets to it immediately.

1. On a separate device or browser, install Phantom and create a new wallet.
2. In the new wallet, select Receive and copy the wallet address for each network.
3. In your current wallet, send your assets to the new addresses.
4. Repeat for each token and network.
5. After confirming everything transferred, stop using the old wallet entirely.

Do not transfer suspicious or unknown tokens. Some scam tokens are designed to trigger malicious actions when you interact with them, including sending.

For detailed step-by-step instructions, see Move funds to a new Phantom wallet when you need to start over.

Important: Before transferring, check for staked tokens DeFi positions, perpetual or prediction market positions, and Cash account balances. Some of these may require extra steps (unstaking, closing positions, withdrawing) before funds can be moved.

Understand what happened

Knowing how the scam worked helps you protect yourself going forward and provides useful detail if you file a report. Here are the most common scenarios:

Connected to a malicious website or app

You may have connected your wallet to a site that looked legitimate but was designed to steal funds. These sites often ask you to approve transactions that grant the scammer permission to move your tokens. This is the most common type of crypto scam and can happen through:

• Phishing links in emails, DMs, Discord, Telegram, or X.
• Fake NFT mints or airdrop claim pages.
• Ads or search results leading to cloned project websites.
• Suspicious links embedded in token names or NFT metadata.

Shared your Secret Recovery Phrase

If you entered your 12- or 24-word Secret Recovery Phrase into any website, app, or shared it with anyone, the wallet is permanently compromised. The attacker has full control and can steal any assets sent to that wallet at any time. Do not try to secure or continue using the wallet, create a new one immediately.

Phantom Support will never ask for your recovery phrase.

Bought a scam token

Scam tokens are designed to trick you into losing funds. Common types include:

• Fake token airdrops: Tokens appear in your wallet with instructions to visit a malicious site to "claim" rewards.
• Pump-and-dump tokens: Scammers hype a token on social media, wait for the price to rise, then sell, crashing the price.
• Honeypot tokens: These let you buy but prevent you from selling, trapping your funds.
• Rug pulls: Creators attract buyers and then remove liquidity or abandon the project.
• Impersonation tokens: Tokens that copy the name, logo, or branding of a legitimate project.

Receiving a scam token does not harm your wallet by itself. The risk comes from interacting with it, such as clicking links, trying to swap or sell it, or approving transactions.

You're not sure what happened

This is common. Scammers often hide how access was gained. If you don't know what happened, treat the wallet as compromised and secure your remaining assets right away using the steps above. Common hidden causes include:

• Malware on your device (keyloggers, clipboard hijackers, malicious browser extensions).
• Phishing sites that looked like Phantom.
• Fake Phantom apps downloaded from unofficial sources.
• Recovery phrase stored in a cloud service, screenshot, or notes app that was accessed by someone else.

Report the scam

Reporting a scam won't guarantee fund recovery, but it creates a public record that helps investigators, exchanges, and other users. In some cases, especially with large losses, reports have led to frozen or recovered assets.

Report to Chainabuse

Chainabuse is a public blockchain threat reporting platform used by investigators, exchanges, and security researchers. Submitting a report ties a public record to the scammer's wallet address so others can find and build on it. This is one of the most effective independent steps you can take.

Report to law enforcement

• File a local police report: Contact your local law enforcement and get a case number. You may need it for insurance claims or further action.
• Report to the FBI (US only): Submit a report to the Internet Crime Complaint Center at ic3.gov. The IC3 has worked with exchanges and financial institutions to freeze stolen crypto in past cases.

What to expect after getting scammed

We want to be honest about what is and isn't possible so you can make informed decisions:

• Phantom cannot reverse transactions. Blockchain transactions are final by design. No wallet provider, Phantom or otherwise, can undo them.
• Phantom cannot access, freeze, or recover your funds. As a non-custodial wallet, we never have access to your private keys or assets.
• Law enforcement may be able to help in some cases. Especially with large losses, agencies have worked with exchanges to freeze scammer accounts. Filing reports gives them something to work with.
• Chainabuse reports create a paper trail. Even if your funds aren't recovered, the report may help future victims and investigations.
• Your experience matters. Many people who have been scammed use it as a turning point to adopt stronger security practices.

Protect yourself going forward

These habits can significantly reduce your risk of future scams:

Guard your Secret Recovery Phrase

• Store it offline only. Write it down and keep it in a secure location.
• Never store it in a photo, notes app, email, or cloud storage.
• Never enter it into any website. You do not need your recovery phrase to connect to a dApp.
• If you created your wallet with Google or Apple login, protect your four-digit PIN the same way.

Verify before you connect

• Only connect your wallet to apps you trust. Use the Explore tab in Phantom to find verified apps.
• Verify project URLs through official sources (project website, X, Discord). Never trust links from DMs, ads, or comments.
• Always check the contract or mint address of a token before swapping. Use trusted sources like CoinGecko or blockchain explorers (Solscan, Etherscan, and others).

Use Phantom's built-in security tools

• Transaction previews: Phantom simulates transactions and flags suspicious activity. If you see a warning, stop immediately.
• Spam detection: Machine learning identifies and hides suspicious NFTs and tokens automatically.
• Auto-lock: Set Phantom to lock automatically when not in use. Go to Settings → Security & Privacy → Auto-Lock.

Treat unsolicited tokens and NFTs as suspicious

• Do not click links in token names or NFT descriptions.
• Do not try to swap, sell, or send unknown tokens.
• Hide and report suspicious NFTs: Select the NFT → More → Report as Spam.
• Burn unwanted Solana NFTs to reclaim the SOL used to store them.

Use a burner wallet for risky interactions

Create a separate wallet and fund it with only what you need for a specific interaction (testing a new app, minting an NFT, and so on). After the interaction, revoke approvals and move any remaining funds before deleting the wallet.

Use a hardware wallet for high-value assets

Devices like Ledger provide additional protection. Learn how to use Ledger with Phantom on desktop or mobile.

Periodically review token approvals

Regularly check and revoke permissions for apps you no longer use. This limits exposure from past activity.

Related articles

• Report a scam
• Revoke token approvals
• Disconnect Phantom from an app
• Move funds to a new Phantom wallet when you need to start over
• Common token scams
• Common NFT scams
• Tools to help you avoid crypto scams
• Security tips for Phantom users