What if I got scammed?

If you think you were scammed, act quickly to protect any assets still in your wallet. Blockchain transactions are final and cannot be reversed, including by Phantom.

How did you get scammed?

Select the scenario that best matches your situation. If you're not sure what happened, start with the last section.

Connected to a malicious website or app

If you connected your wallet to a suspicious site or approved transactions you did not fully understand, a malicious app may have gained permission to spend your tokens.

1. Disconnect suspicious apps. Go to Settings → Connected Apps, then disconnect any app you do not recognize. To be safe, you can select Disconnect All.
2. Revoke token approvals. Some scams grant ongoing spending permissions even after you disconnect an app. Revoking approvals can help stop further unauthorized withdrawals. See Revoke token approvals.
3. Move any remaining assets to a new wallet immediately. Even after you disconnect apps and revoke approvals, the wallet may no longer be safe to use. See Move funds to a new Phantom wallet when you need to start over.
4. After you move your assets, stop using the compromised wallet entirely.

Shared the Secret Recovery Phrase

If you shared your 12 or 24-word Secret Recovery Phrase with anyone, or entered it into any website or app, the wallet is permanently compromised. The attacker has full control and can steal any assets sent to that wallet at any time.

1. Stop using the compromised wallet immediately. Do not try to secure, recover, or continue using it.
2. Create a new wallet with a fresh Secret Recovery Phrase, then transfer any remaining assets to it as soon as possible. See Move funds to a new Phantom wallet when you need to start over.

Never share your Secret Recovery Phrase with anyone, including anyone claiming to be Phantom Support.

You're not sure what happened

This is common. Scammers often hide how access was gained. If you do not know what happened, treat the wallet as compromised and secure any remaining assets right away.

Take these steps now:

1. Create a new wallet and transfer any remaining assets to it. See Move funds to a new Phantom wallet when you need to start over.
2. Scan your device for malware using trusted antivirus software.
3. Check your browser extensions and uninstall anything you do not recognize or did not intentionally install.
4. Go to Settings → Connected Apps and disconnect any app you do not recognize.
5. Revoke any outstanding token approvals. See Revoke token approvals.
6. After you move your assets, stop using the compromised wallet.

These are the most common ways a wallet is compromised without you realizing it:

• Malware on your device: Keyloggers, clipboard hijackers, and malicious browser extensions can capture your recovery phrase or replace wallet addresses without you noticing.
• Phishing sites: You may have entered your Secret Recovery Phrase into a site designed to look like Phantom. Always check URLs carefully and only use phantom.com.
• Fake Phantom apps or extensions: Counterfeit versions of Phantom exist in app stores and browser extension stores. Always download Phantom from the official site.
• Compromised recovery phrase storage: If your recovery phrase was stored in a cloud service, screenshot, notes app, or email, someone may have accessed it there.
• Malicious token approvals: Interacting with suspicious NFT airdrops, fake mint pages, or unknown dApps can grant spending permissions without obvious signs.

Reporting phishing sites and scammers

Even if your funds cannot be recovered, reporting the scam can help protect other users. For detailed reporting options, see our scammer reporting guide. It covers how to report to Phantom, submit a public report to Chainabuse, and file a report with law enforcement.

Protecting yourself going forward

Warning: Do not share your Secret Recovery Phrase or private key with anyone. If someone has access to either, they will have full control of your wallet. Phantom Support will never ask for your recovery phrase or private key.

Being scammed is deeply frustrating, but it often leads people to improve their security habits. For more guidance, see our Security tips for Phantom users. The most important habits are:

• Store your Secret Recovery Phrase offline only. Write it down and keep it in a secure location. Never store it in a photo, notes app, email, or cloud storage.
• Only download Phantom from phantom.com/download. Check URLs carefully before entering any credentials.
• Never enter your Secret Recovery Phrase into any website. You do not need your recovery phrase to connect to a dApp.
• Treat unsolicited token airdrops, NFTs with links, and offers that seem too good to be true as scams by default.
• Regularly review and revoke token approvals for apps you no longer use.

We know this is not the outcome you were hoping for. If you have more information about the scam that may help our team, visit help.phantom.com.