What to do if you were scammed

  • Updated

We're sorry this happened to you. Losing funds to a scam or a compromised wallet is a genuinely distressing experience, and we want to help you through it as best we can.

Blockchain transactions are final and cannot be reversed. No one, including Phantom, in undo them. But acting quickly can help you secure what's left, prevent further loss, and protect yourself going forward. This article explains exactly what to do based on how your wallet was compromised.

Warning: Never share your Secret Recovery Phrase or private key with anyone, incuding anyone claiming to be Phantom Support. Phantom will never ask for these. If someone has access to either, they have full control of your wallet.

How did you get scammed?

Choose the scenario that best matches your situation. If you're not sure, start with the last section.

By connecting to a malicious website or app

If you connected your wallet to a suspicious site or clicked a link that initiated transactions without your explicit approval, a malicious app may have received permission to spend your tokens. This is one of the most common attack vectors. Scammers use phishing links, fake browser extensions, fake NFT minting pages, and copycat dApp sites to gain access.

  1. Disconnect malicious apps: Go to SettingsConnected Apps and disconnect any unfamiliar apps, or select Disconnect All to be safe.
  2. Revoke token approvals: Some attacks grant ongoing spending permissions. Revoking approvals stops further unauthorized withdrawals. See Revoke token approvals.
  3. Move to a new wallet immediately: Even after disconnecting, a compromised wallet may not be fully safe. Create a new wallet and transfer any remaining assets. See Move funds to a new Phantom wallet when you need to start over.
  4. Once your assets are moved, stop using the compromised wallet entirely.

By sharing your Secret Recovery Phrase

If you shared your 12 or 24-word Secret Recovery Phrase with anyone, or entered it into any website or app, the attacker now has complete, permanent control over your wallet. Common tactics include impersonators posing as Phantom Support, fake wallet restoration pages, and "support" accounts on social media or Discord.

  1. Stop using the compromised wallet immediately. Do not attempt to secure or "fix" it. Any funds sent to a wallet with an exposed recovery phrase can be stolen at any time.
  2. Create a new wallet with a fresh Secret Recovery Phrase and transfer your remaining assets. See Move funds to a new Phantom wallet when you need to start over.

Remember: Phantom Support will never ask for your Secret Recovery Phrase. Anyone who does is a scammer.

You're not sure what happened

This is more common than you might think. Scammers are skilled at covering their tracks. Here are the most frequent ways wallets are compromised without the user realizing it:

  • Malware on your device: Keyloggers, clipboard hijackers, and malicious browser extensions can capture your recovery phrase or swap wallet addresses without you noticing.
  • Phishing sites: You may have entered your Secret Recovery Phrase into a site designed to look like Phantom. Always check URLs carefully and only use phantom.com.
  • Fake Phantom apps or extensions: Counterfeit versions of Phantom exist on app stores and browser extension stores. Always download Phantom from the official site.
  • Compromised recovery phrase storage: If your recovery phrase was stored in a cloud service, screenshot, or email, someone may have accessed it there.
  • Malicious token approvals: Interacting with suspicious NFT airdrops, fake minting sites, or unknown dApps can grant spending permissions without obvious signs.

Steps to take now:

  1. Create a new wallet and transfer your remaining assets. See Move funds to a new Phantom wallet when you need to start over.
  2. Scan your device for malware using trusted antivirus software.
  3. Check and uninstall any browser extensions you don't recognize or didn't intentionally install.
  4. Go to SettingsConnected Apps and disconnect any apps you don't recognize.
  5. Revoke any outstanding token approvals. See Revoke token approvals.
  6. Once your assets are moved, stop using the compromised wallet.

Reporting phishing sites and scammers

Even if your funds can't be recovered, reporting the scam helps protect others. For detailed steps on all available reporting options, see our scammer reporting guide. It covers how to report to Phantom, how to submit a public report to Chainabuse, and how to file with law enforcement.

Protecting yourself going forward

Experiencing a scam is awful, but it often leads people to become significantly more security-conscious afterward. For comprehensive guidance on keeping your wallet safe, see our Security tips for Phantom users. The most important habits:

  • Store your Secret Recovery Phrase offline only. Written down and kept somewhere physically secure, never in a photo, note app, email, or cloud storage.
  • Only download Phantom from phantom.com/download. Verify URLs carefully before entering any credentials.
  • Never enter your Secret Recovery Phrase into any website. You do not need your recovery phrase to connect to a dApp.
  • Treat unsolicited token airdrops, NFTs with links, and "too good to be true" offers as scams by default.
  • Regularly review and revoke token approvals for apps you no longer use.

We know this isn't the outcome you were hoping for. If you have additional questions or information about the scam that may help our team, visit help.phantom.com.

Was this article helpful?

117 out of 425 found this helpful
Can't find what you're looking for?

Start a chat