Back to Blog

What Should I Do If My Crypto Assets Were Stolen?

MetaSleuth
April 19, 2024

Here are some tips when you are phished by scammers or your assets were stolen.

Suggested Actions

First, identify the cause and take appropriate measures to prevent further losses.

Second, attempt to recover the losses through tracking and investigation. I want to let you know that recovering losses often requires significant time and effort (and it's almost impossible to recover funds in most cases), so it is best to prioritize minimizing further damage promptly.

Third, read this document to become aware of phishing attacks and avoid becoming a victim of phishing.

What can I do with MetaSleuth?

MetaSleuth primarily assists you in two ways.

Firstly, you can use MetaSleuth to track stolen funds. If you discover that the stolen funds have entered centralized exchanges or flash exchanges, you can seek assistance from these platforms and gather evidence (usually with the help of law enforcement) to further the investigation.

Secondly, you can utilize MetaSleuth's monitoring feature to continuously monitor the stolen funds, enabling you to stay informed about the movement of funds and follow up on any leads.

How to avoid further losses?

If it is a case of private key compromise, it is recommended to immediately transfer the remaining assets from that address to a secure wallet on all relevant blockchains.

If your passphrase has been leaked, use a new passphrase to generate new addresses and transfer all remaining assets in the addresses generated by the leaked passphrase to new ones.

If it is a phishing incident, use Approval Diagnosis of MetaSuites revoke unnecessary approvals immediately to prevent further loss (very important!!!). Then, use MetaSleuth to track the fund flow and monitor the stolen funds if needed. Report to law enforcement and corresponding crypto exchanges.

Can I recover my losses?

Recovering stolen funds is generally difficult in most cases. Here are some suggestions:

If you have suffered significant losses, file a report with your local law enforcement agency. You can provide them with a phishing report or fund flow chart generated by MetaSleuth to help them understand the situation you are encountering.

If you need to recover stolen funds urgently, please feel free to seek help from professional investigation agencies or firms specializing in asset recovery.

DO NOT give sensitive information like your passphrase to anyone claiming they can recover your lost funds. Please don't trust anyone who claims to represent BlockSec to recover your loss.

Please take a look at our Twitter thread.

Stay Safe!

Sign up for the latest updates
Tracing $1.6B in TRON USDT: Inside the VerilyHK Ponzi Infrastructure
Case Studies

Tracing $1.6B in TRON USDT: Inside the VerilyHK Ponzi Infrastructure

An on-chain investigation into VerilyHK, a fraudulent platform that moved $1.6B in TRON USDT through a multi-layered fund-routing infrastructure of rotating wallets, paired payout channels, and exchange exit funnels, with traced connections to the FinCEN-sanctioned Huione Group.

Weekly Web3 Security Incident Roundup | Mar 30 – Apr 5, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Mar 30 – Apr 5, 2026

This BlockSec weekly security report covers nine DeFi attack incidents detected between March 30 and April 5, 2026, across Solana, BNB Chain, Arbitrum, and Polygon, with total estimated losses of approximately $287M. The week was dominated by the $285.3M Drift Protocol exploit on Solana, where attackers combined multisig signer social engineering with Solana's durable nonce mechanism to bypass a zero-timelock 2-of-5 Security Council, alongside notable incidents including a $950K flash loan TWAP manipulation against the LML staking protocol, a $359K Silo Finance vault inflation via an external `wstUSR` market donation exploiting a depegged-asset oracle and `totalAssets()` accounting flaw, and an EIP-7702 delegated-code access control failure. The report provides detailed vulnerability analysis and attack transaction breakdowns for each incident, covering flawed business logic, access control, price manipulation, phishing, and misconfiguration attack types.

Drift Protocol Incident: Multisig Governance Compromise via Durable Nonce Exploitation
Security Insights

Drift Protocol Incident: Multisig Governance Compromise via Durable Nonce Exploitation

On April 1, 2026 (UTC), Drift Protocol on Solana suffered a $285.3M loss after an attacker exploited Solana's durable nonce mechanism to delay the execution of phished multisig approvals, ultimately transferring administrative control of the protocol's 2-of-5 Squads governance with zero timelock. With full admin privileges, the attacker created a malicious collateral market (CVT), inflated its oracle price, relaxed withdrawal protections, and drained USDC, JLP, SOL, cbBTC, and other assets through 31 rapid withdrawals in approximately 12 minutes. This incident highlights how durable nonce-based delayed execution can decouple signer intent from on-chain execution, bypassing the temporal assumptions that multisig security implicitly relies on.

Go Deeper with MetaSleuth Investigation

Extend your crypto compliance capabilities with Blocksec's MetaSleuth Investigation, the first platform for tracing funds, mapping transaction networks and revealing hidden on-chain relationships.

Move from detection to resolution faster with clear visual insights and evidence-ready workflows across the digital assets ecosystem.

MetaSleuth Investigation