Back to Blog

What Should I Do If My Crypto Assets Were Stolen?

MetaSleuth
April 19, 2024

Here are some tips when you are phished by scammers or your assets were stolen.

Suggested Actions

First, identify the cause and take appropriate measures to prevent further losses.

Second, attempt to recover the losses through tracking and investigation. I want to let you know that recovering losses often requires significant time and effort (and it's almost impossible to recover funds in most cases), so it is best to prioritize minimizing further damage promptly.

Third, read this document to become aware of phishing attacks and avoid becoming a victim of phishing.

What can I do with MetaSleuth?

MetaSleuth primarily assists you in two ways.

Firstly, you can use MetaSleuth to track stolen funds. If you discover that the stolen funds have entered centralized exchanges or flash exchanges, you can seek assistance from these platforms and gather evidence (usually with the help of law enforcement) to further the investigation.

Secondly, you can utilize MetaSleuth's monitoring feature to continuously monitor the stolen funds, enabling you to stay informed about the movement of funds and follow up on any leads.

How to avoid further losses?

If it is a case of private key compromise, it is recommended to immediately transfer the remaining assets from that address to a secure wallet on all relevant blockchains.

If your passphrase has been leaked, use a new passphrase to generate new addresses and transfer all remaining assets in the addresses generated by the leaked passphrase to new ones.

If it is a phishing incident, use Approval Diagnosis of MetaSuites revoke unnecessary approvals immediately to prevent further loss (very important!!!). Then, use MetaSleuth to track the fund flow and monitor the stolen funds if needed. Report to law enforcement and corresponding crypto exchanges.

Can I recover my losses?

Recovering stolen funds is generally difficult in most cases. Here are some suggestions:

If you have suffered significant losses, file a report with your local law enforcement agency. You can provide them with a phishing report or fund flow chart generated by MetaSleuth to help them understand the situation you are encountering.

If you need to recover stolen funds urgently, please feel free to seek help from professional investigation agencies or firms specializing in asset recovery.

DO NOT give sensitive information like your passphrase to anyone claiming they can recover your lost funds. Please don't trust anyone who claims to represent BlockSec to recover your loss.

Please take a look at our Twitter thread.

Stay Safe!

Sign up for the latest updates
Newsletter - April 2026
Security Insights

Newsletter - April 2026

In April 2026, the DeFi ecosystem experienced three major security incidents. KelpDAO lost ~$290M due to an insecure 1-of-1 DVN bridge configuration exploited via RPC infrastructure compromise, Drift Protocol suffered ~$285M from a multisig governance takeover leveraging Solana's durable nonce mechanism, and Rhea Finance incurred ~$18.4M following a business logic flaw in its margin-trading module that allowed circular swap path manipulatio

~$7.04M Lost: GiddyDefi, Volo Vault & More | BlockSec Weekly
Security Insights

~$7.04M Lost: GiddyDefi, Volo Vault & More | BlockSec Weekly

This BlockSec weekly security report covers eight attack incidents detected between April 20 and April 26, 2026, across Ethereum, Avalanche, Sui, Base, HyperLiquid, and MegaETH, with total estimated losses of approximately $7.04M. The highlighted incident is the $1.3M GiddyDefi exploit, where the attacker did not break any cryptography or use a flash loan but simply replayed an existing on-chain EIP-712 signature with the unsigned `aggregator` and `fromToken` fields swapped out for a malicious contract, demonstrating how partial signature coverage turns any historical signature into a generic permit. Other incidents include a $3.5M Volo Vault operator key compromise on Sui, a $1.5M Purrlend privileged-role takeover, a $413K SingularityFinance oracle misconfiguration, a $142.7K Scallop cross-pool index injection, a $72.35K Kipseli Router decimal mismatch, a $50.7K REVLoans (Juicebox) accounting pollution, and a $64K Custom Rebalancer arbitrary-call exploit.

Weekly Web3 Security Incident Roundup | Apr 13 – Apr 19, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Apr 13 – Apr 19, 2026

This BlockSec weekly security report covers four attack incidents detected between April 13 and April 19, 2026, across multiple chains such as Ethereum, Unichain, Arbitrum, and NEAR, with total estimated losses of approximately $310M. The highlighted incident is the $290M KelpDAO rsETH bridge exploit, where an attacker poisoned the RPC infrastructure of the sole LayerZero DVN to fabricate a cross-chain message, triggering a cascading WETH freeze across five chains and an Arbitrum Security Council forced state transition that raises questions about the actual trust boundaries of decentralized systems. Other incidents include a $242K MMR proof forgery on Hyperbridge, a $1.5M signed integer abuse on Dango, and an $18.4M circular swap path exploit on Rhea Finance's Burrowland protocol.

Go Deeper with MetaSleuth Investigation

Extend your crypto compliance capabilities with Blocksec's MetaSleuth Investigation, the first platform for tracing funds, mapping transaction networks and revealing hidden on-chain relationships.

Move from detection to resolution faster with clear visual insights and evidence-ready workflows across the digital assets ecosystem.

MetaSleuth Investigation