Use compromised MM after fraud incident

Hello, friends.

I’m aware, that is highly recommended to stop using MetaMask address that has been compromised in any way.
However I would like to see expert opinion for my case.
It is extremely inconvenient for the me to abandon this wallet as there are many assets last in many chains, as well as address has been registered with many projects and participated in many events to receive future rewards.

Very recently the wallet has been hacked when I connected to phishing site and approved a “dangerous” request from malicious Dapp. That was a mistake, but that site looked very authentic, similar to legit project, so I did not rejected request.
After that scammers stole some NFSs and funds and sent to their wallet (silently, no notifications appeared).
That happened only on the one of many chains that wallet is belong to. Assets on other chains remained in place.
I DID NOT revealed my private key or seed phrase to anyone.
After the incident I have deleted access to the wallet of that malicious site/Dapp.

Now I’m cautious. I’m not sure if I can continue to use that wallet safely. What do you think?

Considering that sensitive credentials have not been revealed, and malicious Dapp has been disconnected, maybe it’s ok to use wallet?
Thank you for advices.

Hello @stevesnake, welcome to MetaMask community!

Your inquiry is more complex and i understand why and how, as myself am involved in plenty of projects with my wallet and can understand the feeling of having to go through all of it, as you were advised.

For your peace of mind, first you would need to check what approvals you have made and revoke them all, on all chains, in case you haven’t done that yet.

Second, go into detective mode and investigate the contract and dapp with which you interacted and stole your tokens and find out what the contract does exactly and what kind of a permission you gave it, along with what exactly it did to your wallet and what it did to other people’s wallets that fell for it too. Check explorers and other sources or the people that got scammed too.

Third, make sure you understand what to look out for when interacting with smart contracts or when signing anything anywhere.

In the same way you have been advised to not interact with a compromised wallet, i would advise you to create a new MetaMask wallet and move everything you have on other chains and whatever else you know you don’t need on that wallet, to the new one, and after going through all the steps i mentioned above, see what will happen with your compromised wallet while you still use with anything that you don’t want/can’t move, while at least having some of your other tokens and nfts stored safely in a new wallet.

Also, try using a hardware wallet and pair it to a safe MetaMask wallet, for an extra layer of safety for your coins and tokens that you can store somewhere else than on your hot wallet.

Hope this helps you a bit, in the end, it’s all up to you on how you want to proceed as long as you understand what you’re doing or at least learn.

4 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.