IF YOU’VE BEEN HACKED — OPEN THE CRITICAL ACTIONS POP-UP
Follow a clear, stress-proof sequence. Avoid “recovery” scams. Never share seed phrases or remote access. Prefer on-chain signature verification when identity is required.
[WARNING] Do NOT share seed phrases, private keys, passwords, remote-desktop codes, or screenshots of wallets. Ignore DMs offering “recovery” or pretending to be support, police, or admins. Verify helpers via on-chain signature or official channels only.
1) First Moves from a Clean Device
- Disconnect compromised machine from the internet. Power it off (no sleep).
- Stay calm. Rushed transfers sign away approvals or feed sweeper bots.
- Warn colleagues/friends not to trust messages “from you”.
2) Secure Crypto
- Assume seeds/keys/sessions from the old device are stolen.
- Create a new wallet on a clean device. Write the seed on paper.
- Move assets: tokens/NFTs/roles → then native coin (e.g., ETH).
[NOTE] Addresses may have sweeper bots. Ask SEAL 911 before executing additional withdrawals or complex flows.
3) Secure Accounts
- From the clean device: log into Telegram, Twitter/X, Discord, Email, PM, Okta/Slack, Banking, Cloud.
- Log out all other sessions → Change passwords → Enable/Reset 2FA (no cloud backup in the 2FA app).
4) Takedown a Phishing Resource
If you need a fast takedown, send the domain/URL to us — we’re professionals at rapid disruption and evidence preservation.
5) Report & Document
Keep a concise dossier with addresses/chains, tx hashes, attacker handles, URLs, and a simple timeline.
Subject: Cryptocurrency theft / account compromise — incident report Victim Full Name: Contact Email / Phone: Jurisdiction / City: Incident Summary (2—4 sentences): - Date & time (local): - Vector (phishing link / malicious file / fake call fix site): - Immediate impacts (assets stolen, accounts hijacked): Crypto Details: - Stolen from addresses (include chain): - Tx hashes of theft (with chain): - CEX accounts affected (if any): Account Takeovers: - Services (Telegram/Twitter/Email/etc.): - Approx time you were logged out / alerted: - New login alerts (IPs/locations, if known): Evidence / Links: - URLs visited or files downloaded from: - Attacker handles/IDs: - Screenshots or logs (not included here; available upon request). Timeline (short): YYYY-MM-DD HH:MM — [Event 1] YYYY-MM-DD HH:MM — [Event 2] YYYY-MM-DD HH:MM — [Event 3] I understand this report may be correlated with other victims.
6) New Computer or Full Wipe
- Prefer a new device. If wiping, do a full factory reset.
- Do not restore backups (Time Machine/Windows/3rd-party) — malware can return.
- If copying files, keep the old device offline; do not copy the whole user folder.
[IMPORTANT] Need a sanity check before you move funds? Ask in SEAL 911 Bot. When identity confirmation is needed, prefer a simple Ethereum sign-message flow over screen-sharing.