Once the user’s wallet assets are stolen, how to remedy the situation?

GoPlus Security Team: Many users find that their wallet assets are suddenly missing. Due to lack of good experience or methods, they often lose the assets that could have been recovered or rescued. In order to help users take correct actions quickly after their assets are stolen, the following are several key remedial measures:

Step 1: Transfer the remaining tokens in the wallet

• Create a new wallet: Create a new wallet address immediately, ensuring that the new wallet address and private key are safe and not leaked.

• Transfer assets: Quickly transfer the remaining tokens in the wallet to the newly created wallet to prevent the remaining assets from being stolen.

• Cancel authorization: Use the authorization management tool to cancel all unnecessary smart contract authorizations in the old wallet to further protect remaining assets.

• Use rescue tools: Use some rescue tools and preemptive services to quickly recover losses when necessary. These services can help prioritize the transfer of assets and avoid being automatically transferred by hackers’ monitoring programs.

Step 2: Find the root cause of the theft

1. Check your device and account

• Device Security Check: Check the device you are using to access your wallet to ensure it is free of malware, viruses, or spyware. Perform a full scan using trusted antivirus software.

• Account security check: Check accounts related to the wallet, such as trading platforms, email addresses, etc., to ensure that these accounts have not been hacked.

2. Reasons for location theft

• Stolen private key: If the private key is stolen, the hacker can take full control of the wallet and transfer all assets. If the EVM wallet private key is leaked, the hacker can transfer all assets of multiple EVM-compatible chains. Check for signs of private key or mnemonic leakage, such as entering the private key or mnemonic through a phishing website.

• Authorization fraud: Check whether malicious smart contracts have been authorized without knowing it. Use Etherscan or other blockchain browsers to view the authorization history and identify abnormal authorizations.

• Malicious signatures: Confirm whether malicious transactions or information have been signed. In particular, operations signed by DApps or other services, identify unknown or suspicious signatures.

3. Review transaction records:

• Analyze transaction history: Use blockchain browsers (such as Etherscan, BscScan) to view the wallet’s transaction records and identify suspicious transactions and unknown fund flows.

• Collect evidence: Record detailed information of suspicious transactions, including transaction ID, transaction time, other party’s address, etc., to provide evidence for subsequent reporting and investigation.

Step 3: Report to the police

1. Report to the police

• Contact local police: Contact local law enforcement agencies as soon as possible to report the theft of wallet assets. Provide detailed transaction records and evidence to help the police understand the case.

• Investigation: Fill out necessary forms and documents as required by the police to ensure that the case is formally filed. Provide as many clues and evidence as possible to help the police conduct an investigation.

2. Keep communicating

• Regular follow-up: Contact the police regularly to understand the progress of the case and provide any new clues or information.

• Assist with investigations: Actively cooperate with the police investigation and provide any information and support required.

Step 4: Seek help from professional security agencies and seek help from relevant exchanges to freeze the stolen funds based on the funding chain

1. Contact a professional safety agency

• Professional assistance: Contact blockchain security companies or professional security agencies and ask for their help. Professional agencies can provide technical support to help track and analyze the flow of stolen funds.

• Funds tracing: Use professional blockchain analysis tools to track the flow of stolen funds and identify the exchanges and final receiving addresses to which the funds flow.

2. Request the exchange to freeze funds

• Contact the exchange: Contact the relevant exchange where the stolen funds flowed, provide detailed transaction records and evidence, and request their assistance in freezing the stolen funds.

• Provide evidence: Submit the police case filing certificate, transaction records and analysis reports to the exchange to prove that the funds are stolen assets, and request the exchange to cooperate in freezing them.

• Continuous follow-up: Maintain communication with the exchange and regularly follow up on the progress of frozen funds to ensure that the stolen assets are recovered as soon as possible.

OKX Web3 Wallet Security Team: When a blockchain user's wallet assets are stolen, remedies may be limited because the decentralized and immutable nature of the blockchain means that once a transaction is confirmed, it is usually impossible to revoke it. Here are some possible remedies:

1. Take immediate action

1) Analyze the reasons for the theft

• If the authorization is given to a hacker address, you need to cancel the authorization immediately on the authorization platform.

• If the private key is leaked, a comprehensive security check is required to determine the cause of the private key leakage, reinstall the system and then replace the wallet.

2) Asset rescue

• If there are some assets in the wallet that have not been transferred, or assets in the defi project, you can rescue the assets and reduce losses.

3) Tracking the flow of funds

• You can find white hats or security community members to monitor the flow of funds together. If you find that funds are flowing to an exchange, you can apply to freeze their account.

2. Report to relevant departments

1) Report the issue to the wallet customer service

2) Call the police and report the theft to the police and provide all relevant information. This information can help users freeze their exchange accounts if they find that funds have flowed to the exchange.

3. Seek help from the blockchain community

1) Publish an announcement on relevant blockchain social media such as Twitter. Sometimes the community will help track and prevent the flow of stolen funds.

2) Provide bounty rewards to encourage white hats or community members to help recover assets.

4. Prevention

1) Seek education and training to learn more about how to protect yourself from future attacks.

2) Use cold wallets and store most of your assets in offline wallets.

3) Securely backup your keys

In summary, although the characteristics of blockchain technology make it difficult to recover stolen assets, quick action and taking multiple remedial measures can help minimize losses and prevent future risks.