Move Remaining Crypto and Lock Out an Attacker

    Treat any wallet or exchange account they touched as permanently burnt.

    What to do

      • On a clean device, move any remaining funds to a brand-new wallet whose seed has never touched the compromised device
      • Revoke every token approval on Etherscan / Revoke.cash / Solscan for the affected address
      • On the exchange: change password, rotate 2FA, delete all API keys, freeze withdrawals
      • Email the exchange's compliance/fraud team with txids — they may freeze funds still on-platform
      • Report the txids to chainalysis-style trackers (e.g. via your local cybercrime unit) and to the receiving exchanges

    More from Financial Recovery

    No image

    Avoid Future Recovery and 'Refund' Scams

    Victim lists are sold and reused — assume more 'agents' will appear.
    No image

    Cut Off and Report a Recovery-Scam Contact

    Engagement is the product; ending the conversation is the win.
    No image

    Spot a Stolen-Funds 'Recovery' Scam

    Recovery-scam pitches all share the same red flags — confirm before doing anything.