In this situation, your wallet is most likely compromised (someone has obtained unauthorized access). The steps below outline a method for damage limitation: you may be able to rescue some funds from your account before they are removed.
Follow these steps as soon as possible:
- Install MetaMask on another browser (or another browser profile). For Mobile, you'll need a second device, enabling you to create a new instance of MetaMask (if you remove MetaMask from your mobile device and you don't have the Secret Recovery Phrase backed up, you won't be able to re-access it).
- Create a new MetaMask wallet on the new browser, browser profile, or mobile device.
- Write down the Secret Recovery Phrase in the correct order and store it someplace safe. Never give it to anyone.
- Go back to the compromised account and send any remaining funds to the newly created account. If you believe there may be a sweeper script on the compromised account, don't send in any additional ETH or other tokens to pay for gas (if there is a sweeper, try following our guidance here).
- Once you've removed all of the funds you can, discontinue using the old wallet and any accounts associated with the compromised Secret Recovery Phrase.
- Report the scam to the relevant authorities.
Unfortunately, transactions cannot be reversed, nor missing the funds restored. MetaMask is a self-custodial wallet, which means we cannot control access to user accounts, nor intervene and rescue your account or funds for you.
MetaMask's partnership with Asset Reality means it may be possible for you to access further support, or become part of a wider investigation. There is no guarantee that you will get your funds back. To potentially benefit from Asset Reality's services, please just contact MetaMask Support in the usual way (via the 'Start a Conversation' button on the homepage of this site) and we will guide you through the process if your case is suitable.
Why did this happen?
Due to the sheer scale and scope of web3, there is an enormous abundance of attack vectors that could have been the reason your wallet was compromised. Some common causes are listed below:
- Your computer has been compromised with malicious software and you stored your private information on your computer, allowing it to identify and retrieve your Secret Recovery Phrase, for example.
- You have visited a malicious phishing website that stole your information.
- You gave your private key or Secret Recovery Phrase to someone or a site.
- You gave a dapp or site's smart contract unlimited access to your funds (find out how to revoke access here).
- You installed a fake MetaMask extension that stole your funds.
Try to analyze your browser history and scan your computer to eliminate any further breach of information. If you discover any suspicious phishing websites please follow the steps in our How to report a scam article so we can prevent this from happening to other users in the future. If you have any further information after your own investigation, please let us know.