If you notice an unauthorized transaction in your Ronin wallet, it is crucial to act quickly. This guide will help you understand what a compromised wallet is, how to secure your remaining funds, and what steps to take next.
What is a Compromised Wallet?
A wallet is considered compromised if someone gains access to it, either physically or remotely. This includes unauthorized access to:
- Your 12-word secret recovery phrase
- Private keys
- Recovery password
Anyone with access to these details has full control over the wallet’s funds. If an untrustworthy individual gains access, your assets are at immediate risk.
With non-custodial wallets like Ronin, securing your private data is essential. The security of your wallet is only as strong as the security of your device and personal security practices.
Important: Do not send any asset to a compromised wallet.
How Can a Wallet Be Compromised?
Keeping your device secure is crucial to protecting your wallet. Careless use or weak security practices can put your assets at risk. Common threats include:
- Malware or keyloggers on your device
- Phishing attacks or scams
- Sharing your secret recovery phrase with untrusted sources
- Using insecure or compromised devices to access your wallet
For more information, please see the following article Unauthorized transfer of assets
How to Check If Your Wallet Is Compromised
If you suspect that your wallet has been compromised, start by reviewing your transaction history. Look for any transactions that you did not authorize.
In some cases, unfamiliar transactions may not indicate a security breach. For instance, in our wallet activity we can find contract interactions, also other transactions like staking and claiming staking rewards.
However, if your wallet has been compromised, you are more likely to see large, unauthorized transactions sent to unfamiliar wallet addresses. If you notice such activity, it’s a strong indication that your wallet may no longer be secure.
Steps to Take If Your Wallet Is Compromised
If you suspect your wallet has been compromised, take the following steps immediately:
- Move Your Remaining Assets: Transfer all remaining funds to a secure alternative wallet.
- Clean your Devices: Scan the devices where the wallet is installed and reformat it if possible
- Do Not Use the Compromised Wallet: Avoid sending additional funds to the compromised wallet.
Where to Send Your Remaining Assets
Your best options for securing your funds include:
- Non-custodial wallets (such as another Ronin wallet on a secure device)
- Hardware wallets (such as Trezor or Ledger)
- Exchange Platforms (such as Coinbase or Binance)
How to Ensure Your Alternative Wallet Is Secure
Non-custodial Wallets
If you choose another non-custodial wallet, take the following precautions:
- Scan your device to make sure there is no threat that could affect your wallet security.
- Install anti-virus or anti-malware software on your device to protect against known threats.
- Be cautious of pirated or cracked software, as these may introduce security vulnerabilities.
By following these steps, you can secure your remaining assets and prevent further unauthorized transactions.
Hardware Wallets - Trezor and Ledger [Only for Ronin Wallet Extension]
Hardware wallets can provide some of the highest levels of protection against theft. Although hardware wallets can offer greater security, they are only as safe as your security practices. It is still crucial that you keep the private keys and secret recovery phrase safe.
Never keep any digital copies of the secret recovery phrase. Storing your secret recovery phrase digitally defeats the purpose of a hardware wallet, as anything stored on an internet-connected device can be potentially accessed by malicious individuals.
If your secret recovery phrase is stored in any digital form on your computer or cloud storage, it would be safest not to send your funds to this wallet and empty the hardware wallet as soon as you can.
It might be possible to ‘reset’ your hardware wallet.
Check the following guides in order to reset your hardware wallet:
- Ledger reset: https://support.ledger.com/article/360017582434-zd
-
Trezor reset: https://trezor.io/learn/c/backup-recovery -
- Please notice that Trezor has a different process for each model, make sure you follow the right process for the Trezor device that you have.
Have you ever shared or entered your hardware wallet’s secret recovery phrase into a website, browser extension, or another wallet? If the answer is yes, please do not send your funds to this wallet. Send your funds out of this hardware wallet to an alternative destination as soon as possible.
Exchange Platforms: Binance, OKX, Coinbase, and Others
Exchanges come with their own set of risks. If you send funds to an exchange, you do not have full ownership or control over your funds. However, they often offer their own security, and possibly even insurance options. Do your own research and only use an exchange you trust.
Can I recover my funds?
While we would like nothing more than to be able to reunite you with your funds, blockchain assets are built in such a way that their transactions are irreversible.