Skip to main content

What to Do If Your Wallet Is Compromised

Immediate steps and recovery options after a wallet hack.

Updated yesterday

Do This First

Do not send ETH to the compromised wallet. Sweeper bots monitor compromised wallets and will steal any funds you send — often within seconds.

  1. Stop using the compromised wallet immediately

  2. Create a new, secure wallet

  3. Check if you still own your ENS name in the ENS App

What ENS Can and Cannot Do

Before attempting recovery, understand these limitations:

  • ENS cannot reverse transactions or restore access — blockchain transactions are permanent

  • No ENS administrator can transfer your name for you — only the wallet owner can sign transfers

  • You cannot transfer ownership during Grace Period — the name must be actively registered

  • Recovery requires ETH for gas — and sending ETH to a compromised wallet is risky

Check Your Situation

Before choosing a recovery method, answer these questions:

Do you still own the name?

Check in the ENS App. If the name shows a different owner, it's already been transferred and cannot be recovered through ENS.

Is the name in Grace Period?

If yes, you cannot transfer it until you extend the registration. But extending may signal you want to recover the name.

Is there a sweeper bot active?

If ETH disappears within seconds of arriving, a bot is active. Standard transfers won't work.

Recovery Options

Option 1: Transfer Immediately (If No Bot Is Active)

Best for: Wallets where the attacker hasn't set up a sweeper bot

Success rate: High if you act fast, before a bot is deployed

Steps:

  1. Send a small amount of ETH to the compromised wallet

  2. Immediately transfer the ENS name to your new secure wallet

  3. If the ETH disappears before you can transfer, a bot is active — stop and try another method

Option 2: Wait for the Bot to Stop

Best for: Wallets with active sweeper bots

Success rate: Low to moderate — bots sometimes go inactive after weeks or months

Risks:

  • The attacker may transfer your name while you wait

  • The name may expire

  • Sending ETH to test if the bot stopped may reactivate it

Steps:

  1. Monitor the wallet without sending any funds

  2. After several weeks, send a tiny test amount of ETH

  3. If it stays, quickly transfer your ENS name

  4. If it disappears, the bot is still active

Option 3: Wait for Expiry and Re-register

Best for: When other methods have failed and the name isn't highly valuable

Success rate: Low — others may register before you

Risks:

  • The attacker may extend the registration (anyone can do this)

  • Someone else may register the name after it's released

  • You'll pay Temporary Premium fees if you don't wait 21+ days after Grace Period

Steps:

  1. Wait for the name to expire and pass through the 90-day Grace Period

  2. Monitor the Temporary Premium auction

  3. Register as a new name when the price is acceptable

  4. Be aware: others are watching too

Option 4: Flashbots Rescue (Advanced)

Best for: Technical users comfortable with complex tools

Success rate: Moderate — requires precise timing and technical skill

These tools bundle multiple transactions to outrun sweeper bots:

  • FlashbotsBundlerUI — React app for building Flashbots bundles

  • flashbots-ens-rescue — Tool specifically for ENS recovery

  • Ambire Wallet — Has gas tank features that may help fund transfers using tokens the bot hasn't touched (including some on L2s)

Warning: These are not ENS tools. They are community and third party built tools which may not be actively maintained. Use at your own risk.

Common Misconceptions

"My name was burned — I was hacked!"

When an expired name is newly registered by someone else, the old NFT is destroyed. This looks like a hack but isn't. Check the registration date in the Ownership tab — if it shows a recent date, the name was simply re-registered after expiry.

"ENS can help me get my name back"

ENS has no ability to reverse blockchain transactions or override ownership. Only the wallet holding the NFT can transfer it.

Prevent Future Compromise

Once you've secured a new wallet, protect your names:

  • Use multi-wallet security — Keep ownership in a cold wallet, use a hot wallet for daily transactions. See: Setup Multi-Wallet Security

  • Never share your seed phrase — ENS will never ask for it

  • Verify transaction details — Read what you're signing before approving

Related Articles
How to Register a .eth name
Transfer / Send Your Name
Set Up Multi-Wallet Security on your Name
ENS Pricing
Do Expired ENS Names Affect Wallet Access?
Did this answer your question?