Docs
Start typing to search…

I got scammed/hacked

Your account shows transactions you did not authorize, balances don’t add up, or you see an unknown signer/multisig on your 1024EX-connected wallet.

If you notice unauthorized activity, missing funds, or an unfamiliar multisig controlling permissions on addresses used with 1024EX, your wallet or device is likely compromised.

1024EX operates in a non-custodial manner for on-chain actions. Only a party with access to your private key/seed (or to a delegated signer you approved) can authorize transactions from your address. If you see activity you didn’t initiate, assume your key or device security has been breached.

What to do

  • Stop using the compromised address immediately. Treat it as permanently unsafe (“burned”).
  • Create a new wallet using a trusted provider on a clean device if possible.
  • Move any remaining assets from the old wallet to the new one—this applies across all apps and chains you use with 1024EX.
  • For assets on 1024EX EVM/settlement environments: send them to your new address. If an address you used on 1024EX Core/EVM was converted to a multisig you don’t control, migrate positions/funds where possible and cease using that address.
  • Revoke token/contract approvals to limit further access to the compromised wallet.
  • Rotate or disable API keys linked to 1024EX (and any trading bots) and remove unknown IP allow-lists or permissions.
  • Clear browser cache/cookies and remove untrusted extensions; scan for malware.
  • Identify the root cause (phishing site, leaked seed, infected device, hostile extension) to avoid repeating the mistake.
  • Secure email/SSO tied to your wallet and 1024EX login flows: change passwords and enable 2FA.

Best practices going forward

  • Being your own custodian requires continuous vigilance:
  • Never share your seed phrase or private key; never input it into a website or relay it to “support” staff.
  • Use a hardware wallet (e.g., Ledger, Trezor, Keystone) and pair it with a reputable browser wallet so your key never touches the browser.
  • Don’t rush. Read every transaction and approval; if details are unclear, do not sign.
  • Avoid unknown links and be wary of sponsored search results. Verify URLs via 1024EX’s official channels or well-known aggregators; bookmark frequently used sites.
  • Do not install unverified apps or extensions; remove extensions you no longer use or that are no longer maintained.
  • Avoid downloading unknown PDFs/files that could exploit viewers or plugins.
  • Assume most unsolicited DMs are scams. Be suspicious of requests to install software or “verify” via a link.
  • Keep software up to date: browsers, extensions, wallet apps, and OS.
  • Segment risk: use separate sub-accounts/addresses for testing vs. trading; limit approvals and spending caps; rotate API keys and restrict them by IP.
  • Back up securely: store seed phrases offline in a safe location; never in cloud notes or screenshots.

If you need help assessing what happened, contact 1024EX Support through verified channels and provide non-sensitive diagnostics (transaction hashes, timestamps, wallet type)—do not share your seed or private key under any circumstance.

Updated 3 months ago