You downloaded malware from a website
Fake download sites, compromised legitimate sites, and malicious ads can all serve malware disguised as legitimate software. This malware then steals your seed phrase, monitors your activity, or takes control of your wallet.
Always verify you're downloading from official sources.
How this attack works
Fake download pages, malvertising (malicious search ads), and 'cracked' or 'free' versions of paid software serve installers laced with info-stealer malware. The app may even work as advertised while the bundled stealer harvests seed phrases, browser-extension wallet data, and saved passwords in the background.
Fake versions of popular wallets and crypto tools are a favorite lure, often ranking via ads above the real site.
Warning signs
- •You installed software from a link in an ad, search result, or DM.
- •You used a 'cracked,' 'modded,' or free copy of paid software.
- •The download came from a site that was not the official source.
What to do right now
- •Only download software from official websites
- •Verify URLs carefully before downloading anything
- •Be suspicious of "cracked" or free versions of paid software
- •Run antivirus scans and consider reinstalling your OS
- •Create a brand new wallet on a clean device
Not sure this is what happened to you?
Run the 2-minute diagnostic