Your wallet was drained by a malicious transaction
When you connect your wallet to a site and approve a transaction, you're trusting that site to do what it claims. Malicious sites create transactions that look legitimate but actually drain your wallet or grant unlimited access to your tokens.
How this attack works
Most drainer attacks don't need your seed phrase at all. They trick you into signing a transaction or token approval that hands the attacker permission to move your assets — then a bot sweeps them out, often within seconds.
The dangerous signatures usually fall into a few buckets: an ERC-20 approve (or Permit/Permit2) granting an unlimited spending allowance; a setApprovalForAll that signs away an entire NFT collection; or an outright transfer hidden behind a friendly-looking "Claim" or "Connect" button.
Because the website controls what it shows you, the button can say "Claim airdrop" while the actual transaction grants spending rights. The transaction — not the website — is the truth.
Warning signs
- •Funds left moments after you clicked 'Confirm,' 'Claim,' or 'Connect' on a site.
- •You approved a token or signed a message you didn't fully understand.
- •The site created urgency ('mint closes in 5 minutes,' 'claim before it's gone').
- •Your wallet asked you to 'blind sign' an unreadable string of data.
What to do right now
- •Be extremely skeptical of any "opportunity"
- •Verify sites independently before connecting your wallet
- •Use a separate "hot wallet" with small amounts for risky activities
- •Consider hardware wallets for significant holdings
Not sure this is what happened to you?
Run the 2-minute diagnostic