You opened a malicious email attachment
Phishing emails often contain attachments disguised as invoices, documents, or important files. These can install malware that steals your seed phrase, logs your keystrokes, or monitors your crypto activity.
Email phishing has been around for decades, and crypto users are now prime targets.
How this attack works
Phishing emails carry attachments dressed up as invoices, shipping notices, resumes, or 'important documents.' Opening the file — especially enabling macros in a document, or running an executable — installs malware that logs keystrokes and steals wallet data and saved credentials.
The email may spoof a brand, an exchange, or even a contact whose account was compromised, which is why the attachment feels expected.
Warning signs
- •You opened or 'enabled content' on an unexpected attachment.
- •The email created urgency or impersonated a service or contact.
- •Funds or credentials were compromised after handling that email.
What to do right now
- •Never open attachments from unknown senders
- •Be suspicious of unexpected attachments, even from known contacts
- •Verify with the sender through a different channel if unsure
- •Run antivirus scans and consider reinstalling your OS
- •Create a brand new wallet on a clean device
Not sure this is what happened to you?
Run the 2-minute diagnostic