All Collections
Security
I noticed an unauthorized transaction in my Exodus wallet. What should I do next?
I noticed an unauthorized transaction in my Exodus wallet. What should I do next?

Notice an unauthorized transaction in Exodus? What to do if your wallet is compromised, and how to keep any remaining funds safe.

Updated over a week ago

What to do if you notice an unauthorized transaction in your wallet, how to start an investigation with Exodus Support, and how to keep your funds safe.

The information contained in this article is for general informational purposes only and is not legal advice. All information is provided in good faith. However, we make no representations or warranties of any kind, expressed or implied, regarding the accuracy or completeness of any information.


In this article:


What is a compromised wallet?

A wallet has been compromised if the password, 12-word secret recovery phrase, and/or private keys have been viewed or copied by anyone other than the original owner of the wallet.

Anyone who has the secret recovery phrase of a wallet has full control over the wallet's funds. If a malicious or untrustworthy individual has access to a wallet's secret recovery phrase or private keys, the assets in that wallet are in immediate danger.

With self-custody (also called non-custodial) wallets like Exodus, keeping the wallet's private data safe is vital. A self-custody wallet is only as safe as the device it is on and your security practices.

A compromised wallet is not safe for storing your assets. If you suspect that your wallet has been compromised, you should move all your assets to another wallet immediately.

Do not send any crypto to the compromised wallet.


How can a wallet be compromised?

As Exodus is a software wallet that is installed on your local device, the wallet relies on the security of your device.

A software wallet is as secure as the device it is installed on and the security steps taken to protect the wallet. Please keep in mind, this is not unique to Exodus, but is how all software wallets work.

Therefore, if any of the following happens it’s possible for a software wallet to be compromised:

  1. Somebody obtains your 12-word secret recovery phrase or the private key for any of your assets.

  2. Somebody scans your wallet’s QR syncing code.

  3. Somebody installs malware on your device, which is able to extract private data such as your password(s), secret recovery phrase and/or private keys.

  4. Somebody gains remote or physical access to your wallet, either while the wallet is unlocked or if they know your Exodus password.

  5. Somebody has your Exodus password and the email backup link if you created your wallet before February 2019.


How do I know if my wallet has been compromised?

If you believe your wallet has been compromised, take a moment to review your wallet’s transaction history. Have you noticed any transactions that you did not initiate?

To review your deposits and withdrawals in Exodus Desktop, visit: How do I audit my deposits and withdrawals?

In certain situations, an unfamiliar transaction may not be a cause for concern. For example, sending an ERC20 token requires a transaction fee (also known as gas) in Ethereum (ETH), which will show up as a separate transaction. Additionally, the process of staking and claiming staking rewards will generally require a transaction.

If a hacker has compromised your wallet, it is more likely that you will see transactions to destinations (wallet addresses) you are unfamiliar with, and they tend to be larger in nature. If you see large, unfamiliar transactions, your wallet may be compromised.


What steps should I take if my wallet is compromised?

If you suspect that your wallet is compromised, it is crucial that you send all your remaining assets to a safe alternative as soon as possible.

Once your remaining funds are safe, please contact Exodus Support at [email protected] to inform us about a potential breach of your wallet security. Please provide any details that you think might be related to the possible breach.


Where can I send my remaining assets?

The best options that serve as a safe destination for any remaining funds are self-custody software wallets (including Exodus), hardware wallets, and custodial exchanges.

To learn more about the different types of wallets, visit: What are the different types of crypto wallets?


How do I ensure the alternative destination is safe?

Self-custody software wallets:

If your self-custody wallet is installed on a desktop device, please download and install an anti-virus or anti-malware software to make sure your device is being protected against known threats.

Malwarebytes is a commonly used anti-malware software for Microsoft Windows, macOS, Chrome OS, Android, and iOS. It finds and removes any malware on your device.

Please note, there is an increased chance of malicious software on a system that is using pirated or cracked software, including the operating system.

If you wish to use Malwarebytes, here are steps on how to download and install the program on Windows and Mac.

If you are unable to download Malwarebytes, Bitdefender is a popular alternative.

Self-custody hardware wallets (Trezor, Ledger, and more):

Hardware wallets can provide some of the highest levels of protection against theft. Although hardware wallets can offer greater security, they are only as safe as your security practices. It is still crucial that you keep the private keys and secret recovery phrase safe.

  • Never keep any digital copies of the secret recovery phrase. Storing your secret recovery phrase digitally defeats the purpose of a hardware wallet, as anything stored on an internet-connected device can be potentially accessed by malicious individuals.

  • If your secret recovery phrase is stored in any digital form on your computer or cloud storage, it would be safest not to send your funds to this wallet and empty the hardware wallet as soon as you can.

  • It might be possible to ‘reset’ your hardware wallet. Please contact us at [email protected] for more information.

Have you ever shared or entered your hardware wallet’s secret recovery phrase into a website, browser extension, or another wallet?

If the answer is yes, please do not send your funds to this wallet. Send your funds out of this hardware wallet to an alternative destination as soon as possible.

Custodial exchanges (Coinbase, Binance, and more):

Custodial exchanges come with their own set of risks. If you send funds to a custodial exchange, you do not have full ownership or control over your funds. If an exchange becomes insolvent or is hacked, your funds can be at risk. However, they often offer their own security, and possibly even insurance options. Please examine the safety and security of your custodial exchange accounts by asking yourself the following questions:

Q. Does the exchange account have two-factor authentication (2FA) enabled?

  • Text/phone-based 2FA, such as codes sent over SMS, should not be used

  • Be mindful of any notifications (either email or standard notifications) of unrecognized logins or unsuccessful login attempts for your exchange account

Q. How do you store your exchange account’s password?

  • Make sure it isn't easily accessible by scammers

  • Aside from paper, the only secure way to store a password is through a password manager

  • To learn more about passwords, visit: The importance of a good password


How do I send my assets?

To learn how to send funds from your Exodus wallet, visit: How do I send Bitcoin and other crypto out of Exodus?

For steps on how to receive funds to your specific destination, please contact us at [email protected].


Can I recover my funds?

While we would like nothing more than to be able to reunite you with your funds, blockchain assets are built in such a way that their transactions are irreversible.

Non-reversible transactions are at the core of blockchain technology; the blockchain is a public ledger that no single entity controls. You can read more about this in our Knowledge Base article: Can you cancel or reverse a transaction?

The only path which may result in the recovery of your stolen assets requires the participation of both a law enforcement agency, and the funds being sent to an exchange regulated by international financial laws, such as Coinbase or Binance. Without both of these events happening, the chances of being reunited with your funds are very small.


What if my assets are staked?

For staking assets with a cool-down period, you will need to wait for the funds to unstake before you can move them out of the compromised wallet. Keep in mind that the attacker might also be waiting for the funds to unstake, making it a race between you and the attacker to claim the funds.

Staking assets without a cool-down period can be sent out of a wallet without waiting for the funds to unstake.


Staking assets with a cool-down period

With certain staked assets, there is an unstaking “cool-down” period. If you have a compromised wallet or if a potential thief unstakes one of these assets, it may be possible for you to claim the funds before the attacker can.

If you are attempting to claim unstaking funds with a cool-down period before the attacker can, then please keep the following in mind:

  • Exodus is a self-custodial wallet, so we cannot directly help to claim any unstaking funds on your behalf.

  • With a block explorer, it's often possible to monitor assets that are unstaking and view an estimate of when they will become available.

  • The recovery of unstaking funds becomes a race between you and the cyber-thief. Keep in mind the thief may have an automated solution to claim the funds (known as a “sweeper-bot”).

  • With some staked assets that use a cool-down unstaking period, it could be possible for the attacker to perform certain transactions, which immediately send the funds to the attacker's wallet.

  • You need to be ready to send the funds to another wallet as soon as the funds finish unstaking and become available in your Exodus wallet.

    • The wallet you send the funds to could be another self-custodial wallet on a secure device (such as an Exodus wallet) or a custodial wallet like an exchange account.

    • You will need to be quick and have the address you wish to send the funds to ready so you can quickly copy-paste it into your Exodus wallet. For more information on how to send funds from Exodus, visit: How do I send Bitcoin and crypto from Exodus?

The following assets have a "cool-down" period when unstaking:

  • Axelar (AXL), Cosmos (ATOM), Ethereum (ETH), Injective (INJ), Kava (KAVA), Ontology (ONT) & Ontology Gas (ONG), Osmosis (OSMO), Polygon (MATIC) and Solana (SOL).

If you notice that your assets have been unstaked by a malicious actor, please email [email protected] as soon as possible.

  • When you stake AXL, your staked funds are delegated to the AXL validator, and those funds cannot be sent

  • Unstaking could take up to 7 days before your funds become available.

  • The unbonding period and completion time can be monitored on a block explorer like https://www.mintscan.io/axelar

  • When you stake APT, your staked funds are delegated to the APT validator, and those funds cannot be sent

  • Unstaking could take up to 30 days before your funds become available.

  • You can monitor the unstaking progress from the Aptos staking section in Exodus. For a guide on how to see the progress for APT unstaking, visit: How long until my APT finishes unstaking?

  • When you stake ATOM, your staked funds are delegated to the ATOM validator, and those funds cannot be sent

  • Unstaking could take up to 21 days before your funds become available.

  • The unbonding period and completion time can be monitored on a block explorer like https://www.mintscan.io/cosmos

  • When you stake ETH, you delegate your funds to the ETH validator, and those funds cannot be sent.

  • Unstaking could take up to 10 days before your funds become available.

  • ETH unstaking is dynamic and difficult to monitor.

  • When you stake INJ, your staked funds are delegated to the INJ validator, and those funds cannot be sent

  • Unstaking could take up to 21 days before your funds become available.

  • The unbonding period and completion time can be monitored on a block explorer like https://www.mintscan.io/injective

  • When you stake KAVA, your staked funds are delegated to the KAVA validator, and those funds cannot be sent

  • Unstaking could take up to 21 days before your funds become available.

  • The unbonding period and completion time can be monitored on a block explorer like https://www.mintscan.io/kava

  • When ONT is staked, the funds cannot be sent until unstaking period is completed.

  • After ONT is unstaked, there's a wait of 2 consensus rounds (up to 120,000 blocks) before the funds are available to send.

  • The current ONT round and time estimates can be tracked at this website: https://node.ont.io/stake

  • When you stake INJ, your staked funds are delegated to the INJ validator, and those funds cannot be sent

  • Unstaking could take up to 14 days before your funds become available.

  • The unbonding period and completion time can be monitored on a block explorer like https://www.mintscan.io/osmosis

  • With MATIC, your staked funds are delegated to the MATIC validator, and those funds cannot be sent.

  • MATIC unstaking could take 3-4 days before funds are available.

  • MATIC unstaking is difficult to monitor because of variable checkpoint lengths.

  • With SOL, your staked funds are delegated to the SOL validator, and those funds cannot be sent.

  • SOL unstaking could take several epochs for your funds to be released.

  • SOL unstaking is difficult to monitor because of variable epoch lengths.


Staking assets without a cool-down period

Some staking assets do not have an unstaking cool-down period.

If your wallet has been compromised, you can move these funds out of your wallet without waiting for them to unstake. However, the attacker can also do the same.

If you have any funds left, be sure to send them out to another secure wallet, either another self-custodial wallet on a secure device (such as an Exodus wallet) or a custodial wallet like an exchange account.

The following staking assets do not have a cool-down period:

  • Algorand (ALGO), Cardano (ADA), Tezos (XTZ), VeChain (VET) & VeThor (VTHO)

  • The Algorand ecosystem uses a decentralized governance model

  • When you sign up to be a governor, your funds are committed to the ALGO ecosystem, but they can still be sent from your Exodus wallet

  • You will not receive ALGO rewards for this governance period if the funds are sent from your wallet

  • With ADA, you are staking your entire address

  • Once the funds are sent from your wallet, the staking ends. There is no cool-down period.

  • Staking XTZ involves staking your entire Tezos address. Normal transactions, while your Tezos is staked, are still possible.

  • Unstaking your XTZ is possible at any time without a cooldown period

  • VET is automatically staked to earn VTHO rewards

  • There is no cooldown period, and funds can be sent anytime


How do I report the crime?

In the table below, you can find links to cybercrime reporting resources for several countries. If your country is not listed, use the link below to find your local cybercrime unit to report your case, or email us at [email protected].

Links to cybercrime reporting resources

If you can't find a cybercrime agency in your region, you can report your case to your local police like any other theft or fraud.


How did this security breach happen to me?

Once any remaining assets have been moved to a safe location, you have the option to open an investigation. Our dedicated team can help investigate how this breach of your wallet security occurred.


How do I begin an investigation?

If you would like to investigate, you can contact Exodus Support by emailing us at [email protected]. You can write “Investigations” or “stolen funds” in the email subject line.

The investigation will require your cooperation and participation. The investigation process will consist of a series of questions and some small tasks through which you will provide relevant data that will help us to determine the source of the security breach.

The investigation can typically take several weeks to complete. In some cases, the evidence is clear and convincing and points to a definite cause. In other cases, it can be more difficult to identify the cause with complete certainty.


How do I ensure my email account is safe?

Since the safety and security of your information is of the utmost importance, please ensure that the email address used to contact Exodus Support is not compromised.

To determine if your email address is secure, you can ask yourself the following questions:

  • Are you able to log in to your email successfully?

  • Does your Sent folder have unrecognized emails?

  • If applicable, do you have 2FA enabled for your email client? If this is not yet enabled, please enable 2FA as soon as possible.

  • Does your email have any unrecognized sign-in attempts?

  • Has your email been leaked in a data breach?

When you are sure your email address is safe, send an email to [email protected] to begin an investigation.

Exodus Support is not available by telephone or chat. To learn more about all the ways you can contact us, visit: How do I contact Exodus Support?


How do I send my Safe Report to Exodus Support?

Exodus is a self-custody wallet, which means we cannot see the details of your wallet and transactions. In order to investigate what happened, we need your Safe Report.

Your Safe Report contains addresses, transactions, and other non-compromising wallet details. Your Safe Report does not contain your password, 12-word secret recovery phrase, or private keys.

You can attach a copy of your wallet’s Safe Report (one for every device your wallet is on), and send the file(s) with your email.

Please include a thorough explanation of what has occurred, how you think a breach could have happened, and any other information that you think might be relevant.


Can I be refunded for my loss?

We must state clearly that we will not be able to compensate you for the loss of your funds. This is because the Exodus wallet is a self-custody wallet that lives on your device only.

We do not store any personal information or information that would allow anyone access to your funds. This information includes your passwords, private keys, and your 12-word secret recovery phrase. For more on this, visit: What information does Exodus have access to?

Because we never have any access to or control over your funds, and we are only providing you with software to manage your own funds, Exodus cannot assume any liability for any losses that you may incur as a result of your wallet becoming compromised.


Why should I save the 12-word secret recovery phrase for the compromised wallet?

Please retain the 12-word secret recovery phrase of your compromised wallet for your records. The secret recovery phrase is the only way to access your transaction history and similar data, because Exodus is a self-custody wallet.

Write your secret recovery phrase down on paper and store it somewhere secure. You will need your secret recovery phrase to access the compromised wallet after deleting the wallet and/or wiping your device memory.

To learn how to restore a wallet using the secret recovery phrase, visit: How do I restore from my 12-word secret recovery phrase?


How do I delete the compromised wallet?

Once your secret recovery phrase for your wallet is stored, it is best to delete the compromised wallet. To find out how to delete your Exodus wallet, visit: How do I delete my wallet and start over?

You can then create a new Exodus wallet. To keep your new wallet safe, you can follow these security tips: How do I keep my money safe? How to store cryptocurrency safely.


How do I clean the devices that held the compromised wallet?

Desktop devices:

As malicious software could likely be the cause of a breach, the only way to ensure your system is clean is by removing and reinstalling your operating system (OS).

Save your personal files and documents on an external USB drive, and then follow the instructions for your device to do a fresh installation of your OS.

Make sure that you have copies of your files before deleting your hard drive. You can restore your device again after the reset process is complete.

The following resources are not affiliated with Exodus. As such, Exodus cannot guarantee that the steps shown and the information provided will always be accurate.

Mobile devices:

You will need to reset your phone to the factory default settings to ensure your device is clean. View these articles for information on how to reset your iOS or Android device:

The following resources are not affiliated with Exodus. As such, Exodus cannot guarantee that the steps shown and the information provided will always be accurate.


Online accounts:

If any of your online accounts have been connected with cryptocurrency or finance, please verify your account safety by:

  1. Changing all passwords.

  2. Enabling two-factor authentication - avoid SMS or text-based 2FA. When possible, use an authenticator app.


What if I do not wish to start an investigation?

We understand you may not want to start an investigation but simply want to know how to protect yourself after experiencing a compromised wallet.

If the cause of the breach is due to malware or is unknown, to ensure you remove any potential threats, you will need to wipe your device.

Installing a new wallet on a compromised device may lead to the loss of funds from the new wallet. To avoid this, jump to: How do I clean the devices that held the compromised wallet?

Once a wallet is compromised, it’s vital you do not use the wallet again. You must delete the old wallet and create a new wallet. For more on how to do this, jump to: How do I delete the compromised wallet?

Please note, simply changing the password will not protect a compromised wallet.

In addition, we highly recommend using a hardware wallet and reviewing your security practices.


Further resources

If you are interested in taking a deep dive into how you can keep yourself and your crypto safe, you can visit these resources:

Did this answer your question?