Shield

Wallet Delegation Check

← Home · Read-only · No wallet connection

Step one · Check your address

Find out if your wallet has been handed to someone else.

A change to Ethereum called EIP-7702 lets a wallet delegate control of itself to a smart contract. Attackers use it to attach a permanent drainer to wallets whose keys they have already stolen. Paste an address below. This tool only reads public blockchain records — it never asks you to connect a wallet, sign anything, or enter a seed phrase. Nobody will ever need your seed phrase. Not us. Not support. Not anyone.

Try a known case:

If you are compromised, do these in order

The order matters more than the steps. People lose their remaining funds by moving money before they have somewhere safe to move it to — or by trusting a revoke that the attacker simply undoes.

  1. Do not revoke and keep using the wallet

    Revoking a delegation looks like a fix and is not one. If the attacker holds your private key, they re-sign a new delegation whenever they like. In the case this tool was built from, the owner revoked twice and the attacker returned within days, then took another $212.

    A revoked wallet is still a compromised wallet
  2. Create a brand-new wallet on a device you trust

    New seed phrase, generated fresh. If a stealer program is what took your keys, generating the new wallet on the same machine hands it straight over. Use a different device if you can, and write the phrase on paper — never in a photo, a notes app, a password manager field, or a chat.

  3. Move what is left, in as few transactions as possible

    Drainers watch compromised wallets and can take incoming gas before you spend it. Send the assets out in one transaction where you can. Accept that some dust may be unrecoverable — do not keep topping up gas to chase it.

  4. Abandon the old address permanently

    Never receive to it again. Airdrops, refunds, staking rewards — anything that lands there is the attacker's. Remove it from every profile, exchange withdrawal whitelist, and contract that pays you.

  5. Assume everything that seed touched is exposed

    One seed phrase usually derives many addresses across many networks. Check each of them here. If the phrase was ever typed into a website or stored on the compromised device, every wallet from it is gone.

Holding

Hardware wallet

Keys never leave the device, so a phishing page or a stealer on your computer cannot extract them. You still must read what you approve on the device screen — a hardware wallet stops key theft, not bad signatures. Buy direct from the manufacturer, never from a marketplace reseller.

Experimenting

A separate test wallet

Keep a wallet that holds only what you can afford to lose entirely, and use it for every new contract, mint, claim, or site you have not used before. It is the cheapest security control that exists.

Everyday

Check before you sign

Reach a site by a bookmark you saved yourself, not a search result, an ad, or a link in a message. Treat any request to "verify", "sync", "migrate", or "re-stake" your wallet by entering your recovery phrase as theft in progress. That request has no legitimate version.

Report it

Reporting will rarely return your funds — be honest with yourself about that. What it does is get attacker addresses flagged so the next person is warned, and build the record that lets investigators reach the exchanges where stolen funds are cashed out. Identifying the human behind an address is work for law enforcement, who can compel exchanges to hand over account records. It is not work for us, and guessing at it in public gets innocent people hurt.

Law enforcement

FBI IC3

For US residents. Elsewhere, file with your national cybercrime unit or police fraud line — an official report number is what exchanges act on.

ic3.gov
Public labelling

Block explorers

Ask Etherscan, BscScan and PolygonScan to tag the attacker addresses. A flagged address warns every person who looks it up afterwards.

explorer contact forms
Industry database

Chainabuse

Shared reporting used by exchanges and analytics firms. Reports here reach compliance teams who can freeze deposits.

chainabuse.com

Report text

Scan an address first and this fills in with the specific transactions and addresses found. Copy it into any of the forms above.

What this tool cannot tell you

A security tool that oversells itself is worse than none, because people relax.

  • A clean result is not a clean bill of health. This checks for one specific attack: a malicious EIP-7702 delegation. A stolen private key with no delegation attached yet looks identical to a safe wallet from the outside.
  • It cannot see token approvals. A drainer that took unlimited spending permission on your tokens does not need a delegation. Check those separately with a revocation tool.
  • It cannot tell you how your keys leaked. The blockchain records the theft, never the phishing site, the fake support agent, or the malware that caused it.
  • It cannot identify the attacker. Wallets that drain victims are often themselves compromised wallets, chained several deep. Naming a person from on-chain data alone is how the wrong person gets blamed.
  • It cannot recover anything. No one can reverse a settled transaction. Anyone who contacts you offering to recover your funds for a fee is running the second scam, aimed at the people who fell for the first.