If you landed here because you searched "compromised MetaMask wallet" or "my MetaMask was hacked what to do", this is a practical checklist you can act on right now. I believe speed matters; I also believe calm helps. In my experience the majority of losses happen because people try the wrong fix first (for example, connecting a compromised account to another site). This guide is aimed at US-based users who use MetaMask as a software (hot) wallet for DeFi, token swaps, staking, and dApps.
Who should read this: everyday DeFi users, traders who use MetaMask on mobile or browser extension, and people with both small and mid-size balances.
Who should look elsewhere: if you keep large balances and haven’t used a hardware wallet, consider the long-term move to a cold signer. See our hardware wallet integration guide: [/hardware-wallets-with-metamask].
Signs of compromise are often obvious once you know where to look. Check these:
Ask yourself: did you recently paste your seed phrase anywhere? (That’s usually the fatal mistake.) But sometimes malware or malicious browser extensions can leak private keys or capture signatures.
And yes, it's stressful. But moving faster than the attacker is the priority.
These steps determine whether you can stop the attacker or just limit damage.
If you need step-by-step help on moving assets and creating/importing accounts, see import-and-restore-wallet and sync-and-use-on-multiple-devices.
Many hacks start with an approved dApp that can spend tokens on your behalf. Revoking allowances is a good containment move — but only if you still control the address.
Why revoke? Unlimited token allowance lets a smart contract pull tokens without extra confirmations. Revoking reduces that attack surface.
Quick actions:
Warning: if the attacker has your private keys, they can re-approve or drain funds faster than you can revoke. If that's the case, prioritize moving funds.
See our step-by-step revocation walkthrough: [/how-to-revoke-approvals-step-by-step] and the deeper explainer on token allowances: [/token-allowances-and-revoke].
If you decide to move funds, do this:
If you plan to move funds to a hardware signer, our hardware integration guide explains the connection steps: [/hardware-wallets-with-metamask] and [/connect-hardware-to-metamask-mobile].
But don't assume a transfer will succeed automatically. Attackers often monitor mempools and may attempt to front-run a transfer.
Backup practices matter as much as the transfer itself. Backup advice I use daily:
More options and risks are covered in our backup & recovery guide: [/seed-phrase-backup-recovery].
After recovery you should harden how you use MetaMask:
| Feature | MetaMask (software/hot) | Hardware wallet (cold) | Smart-contract wallet (account abstraction) |
|---|---|---|---|
| Control of private keys | Yes (non-custodial) | Yes (non-custodial, offline) | Keys held by smart contract; recovery options vary |
| Can revoke approvals from compromised account | Yes (if you still control keys) | Yes (if you sign from device) | Depends on implementation (may support session revocation) |
| Speed to move funds after compromise | Fast (if device clean) | Slower (requires device + setup) | Varies; can offer gasless flows |
| Best for | Daily DeFi, swaps, dApp use | Long-term storage of large balances | Frequent dApp interactions with added safety |
(Image: screenshot placeholder - alt: example of transaction activity and pending tx screenshot)
Q: Can MetaMask be hacked?
A: MetaMask itself is software; it cannot prevent an attacker from signing transactions if they have your seed phrase or your device is compromised. So yes, accounts controlled by MetaMask can be hacked via social engineering, phishing, or device malware. The product being installed on your device is not the same as the account being invulnerable.
Q: My MetaMask was hacked — what to do?
A: Start by locking the wallet, documenting transactions, disconnecting dApps, and then assess whether the seed phrase or device is compromised. If you control the keys, revoke approvals and move funds to a new wallet. If the seed phrase is leaked, create a new secure wallet elsewhere and attempt immediate transfers (test with small amounts first).
Q: How do I revoke token approvals in MetaMask?
A: You can read on-chain approvals with a block explorer and send transactions to reduce or zero allowances. For a guided walkthrough see [/how-to-revoke-approvals-step-by-step] and [/token-allowances-and-revoke].
Q: What happens if I lose my phone?
A: If you have your seed phrase backed up, re-import on a new device. If you don’t have the seed phrase, and there’s no cloud encrypted backup you control, recovery is not possible.
If your MetaMask is compromised, act fast: lock, document, disconnect, and prioritize moving funds to a wallet you control on a secure device. But don't rush into risky steps like pasting your seed phrase into unknown sites. For step-by-step revoke help, visit [/how-to-revoke-approvals-step-by-step]. For backup best practices see [/seed-phrase-backup-recovery].
If you want hands-on checklists and a printable quick-plansheet, see our security checklist and our troubleshooting pages for pending transactions and disconnecting sites: [/pending-transaction-troubleshooting] and [/disconnect-connected-sites].
If you need more guidance, what I've found is small, careful test-transfers save people a lot of grief. Take that test step. Good luck.