My Metamask Wallet seed phrase compromised

That’s a good point.

If they are still able to log in to the wallet and the ERC-721 token that represents the .eth name is still there, this might be an option. I assumed that the thief has cleared out their wallet and/or changed the password.

1 Like

I agree a new wallet is in order.

I created a new wallet but unfortunately all my assets in exchanges are now tied up, to switch my address for the ens do I have to pay eth? I changed the password, but I mean if we both have the seed phrase we can continously change the password on each other.

If you want to send me the addresses of the wallets involved I will try to figure out what can be done. Edit: yes, you would need to pay gas to make any changes on the blockchain.


The issue will be whats essentially a race condition. To change the registrant you have to have eth. As soon as you deposit eth, the hackers bot will immediately drain it.

You will have to fund the wallet, transfer the registrant and controller all in a single block and, depending on the hackers skillset, maybe even have to do that from a private mempool…


so my new wallet address s: 0x9620846521c894A2F8F526931a612cDa016277ec . The one that was hacked is: 0xF7ecD5ef4318a5Da2808Be1eBc14A1B299F46dEA. It looks like I need about $6 of ethereum to transfer the domain, but that $$ has to be from my hacked wallet which they are still monitoring and draining resources from…

I’ll DM you from here to keep this private.

1 Like

hello, tell me I have a similar problem, only I lost the password for the wallet, how can I change the registrar, I’m trying to change but it does not work


Here’s a suggestion: Create a transaction for $1 from the hacked wallet, but, and this is important, when you are requested to select a miner’s fee, at the bottom of that screen do a “Custom Fee” and manually input a miner’s fee as low as you can (e.g., 10 Gwei), which means it is unlikely that the miners will do the transaction. This will also have the effect of preventing subsequent transactions from taking place until the 10 Gwei transaction is dealt with. But, before clicking on Pay, take note of the nunce number for this transaction, which is near the bottom of the screen. Step 2, fund the compromised wallet for your Registrant transfer transaction. But when asked to confirm, select “Custom Fees”. You must do two things: First, and most important, you must change the nunce number to that of the first transaction (disregard any subsequent pending transaction). Second, the Gwei must be greater than the first transaction. The system will spot the duplicate nunce numbers and process the transaction with the greater Gwei and fail the other one.


thanks for the support you guys I really appreciate it :slight_smile:

Good afternoon, please help me solve the problem!)
I have access to an account, which stores all my domain names that were registered before October 31, there is also information from enterscan that I registered them using a wallet to which I lost access and to which tokens should be credited! Entorscan in the account can somehow help in the accrual of ENS tokens, provided that there is no access to the wallet?
Sincerely !


Same here.
What I want to know is: in case there is another ENS airdrop, will it be “deposited” in my original Metamask account? (And therefore immediately stolen). How can I “ask” the ENS guys to re-direct further airdrops to my NEW Mtmsk wallet?

Can I also send you the addresses involved? (My Mtmsk account also got hacked!)
I filed a complaint with the local authorities here in Barcelona…but not sure how much this will help (actually the agent looked quite puzzled when confronted with terms such as “metamask, eth, ens”…

Support tickets can be opened on the Official Discord channel # :tickets: | create-a-ticket.

It sounds like you had already transferred and registerred your names to a wallet that is in your control before October 31st? This wallet should be able to claim the airdrop. If you have lost your private keys there is no way for ENS to help you gain custody (or award $ENS based upon claims of ownership) of that wallet.

There is no planned future airdrop. Even if you have credible evidence to prove that your account is no longer in your control, there no precedence for this. Unfortunately, with a distributed ledger you need private keys to access your wallet to prove ownership. If a bad actor has your private keys they also have ownership of your wallet.

1 Like

Thank you.
Any idea how to “track down” the thieves?
I mean, everything is registered right? Shouldn’t legal authorities have access to who owns what somehow?

Not as of yet, nor do we want government intrusion. We need to do a better job of policing ourselves. I say that, even though I was a victim of a scam. There are scams still on YouTube and despite constantly reporting them, YouTube is slow to take them down.

There doesn’t need to be a government intrusion to track down theives. Each DAO could have some sort of security mechanism and if you present evidence that something was stolen etc and there is a majority vote then something can be done, ie give it back to you.

I appreciate that it’s a horrible feeling to have things scammed or stolen from you, but I see following issues with what you’re proposing:

  • That would introduce centralized policing which is anathema to the decentralized nature of the project.
  • No one has the power to take things from other people’s wallets and give it back to you, no matter the evidence.
  • If there is a dispute as to if something was stolen or not, we’d be forced to engage in arbitration or other forms of pseudo-courts that would be detrimental to the project.

In order for decentralized projects to succeed, I think that we must instead learn to adapt, accept responsibility and most importantly think outside the box of expectation that central authorities will bail us out when we make mistakes.

If we do, then the solution to all these problems is simple: we must learn to protect our wallets.

Then we can enjoy the simplistic beauty in the principle of: We either own it, or we don’t.


It would be a form of decentralized policing as there wouldn’t be a central authority governing it. I don’t think arbitration is detrimental to DAOs etc… I think it’s beneficial to the project as it provides some assurance from members. It’s kind of a web3 conservative vs liberal/socialist abstraction right. Like conservatives want no protection and the wild west vs providing people with basic rights and some form of protection. Poor people don’t really have access to all this crypto stuff because it’s so expensive to buy into it and if you aren’t a programmer there is a super high barrier to entry, so it kind of helps perpetuate a wealth gap in some extremes. If someone that is low income buys into this and loses everything they are screwed and left without resources.

Notwithstanding if there is evidence that someone stole somethign and there is a public paper trail it seems like blockchain is almost condoing theft. That’s like if someone broke into my house and stole an expensive necklace and I know who it was, have a video tape, but they are still allowed to walk freely around and sell it. I don’t know that the response is necesarily for me to lock my house better.

I’m not very politically interested and I find it difficult to attach labels like that on cryptocurrency movements. Vitalik wrote an interesting article recently that might be a good read.

It’s more of a centralization vs decentralization distinction where we have to accept both the inherent upsides and downsides of a decentralized system that’s owned and operated by a smart contract.

And even if it was possible to have a process whereby one could reach into strangers wallets and reverse transactions, rest assured that scammers would abuse that process for profit as well.

I support users every day that’s been scammed, and I think it’s quite horrible, I’ve even sent my own personal money to some of them because I felt bad for them.

But I’m of the mind that the solution is rather to improve wallet software with safety features, and perhaps in the future a “scamlist” similar to spamlists to detect prevalent scam sites/addresses than to venture down the same centralization rabbit holes that gave us fiat currencies.