Finding your crypto wallet or exchange account drained is gut-wrenching, and the first instinct is panic. Slow down for sixty seconds and work the checklist below instead. Fast, calm action is the only thing that limits the damage now, and it also sets you up so this never happens again.
Do these things immediately
The goal in the first ten minutes is to cut off the attacker and protect whatever is left.
- If it's an exchange account (Binance, Bybit, and so on): delete every API key in API Management, change your password, re-verify 2FA, and enable the withdrawal address whitelist so funds can only leave to addresses you approve. Move remaining balances to a fresh, secure wallet.
- If it's a self-custody wallet: assume the seed phrase or private key is compromised. That wallet can never be trusted again. Create a brand-new wallet on a clean device and move any assets the attacker missed. Do not reuse the old seed anywhere.
- Revoke token approvals. Many drains happen through a malicious approval you signed. Use a reputable approval-checker to revoke access for the compromised wallet.
- Scan the device you used for malware, and switch to a clean device if you're unsure.
Be realistic about recovery. Once funds move on-chain, they're almost always gone. The priority is stopping further loss, not chasing what's already left.
How wallets actually get drained
Understanding the cause tells you how to prevent a repeat. The common ones:
- A leaked or over-permissioned API key on an exchange. A key with trading or withdrawal rights that leaks lets an attacker drain you directly or through fake trades. We cover this in depth in Binance API Key Drained or Compromised.
- A malicious approval or a drainer site. You connect your wallet to a fake airdrop or app and sign a transaction that hands over access.
- A phishing site that mimics an exchange and harvests your login or key.
- A leaked seed phrase, entered on a fake site or stored somewhere insecure.
- Malware or clipboard hijackers on your device.
Notice what's not on that list in most cases: the exchange itself being hacked. The failure almost always happens on the user side, which is good news, because that's the part you control.
How to make sure it never happens again
- Use read-only, IP-whitelisted API keys for anything that only needs to view your account, and never enable withdrawals on a third-party key. Full guide: How to Keep Your API Keys Safe.
- Keep a separate wallet for risky activity (meme trading, new apps) away from your main holdings, so one bad signature can't take everything.
- Enable 2FA and withdrawal whitelists on every exchange.
- Consider venues that are safer by design. Hyperliquid, for example, uses API wallets that can trade but can never withdraw, so a leaked key physically cannot drain you.
- Never share your seed phrase or secret with anyone, and treat every "support" DM as a scam.
A drain is a brutal lesson, but almost every case traces back to a preventable mistake: a bad approval, an over-permissioned key, or a leaked secret. Lock those down and you turn the scariest risk in crypto into a manageable one. If you're rebuilding, set up fresh keys correctly from day one using our Binance API key guide.