If you’ve noticed missing funds or transactions you did not authorize, we understand how concerning this can be.
Because of how blockchains are designed to be secure and trustless, transactions are final once confirmed on-chain. As a non-custodial wallet, Xverse does not have access to your wallet, private keys, or seed phrase, and we cannot reverse or recover transactions once they are confirmed on-chain.
However, this guide will help you understand what may have happened and what steps to take next.
What To Do If My Funds Are Missing
If you suspect your wallet has been compromised:
- Do not continue using the wallet
- Do not deposit new funds into it
- Create a new wallet with a brand-new seed phrase following the steps shown here.
- Move any remaining assets (if possible) to the new wallet
If your seed phrase may have been exposed, assume the wallet is permanently compromised.
How Wallets Get Compromised
There are several potential causes of unauthorized transactions:
1. Approving a Malicious Transaction
Sometimes users unknowingly approve a harmful transaction on a website. These sites are often designed to mimic legitimate services. Always verify the website you are interacting with and confirm you trust the source before approving any transaction.
- This typically impacts only the approved transaction
- It does not automatically give permanent control over your wallet
However, it can still result in asset loss. That said, it’s very important to always review transaction details carefully before signing.
2. Seed Phrase Exposure
If someone gains access to your seed phrase, they have full control over your wallet.
Seed phrase exposure can happen through:
- Entering your seed phrase on a fake website
- Sharing it with someone pretending to be support
- Saving it digitally (screenshots, cloud storage, email drafts) and someone gains access to the device where it’s stored.
- Writing it down and storing it insecurely
Xverse will never ask for your seed phrase. If your seed phrase was exposed, the wallet must be considered compromised permanently.
3. Malware or Device Compromise
If malware is installed on your device, it may:
- Monitor your screen or keyboard (keylogging)
- Replace copied addresses with attacker addresses
- Access wallet sessions without your knowledge
If you suspect your device may be compromised:
- Stop using the affected device immediately
- Do not enter your seed phrase on that device
- Avoid restoring a new wallet on the same device
We recommend consulting a trusted and qualified computer technician for professional troubleshooting assistance.
How to Review Suspicious Bitcoin Transactions
You can verify what happened using mempool.space with the TXID, review the transaction status and its inputs & outputs.
Inputs show which address the funds came from, e.g:
- Native Segwit (bc1q…)
- Nested Segwit (3…)
- Ordinals / Taproot (bc1p…)
Outputs show where the funds were sent. If assets were transferred to an unfamiliar address, the transaction was executed and confirmed.
Example TX:
Important Note:
When using Xverse wallet, users cannot send multiple items and pay transaction fees using Ordinals/Taproot (bc1p) address.
If you see:
- Transactions sending multiple inputs directly from your Taproot address
- Transaction Fees paid with the Taproot address
This strongly indicates that these transactions were not broadcasted by Xverse wallet, suggesting your seed phrase was imported into another wallet or your Xverse wallet was connected to a third-party dApp to initiate this transaction.
If you need help reviewing a transaction or understanding what happened, feel free to contact our Support Team.
How to Protect Yourself Going Forward
- Never share your seed phrase with anyone
- Never enter your seed phrase into websites
- Use hardware wallets for large balances
- Avoid installing unknown browser extensions
- Always review transaction details carefully before signing
- Regularly update your wallet software for enhanced security