// first 10 minutes

crypto theft / wallet drain — quick-start

crypto theft — first 10 minutes. stop further loss before attribution. print this, check boxes, then run the primary tools.

checklist

revoke connected wallet permissions on every dapp the victim authorized — use revoke.cash or etherscan token approval checker now.
move any remaining assets out of the compromised wallet to a fresh cold wallet — do not reuse the compromised seed.
record the exact UTC timestamp of the first unauthorized transaction — block explorer timestamp, not memory.
save the full transaction hash and recipient address of every outbound tx in the suspicious window.
export wallet transaction history from etherscan/polygonscan/solscan as CSV — include internal txs and token transfers.
pull browser history, clipboard history, and extension list from the device used to sign — look for malicious dapps or phishing sites.
if a seed phrase was entered anywhere online: treat the entire wallet as permanently compromised, not just the current balance.
note the exchange or bridge the funds moved through — most have subpoena-friendly transaction lookup APIs.
check NFT approvals separately — setApprovalForAll transactions drain collections without individual token transfers.
begin the primary tool path below — wallet drain tracer and malicious dapp detector.

// first 10 minutes

crypto theft — first 10 minutes. stop further loss before attribution. print this, check boxes, then run the primary tools.

revoke connected wallet permissions on every dapp the victim authorized — use revoke.cash or etherscan token approval checker now.
move any remaining assets out of the compromised wallet to a fresh cold wallet — do not reuse the compromised seed.
record the exact UTC timestamp of the first unauthorized transaction — block explorer timestamp, not memory.
save the full transaction hash and recipient address of every outbound tx in the suspicious window.
export wallet transaction history from etherscan/polygonscan/solscan as CSV — include internal txs and token transfers.
pull browser history, clipboard history, and extension list from the device used to sign — look for malicious dapps or phishing sites.
if a seed phrase was entered anywhere online: treat the entire wallet as permanently compromised, not just the current balance.
note the exchange or bridge the funds moved through — most have subpoena-friendly transaction lookup APIs.
check NFT approvals separately — setApprovalForAll transactions drain collections without individual token transfers.
begin the primary tool path below — wallet drain tracer and malicious dapp detector.