If you believe you've fallen victim to a scam, the first thing you should do is follow the steps detailed in our I've been hacked/scammed article.
In short, you need to remove any remaining funds from your compromised wallet (to a new or existing wallet that is secure) and make sure the scammer can't access any other sensitive personal or financial information on your device, whether related to MetaMask or not.
Once you've prevented any further loss of funds, you should:
Get in touch with MetaMask Support to notify us of details such as:
- The suspected scammer's public address
- The website, email or other medium through which the scam reached you.
Getting your email headers
When you contact MetaMask Support about a fraudulent email, we'll ask you to provide the email headers.
To find out how to do this, check out the video by clicking below. If you're not using Google Mail, please check your email client's customer support to establish the correct method, or see here for instructions for many different clients.How to find email headers
- Report the scammer's public address on the block explorer, if possible. On Etherscan, for example, you can do this here. If the block explorer concludes, after investigation, that the address shows signs of fraudulent activity, it will be flagged. This will help other network users to exercise caution in future.
- Alert the local cybercrime authority. Although we can't maintain an exhaustive list, we've detailed a few below which will cover much of our user base:
- United States: the FBI's IC3 service
- European Union: Europol portal (redirects to your chosen country)
- United Kingdom: Action Fraud
- Philippines: CICC form
- Brazil: This varies depending on state. You will likely have to contact your state's specialized cyber crime unit, potentially in person.
- Indonesia: Directorate of Cyber Crime (Patroli Siber)
Remember: as transactions on the blockchain are irreversible, MetaMask cannot retrieve your funds for you. Even if this were not the case, we wouldn't be able to anyway: as a self-custodial wallet, we do not have access to or control over your Secret Recovery Phrase — only you do. This means you're the only one who can manage the funds in your wallet.