GoldPhishy logo GoldPhishy Solana Safety Field Guide

Clicked something?

Do not freeze, but do not panic-sign either. Work out whether you exposed a secret or signed a bad transaction.

Immediate steps

  1. Stop signing. Close the site and disconnect the wallet from the dApp.
  2. If you typed a seed/private key: treat the wallet as fully compromised. Move assets from a clean device to a brand-new wallet with a new seed.
  3. If you only signed a transaction: review the transaction, move valuable assets to a clean wallet, and check delegates/authorities where relevant.
  4. Record evidence: save the URL, transaction signature, wallet address, screenshots, and timestamps.
  5. Warn others: report the domain, fake account, Discord user, or malicious project channel to the good guys. Teams like Boring Security on discord.gg/boringsecurity or x.com/boringsecdao will offer great advice.