Sollet wallet hacked without passphrase, is this possible?

i mean my passphrase are all together but only my sollet got hacked…

can you please tell me how did he do it ?

my solscan : Solscan

nearly 50k and rare nft vanished, but still doesn’t get how he did it as my other passphrase are fine…

Hi @mongrolito, I’m sorry about your lost funds.

Here are some ways I can think of that this might have happened:

  • You connected your wallet to a malicious website:
    • If you connected your wallet to a malicious website, then that website could have initiated transfers of your tokens to the hacker.
  • Malicious browser extensions:
    • A lot of browser extensions seem fine but actually contain malicious code. Many browser extensions require “full access to all of your site data” or something like that, which means that they could potentially try to interact with your wallet or modify a totally legitimate website with malicious intent.
  • The attacker somehow obtained only some of your passphrases, or they obtained your private key.
    • Maybe the attacker somehow did get all your seed passphrases and they have just only used the one so far.
    • Maybe the attacker was only able to steal your private key for one wallet.

I’m not sure how you store your seed phrases ( or if you just memorize them ), but if you store them on your computer anywhere, and you have malware on your computer then the attacker could have stolen your seed phrase or private key from your computer. They could have done this even by monitoring your clipboard or typed keys.


If you are going to store a large amount of funds in crypto I would recommend looking into buying a hardware wallet to store your funds in.

A hardware wallet can store your wallet secrets, and I think it it setup so that the data never leaves the hardware. I’m not 100% certain, but I believe this makes it much more resistant to being stolen, even if you have malware on your computer, because the hardware wallet won’t even let your computer see the secret key.

What this will not protect you from, though, is browser plugins that manipulate websites that you go to. If you use your hardware wallet approve of a transaction that a website tries to make, and a browser extension has modified that website to transfer all your tokens out of your wallet, then the hardware wallet will not help you.

So I recommend disabling all browser plugins that you don’t need for maximum security if you are going to be using that browser for crypto transactions.


Finally, something else I would recommend is having separate checkings and savings wallets. You could log into websites using your checkings wallet, which you should intentionally put smaller amounts of money in. Just enough to do your daily tasks. Then whenever you earn crypto over a certain amount, you transfer it to a savings wallet. This could be a hardware wallet for maximum security.

You could also be careful never to use your savings wallet on web pages that could be hacked more easily, and just use desktop or mobile wallets to transfer funds out of your savings wallet.

This way the large portions of your money are stored more securely, but you still get the convenience of using web wallets and apps. If you lose all of the money in your checkings wallet because of a malicious website, your savings will still be safe.


You may want to transfer the funds in your other wallets to new wallets, just in case the attacker did get the passphrases for those other wallets and just hasn’t stolen the funds yet.

Not sure, though, that’s up to your discretion on whether you think that’s necessary.


Anyway, I’m not a crypto expert yet, and I don’t know all the ways that your funds could have been stolen or necessarily all the best ways to keep them safe. This is just the best advice I have from what I know right now.

Hope it helps, and again, sorry for your lost funds!


Edit: Another way that somebody can steal your funds is if you install a fake wallet that looks like a real one. For instance a user here on the forum found that there was a fake Solflare wallet on a mobile app-store. Another user found a fake Sollet wallet on the app store. These apps are not actually made by Sollet or Solflare, and they will steal whatever funds that you put in those wallets, and steal any seed phrase that you put in there.

1 Like

is there no way through solscan transaction to understand how he did it without having access to my wallet ?

even my open orders on various nft platform got canceled and stealed in same tx…

The only way he could have done it is if he did have access to one of either:

  • Your wallet private key
  • Your wallet seed phrase

Your private key is generated from your seed phrase, but either one could be used to do anything and everything that is possible to do with your wallet.

So somehow the attacker got one or the other.

1 Like

I just got my wallet hacked. I did not share seed phrase anywhere nor imported my account elsewhere. I just transferred 5 sol from FTX to Sollet wallet and they instantly got transferred from my sollet to some other address. How is this possible? Even if the wallet is hacked, how can someone instantly know when the fund arrives and transfers it instantly? Is there anything wrong with sollet?
Can anyone help to recover my funds?
My solscan Solscan

I just show 2 other people also got their wallet hacked and posted on solana discord. Is there something wrong with sollet? Is it a hacker attack on sollet wallet?

Hi @chernobyl ,

Solana allows you to listen for realtime events from the network, which would allow then to tell exactly when a transaction was made to a certain wallet.

Unfortunately, there is no way to recover your funds, short of convincing the hacker to give them back. Sorry you lost your tokens.

I’m not sure. What is the exact URL you are using for Sollet? There have been hackers who make sites that look exactly like Sollet, but are actually fakes, that could be the problem.