Solana Wallet Drained? First Steps (Phantom, Solflare, Backpack)

1. Stop further outflows

• Create a new wallet on a clean device — never reuse the compromised seed phrase
• Review SPL token-account delegates (not Revoke.cash — that is EVM only)
• Move any remaining SOL or SPL to the new wallet only after delegates are cleared

2. Document signatures, not screenshots alone

• Copy your base58 wallet address and every suspicious transaction signature from Solscan
• Note UTC time of the first outbound SPL, NFT, or SOL transfer
• List token mints or NFT collections that left without your intent

3. Common Solana drain patterns

• Malicious dApp delegate left on a token account
• Bulk NFT or memecoin sweep in minutes
• Swap then immediate outbound to a fresh wallet or labeled CEX deposit
• Wormhole bridge outbound — funds may continue on Ethereum; document the bridge tx

4. Build a case file

Exchange abuse desks need structured evidence: outbound path, labeled destinations, verification checklist. Tracefunds indexes public Solana data into a $20 incident report — movement intelligence only, not recovery guarantees.