What to do if my secret is compromised?
If your secret, meaning your 24 words, is compromised, it is important to act quickly.
Someone stole my secret​
If someone stole your secret, he now has full access to all your accounts that belong to that secret. Nobody, not you nor the AirGap team, is able to prevent the attacker from stealing all your funds, so you have to try and move all your funds to safety as soon as possible.
- Create a new secret in AirGap Vault and an account for every currency that you owned. This account will be used to send all the funds to that the attacker did not manage to get a hold of yet.
- Check all your accounts of that secret if there is any balance remaining. Attackers often focus on some currencies, but might forget others (eg. they will steal your Bitcoin, but they might not immediately steal your Tezos). If you see any balance anywhere, send it to your newly generated account.
- If you have used a BIP-39 passphrase when setting up your secret, make sure that you also transfer all those funds to safety.
- If you hold tokens, NFTs or use DeFi applications, think about the following points. If any apply, try to move the funds out as quickly as possible:
- Tokens (eg. ERC20 tokens on Ethereum)
- NFTs
- Did you provide Liquidity on a DEX? (eg. Uniswap)
- Did you lock liquidity in farms? (eg. Plenty)
- Did you create any vaults to lock some of your currencies? (eg. Youves)
I lost my secret and I no longer have access to it​
AirGap is a non-custodial wallet, which means that AirGap does not have access to your key under any circumstances. It is therefore not possible for us to recover the secret for you.
If you are unable to find a backup, then your funds are lost and there is nothing anyone can do about it.
It is possible that you created a backup that you then forgot. So think about the following points and check if one applies to you:
- During the setup of AirGap, you were required to create a backup of your secret. Do you still have that backup accessible?
- Did you create a second backup and put it into a secure location, eg. a bank vault?
- Did you set up social recovery?
- Did you ever import your secret into another app / device? If so, you might be able to recover it there.