Hacked Wallet Recovery logo

How it works

Back to recovery

This page explains what the site does in plain English, and how we keep it safe. There’s also an Advanced / technical details section below for anyone who wants the exact mechanics.

Plain-English summary

This site helps you move your assets to a new safe wallet smoothly by batching the transfers and sending in a way that the hacker does not expect. You choose what to recover and where it goes.

Your private key never leaves your browser

  • We do not send your private key to our server.
  • We do not store it in localStorage, IndexedDB, cookies, or logs.
  • It stays in memory in your current browser session and is cleared when you refresh/close the page.
  • The only thing we send to our server about the compromised wallet is the public address (to look up assets) and signed authorizations (cryptographic proofs), never the key itself.
  • If you’re worried about phishing, you can audit the code and run it yourself.

What happens step-by-step

  1. You paste the compromised wallet’s private key. We derive the public address and create signed recovery authorizations in your browser.
  2. We look up the wallet’s assets by address. We ask our server to call Zerion for a portfolio scan so you can see and select what you want to recover.
  3. You choose a destination (“safe wallet”). This is where recovered assets will be sent.
  4. We compute a quote. It includes the estimated gas cost for the recovery transactions on the networks you’re recovering from with a little buffer to account for gas price fluctuations.
  5. You pay the quoted gas fees from your safe wallet. This is a normal onchain payment that you approve in your wallet.
  6. Our server broadcasts the recovery transactions. After payment is confirmed, it submits the recovery transactions on the relevant networks and shows the results.

Advanced / technical details

What data is sent to the server

  • Asset discovery: we look up the wallet’s portfolio using Zerion so you can review and select which assets to recover.
  • Quote + recovery plan: based on the assets you selected and the networks involved, we compute expected execution costs.
  • Execution: after your payment is confirmed, our paymaster broadcasts the recovery transactions. On networks that require it (or where it materially improves success), we route submission through private/encrypted mempool RPCs to reduce interference (e.g. nonce racing by the hacker).

What happens onchain

The recovery uses EIP-7702 authorizations. Your compromised EOA signs an authorization (in your browser) that delegates execution to a recovery contract called UniversalRecoveryDelegate. Our server then broadcasts an EIP-7702 transaction that executes a batch of transfers to the safe address.

The server uses a paymaster to send the signed authorizations. This is why you pay gas fees first: the paymaster covers the execution costs on the destination chains.

Back to recovery