Getting your Solana wallet drained is one of the worst experiences in crypto. One wrong click, one signed transaction, and everything — SOL, tokens, NFTs — gone in seconds. No support ticket, no reversal, no recovery.
The good news: wallet drains are almost entirely preventable. They rely on human error, not unbreakable hacking. If you follow these 10 rules consistently, your risk drops from "it could happen anytime" to near zero.
This guide covers the actual attack vectors used in 2026, not theoretical risks. Every rule here addresses a real way people lose funds on Solana.
How Wallet Drains Actually Work
Before the rules, understand what you're defending against:
Phishing Sites
Fake websites that look identical to legitimate dApps (Phantom, Jupiter, Raydium). You connect your wallet, sign a transaction, and the transaction drains your wallet instead of doing what you expected.
Malicious Transaction Signing
A website or dApp presents a transaction for you to sign. The transaction looks innocent (or its details are obscured) but actually transfers your tokens, NFTs, or SOL to the attacker's wallet.
Someone tricks you into entering your seed phrase (recovery phrase) on a website, form, or app. With your seed phrase, they can recreate your wallet and take everything.
Malicious Token Interactions
Scam tokens airdropped to your wallet contain metadata with phishing URLs. Visiting those URLs leads to wallet-draining sites.
Compromised Private Keys
Malware on your device captures your private key or seed phrase from your clipboard, browser extension, or file system.
Now, the 10 rules.
Rule 1: Use a Hardware Wallet for Significant Holdings
If you hold more than you'd be comfortable losing, use a hardware wallet like Ledger. Period.
Why it matters: A hardware wallet stores your private keys on a separate physical device. Even if your computer is compromised with malware, the attacker cannot access your keys without the physical device and your PIN.
How to set up:
- Buy a Ledger directly from the manufacturer (never secondhand)
- Set up the device and record your seed phrase on paper (never digitally)
- Install the Solana app on your Ledger
- Connect it to Phantom, Solflare, or Backpack as a hardware wallet account
- Transfer your long-term holdings to this hardware wallet address
The setup:
- Hardware wallet: Long-term holdings, staked SOL, valuable NFTs
- Hot wallet (Phantom/Solflare without hardware): Day-to-day trading, DeFi activity, small amounts you're willing to risk
Every transaction from the hardware wallet requires physical confirmation on the device. This means a phishing site can't drain you even if you accidentally connect — you'd have to physically approve the malicious transaction on the Ledger.
Rule 2: Never Share Your Seed Phrase — With Anyone, Ever
Your seed phrase (12 or 24 words) is the master key to your wallet. Anyone who has it owns your wallet. No legitimate service, support team, or protocol will ever ask for it.
Common attacks:
- "Phantom support" in Discord or Telegram DMs asking for your seed phrase to "fix" an issue
- Fake wallet setup pages that ask you to "verify" your seed phrase
- Phishing emails claiming your wallet is compromised and you need to enter your phrase to secure it
- Forms or airdrops requiring your seed phrase to "claim" rewards
The rule is absolute. There are zero legitimate scenarios where someone needs your seed phrase. The only time you type it is when recovering your wallet on a new device using the official wallet app.
Storage best practices:
- Write it on paper (or metal for fire resistance)
- Store it in a physically secure location (safe, lockbox)
- Never photograph it, screenshot it, email it, or store it digitally
- Never enter it on any website
- Consider splitting it (e.g., words 1-12 in one location, 13-24 in another)
Rule 3: Bookmark Legitimate Sites — Never Click Links
Phishing sites look identical to real ones. The URL might be phantorn.app instead of phantom.app, or jup.ag.claim.xyz instead of jup.ag. The only reliable way to avoid them is to never navigate to DeFi sites through links.
The practice:
- Manually type or bookmark the official URLs for your most-used dApps
- Always use your bookmarks to navigate, never search engine results or links from social media
- Verify the URL in your browser's address bar before connecting your wallet
Key bookmarks every Solana user should have:
Where phishing links appear:
- Twitter/X replies and quote tweets (especially under popular crypto accounts)
- Discord DMs and server messages
- Telegram groups and DMs
- Google search ads (scammers buy ads for "Jupiter swap" or "Phantom wallet")
- Airdrop announcements on social media
Rule 4: Read Every Transaction Before Signing
When your wallet asks you to sign a transaction, it shows you what the transaction will do. Read it. Every time.
What to check:
- What tokens are leaving your wallet? If a "free mint" or "claim" transaction shows your SOL or tokens being transferred out, it's a drain
- What address is receiving your tokens? If you're swapping on Jupiter, the receiving address should be Jupiter's program, not a random wallet
- Are the amounts correct? A swap of 1 SOL should show 1 SOL leaving, not your entire balance
- What programs are being invoked? Familiar programs (Jupiter, Raydium, Phantom) are expected. Unknown programs are red flags
Phantom's transaction simulation: Phantom simulates transactions before you sign, showing you the expected outcome (tokens gained/lost). If the simulation shows unexpected token transfers, reject the transaction.
When in doubt, reject. You can always try again. You can't undo a signed transaction.
Rule 5: Use a Separate Wallet for Untrusted Interactions
Don't connect your main wallet to every random dApp, NFT mint, or airdrop claim site. Use a burner wallet — a separate wallet with minimal funds — for risky interactions.
Setup:
- Create a second wallet in Phantom or Solflare
- Fund it with a small amount of SOL (enough for the interaction)
- Use this wallet for: new dApp testing, airdrop claims, unknown protocols, NFT mints from unverified projects
- Transfer any valuable assets received back to your main wallet afterward
The logic: If the burner wallet gets drained, you lose a small amount of SOL. If your main wallet gets drained, you lose everything.
Rule 6: Revoke Permissions and Close Unused Token Accounts
Regularly clean up your wallet by revoking delegate permissions and closing empty token accounts. This reduces your attack surface and recovers rent SOL.
Monthly cleanup:
- Check your token accounts on Solscan — look for any with delegate authority set
- Revoke delegates you don't recognize
- Close empty token accounts to recover rent
- Burn and close scam token accounts
Phantom and Solflare both support closing empty token accounts through their settings. For detailed instructions, see our guide on revoking token approvals.
Rule 7: Verify Token Safety Before Buying
Before buying any token, run it through a scanner. This takes 10 seconds and can save you from obvious scams.
Quick check:
- Copy the token's mint address (not the name — names can be faked)
- Paste into RugCheck
- Check for: mint authority revoked, freeze authority revoked, LP burned/locked
- If any critical flag is raised, don't buy
For extra diligence: Also check Solsniffer for a numerical safety score and De.Fi for cross-chain scam database matches.
Rule 8: Keep Your Software Updated
Wallet extensions, browser, and operating system updates often include security patches. Running outdated software means known vulnerabilities remain exploitable.
Update checklist:
- Wallet extension: Phantom and Solflare push updates through the browser extension store. Enable auto-updates
- Browser: Chrome, Firefox, Brave — keep current
- Operating system: Windows, macOS, Linux — install security updates promptly
- Hardware wallet firmware: Ledger firmware updates through Ledger Live
Additional software precautions:
- Don't install random browser extensions (they can read your data)
- Be cautious with Discord bots that request browser extension permissions
- Run antivirus/malware detection periodically
Rule 9: Never Use Public WiFi for Wallet Transactions
Public WiFi (coffee shops, airports, hotels) can be intercepted. Man-in-the-middle attacks can redirect your traffic to phishing sites or capture your data.
If you must use public WiFi:
- Use a VPN (encrypts your traffic)
- Never sign transactions on public networks without a VPN
- Verify URLs extra carefully (HTTPS only, check for certificate warnings)
Better option: Use your mobile data connection for any wallet activity. It's harder to intercept than WiFi.
Rule 10: Have an Incident Response Plan
Know what to do if you think your wallet is compromised. Speed matters — minutes can be the difference between saving some funds and losing everything.
If you suspect compromise:
- Immediately transfer assets from the compromised wallet to a safe wallet (hardware wallet or a wallet with a different seed phrase). Prioritize the most valuable assets first
- Revoke all permissions on the compromised wallet
- Do NOT continue using the compromised wallet. Even after transferring assets, the attacker may have your private key and can take any future deposits
- Create a new wallet with a fresh seed phrase on a clean device
- Investigate how it happened — check your browser extensions, recent sites visited, and any DMs you responded to. Understanding the attack prevents it from happening again
Signs of compromise:
- Tokens disappearing without your action
- Transactions in your wallet history you didn't sign
- Your wallet connecting to sites you didn't visit
- Receiving notifications of transactions you didn't authorize
Quick Reference Checklist
Print this or save it as a reminder:
The Cost of Ignoring Security
Wallet drains on Solana happen daily. The amounts lost range from a few hundred dollars to six or seven figures. In every case, the victim did something the attacker exploited — clicked a link, signed a transaction without reading, shared a seed phrase, or used an insecure connection.
The 10 rules in this guide address every major attack vector. They don't require technical expertise, expensive tools, or paranoid behavior. They just require consistency.
Your wallet security is only as strong as your weakest habit. One lapse — one clicked phishing link, one unread transaction — is all it takes. Build the habits, follow the rules, and your Solana holdings will stay where they belong: in your wallet.
Disclaimer: No security practice eliminates all risk. New attack vectors emerge regularly. Stay informed through official wallet and protocol channels. This guide is for educational purposes only. Always exercise caution and verify information from official sources.
