Ethereum Wallet Drained? How to Trace Stolen ETH & Tokens

Confirm the network is Ethereum mainnet

Many drains happen on L2s (Base, Arbitrum) while victims assume mainnet. Check MetaMask or your wallet activity tab for chain ID 1 (Ethereum) before you paste hashes into the wrong explorer.

Document outbound transfers

• Open your wallet on Etherscan — Activity tab lists every tx hash.
• Copy each outbound native ETH, ERC-20, and NFT transfer from the drain window.
• Note if approvals were abused — check Token Approvals on Etherscan or run a $10 approval audit.
• Look for router contracts (Uniswap, 1inch) vs direct wallet-to-wallet sweeps.

Patterns that help exchanges

• Labeled CEX hot wallet deposits — document the deposit tx hash.
• Bridge outbound to L2 — continue tracing on the destination chain.
• Mixer or privacy pool entry — state the limit explicitly in your abuse ticket.

When a Tracefunds case file helps

Abuse desks want a clear outbound path, labeled destinations, and a victim-safe summary — not 200 Etherscan rows. A $20 incident report indexes public mainnet data into a fund-flow graph and verification checklist you can forward.