Scam or Compromised Account

​

Do these three things right now

1. Move any remaining funds to a wallet whose keys have never been exposed. If the compromised wallet still has a balance, assume the attacker is watching it and will sweep anything that enters. Send a single test transfer to a newly created wallet first, verify it lands, then move the rest. If funds sit on Intention, initiate a withdrawal to the new wallet rather than trying to continue using the compromised keys.
2. Revoke any active session signatures. Open the account menu in Intention Exchange and revoke the current session. From your wallet, disconnect the site from the wallet’s connected-sites list. If you approved any third-party contracts with token allowances, revoke those too using a reputable revocation tool of your choice.
3. Document everything. Take screenshots of every suspicious interaction, copy every transaction hash you can find, and write down the UTC times. A timeline you assemble while the memory is fresh is orders of magnitude more useful to an investigation than a vague story a week later.

​

What Intention Labs can do

• We can answer forensic questions about what the protocol observed. If you send us an account address and a time window, we can tell you which transactions the engine processed for that account during that window.
• We can in some cases blocklist a known-bad address from Intention Exchange’s hosted frontend. This does not freeze funds — the protocol is non-custodial and we cannot and will not build a freeze mechanism — but it can prevent an attacker from continuing to use the hosted frontend to move stolen funds.
• We can coordinate with other teams in the ecosystem if the attacker is also interacting with their systems and we have a working relationship with them.
• We can publish warnings about phishing sites and scam campaigns, once confirmed, so that other users are less likely to be caught.

​

What Intention Labs cannot do

• We cannot reverse an on-chain transaction. The protocol is non-custodial. No team, anywhere, has the ability to roll back a finalized transaction on a live blockchain, and anyone who claims otherwise is lying to you.
• We cannot recover funds from an attacker’s wallet. If the keys to your wallet leaked, everything the wallet held, on Intention and elsewhere, is now under the attacker’s control.
• We cannot restore a seed phrase. We never had it. It was never sent to us and there is no copy of it on any server we operate.
• We cannot identify the attacker. We can share transaction hashes with law enforcement if you ask us to, but we do not run investigations.

​

How to report

• Your account address on Intention.
• The UTC time at which you first noticed the compromise.
• A complete list of transaction hashes related to the incident, on Intention and on any other chain.
• A timeline of what happened in your own words, including what you clicked, signed, or installed in the days before.
• Screenshots of any phishing site, message, or DM that you believe was part of the attack.

​

How to verify that a message is really from Intention Labs

• We only contact users from addresses ending in @intention.xyz. No Gmail. No ProtonMail. No lookalike domains like intention-labs.xyz or inten­tion.xyz with a hidden Unicode character. Inspect the sender address carefully.
• We will never ask for your seed phrase, your private key, or any part of your password. Ever. For any reason. Under any framing. If a message asks for these, it is not from us.
• We will never ask you to sign a “verification” or “account refresh” signature outside of the normal session flow. See Session signature for what a legitimate signature request looks like.
• We will never ask you to move funds to a “safe wallet” that we give you. The safe wallet in any compromise is one you control, not one someone else hands you.
• We will never send you a link to a “support portal” outside of the intention.xyz domain. If you receive one, assume it is a phishing trap.