The Vibe: An automated script that watches a compromised wallet and instantly steals any incoming crypto—like a thief waiting at your door to grab cash the moment it’s delivered.
The Details: A sweeper bot (or “sweeper”) is malicious code that attackers use after compromising a wallet (often via phishing, leaked private keys, or malware). It monitors the blockchain (including the mempool for pending transactions) and automatically transfers any new funds or tokens deposited to the wallet to the attacker’s address. This happens in seconds—before the user can react. Common after seed phrase leaks or malicious approvals. Unlike drainers (which trick you into approving access), sweepers require full private key control. In 2026, they’re a major threat reported by wallets like MetaMask, Phantom, and Trust Wallet—funds vanish instantly on receipt, often after small test deposits. Prevention focuses on never exposing keys; recovery is rare once active.
Pro Tip: If funds disappear right after arriving, assume a sweeper—stop using the wallet immediately. Create a new wallet, transfer remaining assets carefully (if any), and scan devices for malware. Never reuse compromised wallets or enter seed phrases on suspicious sites. Use hardware wallets for main holdings, enable 2FA/hardware confirmation, and monitor incoming txs closely. Report to Chainabuse or authorities if large losses occur.