If you’ve invested in Bitcoin, ether or any other cryptocurrency, here are two truths: Your savings are a target for thieves, and it can be tough to get your funds back if the worst happens.
Crypto exchanges are hacked surprisingly often. One of the biggest heists occurred in August, when cybercriminals stole $610 million in various cryptocurrencies from the Chinese platform Poly Network. The hackers eventually returned the funds.
That’s an uncommon case. Mt. Gox, a Japanese exchange, was forced into bankruptcy in 2014 after crooks lifted $450 million in Bitcoin and other cryptocurrencies. Losses from crypto hacks, thefts, fraud and misappropriation totaled $681 million in the first seven months of this year, according to a report from crypto intelligence company CipherTrace. If losses continue on pace, they’d total $1.17 billion, though that would be a drop from last year’s $1.9 billion.
Even if you store your crypto at one of the well-established exchanges, you might face a slog recovering your funds. After reportedly receiving thousands of customer complaints related to its customer service, Coinbase, one of the most popular exchanges, started a live phone support line in September, which doesn’t appear to have pleased some of its unhappy customers.
Coinbase didn’t respond to a request for comment but notes on its website that it carries “crime insurance” protecting a portion of digital assets held across its storage systems against losses from theft, including data breaches.
Of course, that won’t help if someone hacks your personal wallet — the software and sometimes hardware used to store crypto — rather than the exchange itself. No one’s in charge of cryptocurrencies, which are decentralized. You might want to complain, but good luck finding someone to listen.
What’s worse than having your funds robbed? Watching the money move around on the blockchain, the technology that powers cryptocurrencies by creating a public record of transactions.
“Your stolen funds are right there in plain sight, but there’s no way to get them back,” said Don Pezet, co-founder of the online IT training company ITProTV. “It’s like someone stole your car and parked it right in front of your house.”
The best approach, of course, is to make sure your crypto never gets stolen. That means moving as much of it as possible into “cold” wallets that aren’t connected to the internet. Secure any funds you leave in “hot” wallets,” which are hosted online, as tightly as possible.
Should something bad happen, don’t lose hope. Here are some tips from the experts:
Protect what’s left
If there’s anything left in your compromised wallet, transfer it out, Pezet says. Delete the wallet and get a new one.
Any passwords related to your exchange account should be changed as soon as possible, says Andrew Gunn, senior threat intelligence analyst at ZeroFox. Switch email accounts. If you think the device you used to access your account might be compromised, reformat it or, preferably, don’t use it anymore.
Call customer service
If your exchange is larger and better known, you’re more likely to get some help. Act fast, and your exchange might be able to freeze your funds, depending on what stage the theft is at, Gunn says.
Be aware, however, that many exchanges aren’t under much obligation to help. Some exchanges are located in countries with few regulations that cover cryptocurrencies. Some countries don’t consider crypto to be an asset, Pezet says, reducing the odds of help from the authorities even further.
Report the theft
It’s unlikely a formal report will help in recovering stolen crypto, but it doesn’t hurt to have a case number or documentation. You never know if there will be an insurance claim or lawsuit you can be part of. Having evidence you took the theft seriously will help you establish standing if you have to.
In some cases, the FBI and crypto-tracing companies have been able to recover cryptocurrency. For example, in the case of the Colonial Pipeline ransomware attack, the FBI, with the help of tracing experts, was able to recover about $2.3 million of the $4.4 million paid in Bitcoin as ransom. But isn’t likely federal authorities would go to those kinds of lengths for the average person.