Even if you’re alert to the security issues concerning storing and using crypto, there’s always an outside chance that your funds are in the wrong place at the wrong time and you fall victim to a crypto hack.
Cryptocurrency wallets and exchanges don’t offer the same consumer protections as banks (though the situation is slowly improving), meaning there are no simple legal options available to you.
So, if you lose assets due to a crypto hack, what should you do?
1. Confirm the Hack
How many times have we seen rumors of a potential hack start to circulate, only to learn later that it was a false alarm?
The prevalence of false rumors is somewhat understandable. Because of the frequency of crypto hacks, many users are hyper-vigilant about new attacks occurring.
The slightest suggestion of a hack—such as an exchange being briefly offline or a suspicious transaction appearing on a particular blockchain—can quickly send users into a frenzy.
Sites like Twitter and Reddit allow the rumor to spread like wildfire. Before you know it, the entire community is convinced that something has happened.
So, as a first step, make sure you’re actually dealing with a hack. You cannot control how quickly an exchange responds to an attack, but you can check out reputable news sources and the social accounts of people closely connected to the exchange/wallet. It might shed some light on the matter.
2. Change Your Login Details
Any tech-savvy reader knows that if one of your online accounts (like Spotify, Netflix, Amazon, etc.) gets hacked, the first thing you should do is change your password.
Crypto exchanges are no different. The hacks that result in a loss of assets don’t typically rely on hacked passwords, but a) you cannot be certain until more details become available in the coming weeks, and b) even if your password wasn’t used to steal coins, there’s still a chance the exchange’s servers which hold the passwords have been compromised. Don’t take the risk.
3. Move Your Remaining Cryptocurrencies
Depending on how quickly you get ahead of the developing story, there’s a chance you might still be able to log into your exchange or hot wallet account and move any funds that remain in your account. Remember, many exchanges will restrict users’ access after the scale of a hack becomes apparent.
If you can still access your wallets, clear all your funds into a secure cold wallet (i.e., one that is not connected to the web). The two most common forms of cold wallets are hardware wallets (such as the Ledger Nano X) and paper wallets. Of the two, hardware wallets are the more secure choice.
4. Wait for More Details
There is often a significant delay between the realization that a hack has occurred and any official confirmation about the details.
In the first days, you won’t know how much was stolen, which cryptocurrencies were affected, what percentage of users were affected, how the hack occurred, who was responsible for the hack, and how users might be able to reclaim their lost assets.
Make sure you follow official news sources and don’t listen to rumors. The top crypto news sites together with an exchange or wallet’s social media accounts are the best place to start.
5. Police Investigation?
It’s becoming increasingly common for local police forces to launch investigations after crypto hacks; the lack of crypto regulation doesn’t mean that authorities won’t be interested if millions of dollars’ worth of assets suspiciously vanish.
Police investigations can take anything from weeks to years to complete. In the case of Mt. Gox—one of the worst crypto hacks in history—the saga is only now starting to reach its conclusions, more than five years after the second of its two big hacks.
As recently as March 2019, court cases against former CEO Mark Karpelès were completed. He was found guilty of falsifying data, but not guilty on the more serious charges of embezzlement and aggravated breach of trust.
6. Check for Availability of Refunds
Just because there are no consumer protections in place for people who are the victim of crypto hacks, it doesn’t mean there’s no chance you’ll see your assets again.
Unfortunately, there are no guarantees. Much will depend on the circumstances surrounding the case.
For example, if you were daft enough to leave your private keys lying around in public and someone used your funds, there’s no chance you’ll see your coins again.
However, if you were caught up in a wider exchange hack, there is a chance. Running an exchange is a profitable business, meaning more and more exchanges are now in a position to refund creditors in the event that a hack occurs. Recent examples of this happening include Zaif, Coincheck, and even Mt. Gox.
But beware, just because an exchange offers rebates, there are no guarantees that you’ll receive back the full amount that you lost. Often creditors are only paid back at a predetermined number of cents on the dollar.
7. Learn Your Lessons
Once the news has died down and you’ve made the best of a bad situation, it’s time to step back and assess your own processes.
Is there anything you could have done to reduce your exposure to potential hacks? For example, don’t keep coins in exchanges for longer than necessary, don’t use hot wallets, don’t use crypto exchanges without a solid reputation, and so on.