Recover a Hacked Crypto Exchange or Wallet

Losing access to your crypto or having it stolen can be a very stressful experience. This guide will walk you through the immediate steps you should take if your crypto exchange account or self-custody wallet has been hacked and drained.

Confirming the Hack and Securing Remaining Accounts

First, you need to be absolutely sure your account or wallet has been compromised. Check for unexpected transactions, login attempts, or emails. Once confirmed, your priority is to secure any other financial accounts that might be linked or use the same login details.

• Change passwords on your crypto exchange, email, and any linked financial accounts immediately. Use strong, unique passwords.
• Enable Two-Factor Authentication (2FA) on all accounts if you haven't already. Use an authenticator app (like Google Authenticator or Authy) rather than SMS where possible.
• Check your email accounts for any suspicious activity, rule forwarding, or new filters that might be hiding breach notifications.
• Review your exchange account settings for any changes to withdrawal addresses or security settings.

Gathering Evidence of the Attack

Collecting evidence is crucial for reporting the incident to exchanges, law enforcement, and potentially for tracing your funds. Document everything thoroughly, even if it seems minor.

• Take screenshots of unauthorised transactions, suspicious login attempts, and any error messages.
• Collect transaction IDs, wallet addresses involved, and exact timestamps of the stolen funds.
• Save any suspicious emails or messages you received leading up to or during the hack.
• Note down dates and times you first noticed the hack, and any actions you took in response.

Contacting Your Crypto Exchange or Wallet Provider

Once you have gathered initial evidence, contact the support team of your crypto exchange or self-custody wallet provider immediately. Provide them with all the details you’ve collected.

• Explain clearly that your account has been compromised and funds stolen.
• Provide all relevant transaction IDs, wallet addresses, and screenshots.
• Ask them to freeze your account if possible, or provide guidance on further steps.
• Request any internal records they might have regarding the unauthorised activity.

Tracing Stolen Funds on the Blockchain

Blockchain transactions are public, which means you can often trace where your funds have gone. While this won't recover your money directly, it provides valuable information for law enforcement.

• Use blockchain explorers (like Etherscan for Ethereum, BscScan for Binance Smart Chain, or Blockchair for Bitcoin) to follow the stolen funds.
• Enter the thief's wallet address or the transaction ID to see the flow of funds.
• Look for deposits into known exchange wallets; this can sometimes help law enforcement identify the perpetrator if they try to cash out.
• Be aware that sophisticated attackers might use 'mixers' or multiple wallets to obscure the trail, making tracing more difficult.

Reporting to Law Enforcement and Cybersecurity Authorities

It's important to report the theft to the appropriate authorities. While law enforcement agencies often have limited resources for crypto crime, reporting helps them track trends and build cases.

• File a police report with your local law enforcement agency. Provide all the evidence you've collected.
• Consider reporting to national cybersecurity centres or fraud bureaus, such as ReportCyber in Australia.
• Be persistent and follow up with the agencies you report to, providing any new information you uncover.

Key takeaway

Dealing with a drained crypto account or wallet is a challenging situation. By acting quickly to secure your remaining assets, meticulously gathering evidence, contacting your providers, tracing the funds, and reporting to authorities, you give yourself the best chance of navigating this difficult experience. Remember to stay calm and methodical throughout the process.