Cointime

Download App
iOS & Android

Crypto Stolen? 15 Steps to Take After a Cryptocurrency Account Hack

Cointime Official

From Dilendorf Law Firm By: Max Dilendorf, Esq.

If your crypto exchange account has been hacked and funds stolen, you need to act fast. These steps will help you protect your assets, document the breach, and take the necessary actions to pursue recovery:

  1. Secure Your Devices and Accounts.

Protect every device you own. Update antivirus software, install the latest security patches, and immediately change all your passwords. Lock your credit reports to prevent unauthorized activity. Call your phone carrier to confirm your phone is secure and add a PIN for extra security.

  1. Notify the Exchange Immediately.

Reach out to the exchange right away. Provide the blockchain wallet address where your funds were transferred and request that they freeze the wallet, monitor its activity, and seize the funds if they reach an onramp. While the chances of the exchange acting are nearly zero, this step is crucial for building a record and improving your odds of recovery later.

  1. Don’t Blame Yourself.

These attacks are highly sophisticated, often carried out by organized criminal syndicates or state-sponsored actors. In 2023 alone, the FBI reported $5.6 billion in stolen cryptocurrency. Remember, your crypto exchange is your first and last line of defense to protect and safeguard your assets. Focus on taking action, not on self-blame.

  1. Preserve and Document All Evidence.

Keep a detailed record of everything related to the breach. Save emails, call logs, screenshots, transaction records, and any communication with the exchange. This evidence will be crucial for arbitration, legal proceedings, or any attempts at recovery.

  1. File an FBI IC3 Report.

Submit a report to the FBI’s Internet Crime Complaint Center (IC3). The online process takes about five minutes. While the odds of the FBI acting on your case are slim due to backlogs and resource constraints, filing the report is essential. You’ll need it for tax purposes and to support your arbitration claim.

  1. Provide Formal Notice to the Exchange.

If the exchange is liable for transferring your funds to unauthorized individuals during an account takeover (ATO), you must provide formal notice under the terms of the user agreement. For Coinbase, this requires a 45-business-day notice before you can file an arbitration claim. For Gemini, the notice period is 60 days. Meeting these deadlines is critical to preserving your rights.

  1. Understand Exchange Liability.

Under Coinbase’s user agreement, for example, the company is not responsible for thefts on its platform. The risk of loss falls entirely on the customer, and the company disclaims liability if your credentials are compromised and funds are stolen.

However, the customer may still have rights under the Electronic Fund Transfer Act (EFTA), which provides protections for unauthorized electronic transfers. This federal law could provide a pathway to recover stolen funds, so it’s important to determine if your situation qualifies under its provisions.

  1. File Complaints with Regulatory Authorities.

If you believe the exchange is at fault for transferring your funds without authorization during an account takeover (ATO), file complaints with the appropriate authorities. This includes local banking regulators overseeing the exchange, local consumer protection agencies, and federal agencies such as the CFPB and CFTC. If the exchange is licensed in New York, file a complaint with the New York Department of Financial Services (NYDFS), which regulates virtual currency businesses. These complaints help establish your case and bring regulatory attention to the incident.

  1. Begin Arbitration Demand After the Notice Period.

Once the formal notice period required by the user agreement has passed—typically 45 business days for Coinbase or 60 days for Gemini—you can file an arbitration demand against the exchange. The arbitration will be handled by a designated forum, such as AAANAM, or JAMS, as specified in your user agreement. Carefully review the agreement to confirm where your case will be heard. Arbitration is the next step in pursuing recovery.

  1. Engage Professional Legal Assistance.

It is highly recommended to involve an experienced attorney in your case. Arbitration heavily favors exchanges due to the terms of their user agreements, which often disclaim liability for thefts and require customers to use the platform on an “as-is” basis with no representations or warranties. Without professional legal support, consumers are at a significant disadvantage in these proceedings. An attorney can help level the playing field and ensure your claims are properly presented.

  1. Hire a Blockchain Forensics Firm.

Contract a professional blockchain forensics firm to trace where your stolen funds were sent. These firms specialize in tracking blockchain transactions and can identify wallets involved. In some cases, they may assist in working with exchanges or authorities to recover your assets.

  1. Prepare Your Arbitration Demand Carefully.

Your arbitration demand must include all applicable claims and adhere to the statute of limitations. Missing critical details or deadlines could weaken or void your case.

  1. File an Arbitration Demand.

After filing your arbitration demand, expect the process to take 9 to 12 months. This will include depositions, testimony from expert witnesses, discovery motions, and a final evidentiary hearing lasting up to five days. Arbitration is typically conducted online, with all parties, arbitrators, company representatives, and experts participating remotely. Be prepared for a detailed and lengthy process.

  1. Choose a Skilled Arbitrator.

Request a list of five arbitrators and carefully review their qualifications. Select one with expertise in cybersecurity claims and a reputation for fairness to consumers. The arbitrator’s experience and approach can play a critical role in the outcome of your case.

  1. Understand the Finality and Confidentiality of Arbitration.

Arbitration decisions are final and cannot be appealed, except in exceptional circumstances, such as proven arbitrator bias. The proceedings are confidential and bound by a protective order required by the exchange. These cases never reach the public eye—exchanges actively ensure that thefts on their platforms remain hidden from both the public and regulators.

Resources:

Comments

All Comments

Recommended for you