Since the internet boom in the ‘90s, we have seen technologies evolve. Things that seemed impossible years ago have become reality; technologies are turning the world into one tiny village. Disruptions have taken place in just about every sector you can think about, and the wind of change is blowing through the financial sector. As the world moves away from cash to wireless payments (think Google, Apple Pay, Stripe, etc), we have seen increasing adoption of cryptocurrencies.
Although cryptocurrencies and its associated technologies have achieved increased adoption and global attention in the last decade, a negative cloud is forming. This cloud represents the susceptibility of individuals, crypto exchanges and DeFi protocols to hacks and malicious attacks. As a result, several crypto investors have lost — and continue to lose — large quantities of their crypto tokens. In the first half of 2021 alone, data from CipherTrace show that losses from crypto thefts, fraud, and hacks amounted to $681 million. In 2020, this figure for the year was $1.9 billion. This year, we have already seen stolen crypto and NFT hacks worth billions of dollars. In April, Ronin Network suffered one of the largest ever crypto hacks, to the tune of $600 million.
Table of Contents (click to expand)
- Why You Should Be Extra Careful With Your Crypto
- How Do You Know Your Crypto Wallet(s) Have Been Hacked?
- 5 Ways Your Crypto Assets Can Be Stolen
- How to Recover Your Stolen Crypto: Comprehensive Guide
- Why Recovering Stolen Crypto Assets Might Be Difficult
- 5 Tips To Help Prevent Future Theft
- Final Words…
Why You Should Be Extra Careful With Your Crypto
Worse still, these hackers can disappear into the comforting hands of anonymity that the internet offers, forever. If you have invested in Bitcoin, Ethereum, or other tokens, here are two key truths you must bear in mind: 1) Your investments are a target for hackers and thieves, and 2) Getting back your stolen crypto can be tough — when possible at all.
While the former is something to keep in mind, the latter proves a daunting challenge. This is because crypto transactions are usually pseudonymous and, most times, irreversible. Thus, they are a popular target for thieves and hackers as it is challenging to put a face to a transaction, making it essentially impossible to trace and reverse criminal transactions.
If your hackers gain access to your crypto wallet, the chances of you getting your stolen funds are, therefore, very slim. In fact, data from CipherTrace shows that only 20% of stolen cryptocurrencies are ever recovered.
So, what are the steps you can take to recover your crypto if stolen? In this complete step-by-step guide, we delve into the den of thieves. We take a look at pointers to a possible hack and/or theft, ways in which hackers and thieves operate to steal crypto assets, and how you can go about recovering your funds, and how to prevent future breaches. That said, let’s get to it.
How Do You Know Your Crypto Wallet(s) Have Been Hacked?
Most hackers operate by prowling the internet, looking for weaknesses to exploit. While technological advancements are making crypto wallets more secure than they have ever been, crypto thieves still employ social engineering schemes such as hacks and phishing scams to have their way.
How then do you know that your wallet has been the subject of a crypto theft? Simple: if you notice unauthorized transactions with your crypto wallet (especially outflows), then a breach has occurred on your wallet. If notifications are set up for incoming or outgoing transactions on your wallet, you may be better placed to spot criminal transactions quickly and nip them in the bud.
Another pointer to a possible hack are strange transactions on your credit or debit card, especially if you connected them to your wallet. Many crypto thieves stop short of stealing your money, but some take it a step further.
5 Ways Your Crypto Assets Can Be Stolen
1) Compromised SMS verification Process
Crypto thieves who use this mode of attack specifically target people who operate with cryptocurrencies a lot. When you use a centralized exchange (CEX), very often the Two-factor authentication is active on your mobile phone. Usually, the aim of a thief here is to intercept SMS verification from the exchange. This compromise can occur via different means such as cloning, voice phishing, cloning your SIM card, or wiretapping. Once compromised, they use these SMS codes to “recover” or obtain access to your crypto wallet.
Malware never gets out of the toolkit of hackers and cyber thieves. Malware infections are still popular among crypto hackers, and they remain very potent against weakly secured assets. How does malware work? Simple: the hackers infect devices with keyloggers that steal your PINs and passwords. When the legitimate user of a PIN or password enters it into a website, these malware infuse cross-scripting infusions into webpages. The passwords or PINs are then redirected to different malicious websites which are often not noticeable by your browser. These malicious websites either download the ransomware or malware to a hackers’ device, or they steal your sensitive details. You can read more about malware and ransomeware here.
3) Phishing Attacks
This is the most popular and arguably the most effective way crypto thieves operate. With phishing, the potential victim gives access to their vaults by themselves, tricked by forged information that look like the legitimate emails and authentic websites of cryptocurrency exchanges. Usually, to increase the potency of a phishing attack, the attackers send “confirmation” emails to unsuspecting users.
These emails contain links that take the users to fake websites where they would have to input their authentication details. These details are then stolen and used to carry out transactions via the wallet at will. Detecting potential phishing attacks requires you to carefully and attentively check domain spellings (for example, a phishing email may require you to click on a link to opensea.com, although the legitimate website is opensea.io). Also, a Secure Sockets Layer Certificate (that little padlock on the left side of the address bar) must be present before you enter sensitive information.
4) Stealing Your Secret Keys
Usually, no financial operation(s) occurs with a cryptocurrency without two kinds of keys: private keys and public ones. Private keys are only available to their holders and they validate all transactions carried out by an owner. Public keys are used to confirm private ones. Private keys are stored in respective crypto wallets, and if the owner of a wallet loses its private key, the assets are inaccessible forever. By stealing your private key, a thief can transfer all your assets to a different wallet and you will lose them forever.
As a result, hackers use every possible method to steal keys, beginning with web browser extensions and other system vulnerabilities. Hot wallets are also a lucrative field for them as they usually run with CEXs (think Binance or Coinbase wallets). Cold wallets, on the other hand, exist as hardware devices. They are more secure than hot wallets, but if lost, the owner loses all their digital assets.
5) Mobile Applications With Poor Security Infrastructure
Although many crypto asset holders do not know this, not all exchanges and trading applications are secure. This could be as a result of security backdoors or poor architecture, making them susceptible to cyberattacks. Often, these platforms are also susceptible to data leakages such as API keys and sensitive information of users that may be stored in unencrypted databases. When these attacks occur, crypto asset stored on these exchanges and applications may be stolen by the attackers.
How to Recover Your Stolen Crypto: Comprehensive Guide
We outlined the pointers to a possible theft in the preceding paragraphs, but if the worst happens, can you get back your stolen cryptocurrency? When you hold your hot wallet’s private keys, it is generally impossible to recover stolen cryptocurrency. Digital assets are intended to be used in one-way transactions. Unauthorized transactions involving stolen funds are just as (un)secured as authorized transactions. Safe practices can help to avert future theft.
But don’t give up hope. This guide will explain what you can do if you become a victim of crypto theft, as well as how to avoid becoming a victim in the future.
Why Recovering Stolen Crypto Assets Might Be Difficult
It is extremely unlikely that you will reclaim your stolen cryptocurrency. Theoretically, it is possible for you to track your stolen crypto by checking transactions on the blockchain, but this is difficult in practice as a result of the system’s anonymity. Additionally, a crypto thief would most likely convert the stolen crypto to fiat, almost immediately, using an exchange.
Yes, most activities leave traces that you may be able to follow to unmask the criminal. Even if you do successfully obtain the details via public ledgers, you have very few options through which you can recover your stolen funds because cryptocurrencies are naturally decentralized.
Determine if Recovering The Asset is Worth It
Because it is emotionally draining and expensive to try to recover stolen crypto assets, it is important to weigh your options before going that route. It’s up to you whether it is worth the while to get professional help or simply let go. This is especially true if you haven’t invested a large portion of your funds in crypto.
That said, these 5 tips can help you get back your stolen cryptocurrency:
Use a Bounty Hunter or Recovery Service
There are websites that allow you to post bounties if you are willing to pay reasonable amounts to get your funds back. A blockchain locator expert will investigate the theft and determine if the funds are recoverable for a given price. Bitcoin Bounty Hunter is a great place to start. It is important to note, however, that these services are expensive and often do not provide additional information beyond what is publicly available.
You can also use a blockchain explorer like Blockcypher to track money movement. The site provides the user’s bitcoin address. It then looks up the Bitcoin address at Bitcoinwhoswho to find the owner.
Contact the Police (Where Applicable)
While official complaints won’t help you recover stolen cryptocurrency, filing some paperwork or having a case number is not a bad idea. You never know if you’ll end up with an insurance claim or a lawsuit. Evidence that shows that you took the theft seriously can help if you need to prove you’re right.
P.S: Contacting the authorities may not yield any fruits if your country of residence has either outrightly banned cryptocurrencies or do not recognize them as legitimate financial assets. It may prove counterproductive to report, as this act may get you in hot water with the authorities.
Contact the Exchange Involved
If you discover that your cryptocurrency has been stolen due to an attempt to hack your account, you should act immediately. Delaying the tracking process allows hackers to hide their traces by transferring your assets to cold wallets and subsequently to another exchange.
If your crypto exchange is well known, you are more likely to get help. If you take action quickly, you can freeze your funds on the platform, depending on the stage or level of theft. However, note that exchanges are not obligated to help. Additionally, the governments of some nations do not consider cryptocurrencies an asset, which reduces the likelihood of government support.
To get across to the exchange, simply check out the Contact Us page on the exchange’s website.
Follow the money
In blockchain, transactions leave trails that can be traced. It’s also quite easy to figure out the thief’s wallet address. It is possible for you to track the recipient address. If thieves try to transfer funds from your account to the exchange, report it to the cryptocurrency exchange immediately.
Most exchanges require traders to provide Know Your Customer (KYC) details such as address and name before converting or trading cryptocurrency to fiat. Reporting a case can help the exchange track down thieves. This is why reporting to the police is so important.
Once again, blockchain researchers like Blockcypher can help trace your assets. The website provides the Bitcoin address of the perpetrator, which can be found at www.bitcoinwhoswho.com to verify the owner.
It is important to keep in mind, however, that there is no guarantee that this method will definitely get you back your money.
Here is a helpful tutorial that can help you recover your stolen cryptocurrencies:
5 Tips To Help Prevent Future Theft
Here are a few tips to prevent future loss of your crypto assets to thieves:
Enable multi-factor authentication
First, make sure multi-factor authentication is enabled on your exchanges. Use an authenticator app instead of SMS. Where it is possible to operate without the SMS authentication option, turn it off.
Set up your encryption account using a different email address and unique password. We recommend that you create a new email account that will only be used for cryptocurrency accounts. This reduces the likelihood that your email will be used as a target against you.
Use A Hard or “Cold” Wallet And Spread Assets Across Different Exchanges
Store your cryptocurrencies offline in a “cold or hard wallet”. This involves using online methods to store digital coins offline to minimize the chance of being stolen by hackers. Additionally, several crypto exchanges have been the subjects of hacks recently. Spread your investments across exchanges to reduce the chance of your funds being hacked.
Keep Your Wallets Safe
The extra layer of security may make it a bit difficult to complete tasks in your wallet, but it is essential if you want to protect your funds from intruders. So, if you own a cryptocurrency wallet, make sure there are adequate security checks in place, and use them whenever possible. After all, no security measure is out of the question when your valuable crypto assets are at stake.
Improve Your Overall Security Apparatus
Take the time to improve the overall security of the gadgets you use to interact with your crypto assets. Learn more about gadget security and how you can improve it using sites like Data Overhaulers.
Protect Your Remaining Assets
If there are any of your crypto holdings left in your compromised wallet, it goes without saying that you should move them out. Delete such a wallet and get a new one to replace it. Change the passwords and secure codes associated with your account on the affected exchange immediately. Change the email account connected with the account. If there is any reason to believe the device you used to log in to your account is compromised, please reformat the device or, better still, quit using it altogether.
It sucks to have your hard earned assets stolen. Worse still, often these crypto assets may be worth thousands or millions of dollars — more than many will ever make in their lifetimes. However, recovering your funds and preventing a recurrence of such are more important. If you follow the tips provided in this guide, you are unlikely to become a victim of crypto thefts (at least not to devastating proportions). What other option would you recommend to someone who has their crypto stolen? Leave a comment with your suggestions.