Crypto Exchange Security Breaches–Are You at Risk?

By Evan Spicer

Director of Cryptocurrency Investigations


Cryptocurrency has dominated headlines in 2021 and the trend is set to continue well into 2022. Unfortunately, much of the news about bitcoin and other crypto-assets has been about fraudulent activities, hacking and theft. 

In some cases, crypto platforms will take the responsibility for losses and may reimburse customers. However, not all crypto platforms and exchanges have the resources or the will to protect users. It is important to be aware of the risks before purchasing, using or trading cryptocurrencies. 

One reassuring occurrence in many of these stories is the number of times cryptocurrency can be recovered. Although all transactions are anonymous, they are all recorded on the blockchain. This means once the identity of the party is uncovered, it can relatively easy for an investigator to follow the money. This is unless the hackers use sophisticated methods of disguising the tracks. 

If you have lost money in a cryptocurrency transaction or as the result of hacking of a crypto exchange, speak to fund recovery experts. MyChargeback will consult with you and will help you file and bolster your claim. 

MyChargeBack gives guidance to consumers who are trying to recover their funds from merchant disputes, crypto scams or other types of fraud. Talk to MyChargeBack professionals and get started on fund recovery. 

The BitMart Hack–Taking Responsibility for Customers

Hearing that the place where you keep some of your money got hacked is certainly unwelcome news. However, in the case of BitMart, a crypto trading platform, customers may be able to breathe a sigh of relief. 

Hackers stole $150 million in assets from BitMart customers, according to the exchange. However, a third-party security firm, Peckshield set the amount closer to $200 million. The theft was the result of a large-scale security breach. In a statement, the company said the breach was of just two keys that contained huge assets and that most of the accounts were unharmed. BitMart also said in the statement that it would reimburse customers for their losses. 

There are many ambiguities in this situation, but all in all, it seems safe for BitMart customers. The discrepancy in the amounts cited by the company and Peckshield was not explained. BitMart’s statement indicated that it had identified the source of the hack and was confident it would reimburse clients. This could indicate that it has managed to successfully recover funds from the hackers or it could be that BitMart has sufficient market capitalization to cover losses. 

The hackers, however, used methods that would make the stolen funds hard to trace. They used a decentralized exchange aggregator to transform the currency into ether and deposited the funds into a private mixer called Tornado Cash to make it harder to trace. 

Whether the funds were recovered from the hackers or they came from BitMart’s own digital wallet, customers are lucky indeed when the crypto exchange has the transparency to admit immediately to a hack and to have sufficient capitalization to cover losses due to security breaches. 

One takeaway from this case is to work only with a regulated exchange that is guaranteed to have generous market capitalization. Also, only choose an exchange that uses cutting-edge security. Hackers are evolving methods, and cybersecurity standards have to stay a step ahead to keep customers safe online. 

The Risk of Fake Cryptocurrency Platforms

Norton AntiVirus estimates that there are 2,200 hacks every day. Given the fact that hacking attempts are a common or even expected occurrence, it is relatively easy for crypto exchanges to claim they were hacked so they can keep money from clients. This is like the digital equivalent of insurance fraud and it, unfortunately, happens from time to time. 

Some crypto platforms hide behind claims they were hacked as a way to make off with clients’ funds. They usually will disappear after making the claim and launder the cryptocurrency. A few have been tracked down trying to get away with this but often some manage to hide out for some time. 

The way to tell the difference between an actual hacking, like BitMart’s, and a false one is that if a real hack has occurred, the crypto exchange will continue communicating and will work together with authorities. They will issue updates and at least search for fund recovery solutions, even if they may not be able to pay customers back for their losses. A refusal to communicate and disappearing from the scene is an indication that no real hacking occurred and the cryptocurrency exchange is the culprit. 

Holding Hackers Hostage–a Crypto Fund Recovery Success Story

In some cases, the crypto exchange not only shows accountability when hacking occurs but manages to track the culprits down. One of the biggest crypto thefts in recent history resulted in the exchange convincing the hackers to return most of the money. 

Poly Network, a service that combines several blockchains so they can work together, lost $600 million in clients’ funds in one of the largest hacks on record. The hackers found a way to insinuate themselves in the communication and took $600 million. 

However, Poly Network alerted customers immediately that they located the hackers and issued them a stern warning of the consequences of such a major theft. Unexpectedly, the hackers returned nearly all of the money they stole. 

“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Tom Robinson, chief scientist of blockchain analytics at Elliptic, was reported by CNBC as having written in an email. “In this case the hacker concluded that the safest option was just to return the stolen assets.”

How to Stay Safe Using Crypto Exchanges and Platforms

Clients of BitMart and Poly Network were certainly fortunate to have selected the right crypto platform if they were destined to be hacked, but not everyone is so lucky. Many crypto platforms are unregulated, do not provide genuine services and are trying to deceive the public. Others are legitimate but not sufficiently capitalized or secure to deal with hacking and the aftermath. 

Before selecting a crypto exchange answer the following questions:

  • Is it regulated? 
  • What kind of anti-virus or anti-hacking protection does it provide?
  • Is it well-capitalized?
  • Is it transparent about how it deals with hacking and customer losses?
  • Does it have a solid reputation and good reviews?
  • Is it clear about its terms and conditions and guarantees?

If you have lost money in a crypto exchange security breach or through a crypto fraud, contact fund recovery professionals today. 

Consult with MyChargeBack experts and get started with your fund recovery claim. We have extensive working knowledge and relationships with law enforcement agency cybercrime units and can improve our prospects of getting your money back.