What to Do if Your Exchange Gets Hacked? (Steps to Take Immediately)

Secure Your Personal Accounts

1. Immediately change passwords for all cryptocurrency-related accounts, including email, exchange platforms, and wallet services.

2. Enable two-factor authentication using an authenticator app instead of SMS, as SIM swapping attacks remain prevalent in the crypto space.

3. Revoke all third-party API keys associated with the compromised exchange through your account settings or developer dashboard.

4. Scan your device for malware using updated security tools—keyloggers and clipboard hijackers are frequently deployed during exchange breach follow-ups.

5. Check browser extensions for suspicious add-ons; malicious extensions have been used to redirect withdrawal addresses on multiple occasions.

Document Every Detail

1. Take screenshots of all transaction histories, deposit records, pending orders, and support chat logs before the platform restricts access.

2. Export wallet address lists, seed phrase backups (if stored offline), and any confirmation emails related to recent deposits or withdrawals.

3. Note timestamps down to the minute for every anomalous activity—this level of granularity has proven critical in forensic audits conducted by blockchain analysis firms.

4. Save HTTP status codes and error messages displayed when attempting logins or fund transfers; these often reveal whether the breach involved backend manipulation or front-end injection.

5. Archive DNS resolution results and SSL certificate details from the exchange’s domain at the time of incident—these assist investigators in identifying infrastructure compromises.

Engage With Official Channels

1. Monitor the exchange’s official Twitter, Telegram, and blog for verified announcements—do not trust unsolicited DMs claiming to represent customer support.

2. Submit formal incident reports via the exchange’s designated security email, ensuring headers include “URGENT: SECURITY INCIDENT” to prioritize routing.

3. File a report with relevant financial intelligence units if your jurisdiction treats crypto assets as regulated financial instruments—for example, FinCEN in the U.S. or TRACFIN in France.

4. Contact your bank or card issuer if fiat deposits were made via credit/debit cards, as chargeback eligibility may apply depending on regional payment regulations.

5. Avoid signing any settlement agreements without reviewing them with legal counsel familiar with digital asset custody liabilities and smart contract enforceability.

Analyze On-Chain Evidence

1. Use blockchain explorers like Etherscan or Blockchair to trace outgoing transactions from your known deposit addresses to identify unauthorized movement patterns.

2. Cross-reference transaction hashes with known mixer services or high-risk exchange deposit addresses—this helps determine whether stolen funds entered laundering pipelines.

3. Examine gas usage and contract interaction flags in Ethereum-based movements; abnormal call depths often indicate exploitation of reentrancy vulnerabilities.

4. Identify whether transactions originated from hot wallets versus cold storage—this distinction influences recovery probability and custodial responsibility assessments.

5. Track token transfers across bridges and layer-two networks, especially where wrapped assets show inconsistent mint/burn ratios post-breach.

Frequently Asked Questions

Q: Should I withdraw remaining funds immediately after hearing about a hack?Yes—if the exchange remains operational and withdrawals are still enabled, move assets to self-custodied wallets. Delaying increases exposure to cascading failures or emergency freezes.

Q: Can I recover stolen coins through blockchain forensics alone?No. Forensic tracing identifies paths but does not grant ownership restoration. Recovery requires cooperation from downstream exchanges, legal injunctions, or voluntary return by threat actors.

Q: Is it safe to reuse my old wallet address after an exchange breach?No. If that address was used for deposits into the compromised platform, it may be monitored for reuse. Generate new receiving addresses for all future interactions.

Q: Do hardware wallets protect me if my exchange is hacked?Yes—provided you never imported private keys or seed phrases into the exchange interface. Hardware wallets only secure assets under your direct cryptographic control, not those held in custodial accounts.