Content theft has persisted as one of the worst ills of the internet generation. Data breaches and identity thefts have always left victims with a sour taste. Bitcoin wallets have been hacked and owners’ wealth stolen on several cases. Are there ways to ultimately prevent one’s wallet from being hacked? Is there any way of recovering stolen funds from a hacked wallet? Are exchanges obliged to refund Bitcoins stolen from a virtual wallet?

Every hoster of virtual wallets and exchanges will always inform wallet owners of the importance of employing sometimes very basic, and at other times a bit more sophisticated measures in safeguarding their wealth. These hosts and exchanges basically provide the avenues and systems of enhancing the security of Bitcoin wallets, yet the buck stops with wallet owners to ensure that their wallets are secure, at least most of the time.

Nevertheless, due to one reason or another, certain individuals may have the security of their wallets breached, some people have even had some or all of their wealth stolen. Most people who have been in such a situation have barely known what next to do. Which gives rise to the question:

What do you do when your wallet is hacked?

A product manager of a hardware wallet who prefers to remain anonymous in responding to the above question says:

“Well, if a user’s account and password got hacked and he/she did not have ‘two factor authentication’, then he/she does not have a strong position to talk to his/her exchange but I think such a user could at least try to do the blockchain analysis”

The source continued by saying that such analysis would reveal if the hacked coins passed through a certain exchange, at which point the user can make a report to the police, knowing that most exchanges do comply with authorities.

In conclusion, our source said:

“Hacking is a criminal offence in most jurisdictions, so I guess if any user’s computer or account got compromised, such a user could report to police.”

What are the chances of getting your stolen Bitcoins back?

Roman Mandeleil is the CEO and founder of ether.camp. Roman states that in the history of Bitcoin, 99% of stolen coins were never returned, saying that the bulk of the responsibility of keeping one’s wealth secure lies in the hands of the wallet owner.

Asked about what necessary steps users should take to ensure the safety of their wealth, he responded as follows:

“Don't give your private key to anybody nor website or a person, keep it encrypted on your personal domain that would be secured enough.”

Roman Mandeleil, CEO and founder of ether.camp

Cointelegraph also sought the opinion of a bitcoin lawyer in Dmitry Machihin from Cointelegraph Blockchain Legal. He responded by saying:

“Unfortunately, this problem is unsolvable at the moment. If someone stole your key and made some illegal transactions with BTC the only legal way to get some justice is to complain to police or other responsible authorities with all known information. Almost in each country you have a special police department which occupies only IT crimes and hacking is most popular among these crimes. I cannot give an example of such case, where violated rights of a BTC owner was restored but I can ensure that anyway you must always do your best and this approach could lead to some changes in legal insecurity of cryptocurrencies. Let's say that comparative freedom of cryptocurrencies is compensated by absence of its owner's defence mechanism. Still a lot for BTC developers and lawyers to work with.”

It is an asymmetric engagement

Joel Cano of Mexican Bitcoin Exchange thinks that hacking in general will always be an asymmetric engagement, therefore needs to be a shared responsibility between users and service providers. He says that service providers need to follow procedures and install up-to-date technologies to prevent such events, and on the other hand, users also need to correctly apply such prevention procedures or use technology in the way it is indicated. He continued by saying that a combination of cold wallets, multi-sig, 2FA, and other technologies has to be available for customers, but if the customer does not use it correctly such a customer is subject to more sophisticated forms of social hacking or the physical access and tampering of devices. According to Joel, “The name of the game is prevention.”

Asked whether the recovery of funds stolen from a customer depended on the ability of the given exchange to track hackers, Joel responded by saying:

“Not necessarily, I guess you may have different scenarios and responsibilities depending on whom and where the breach originated. Customers and service providers need to work together to fight this asymmetrical engagements. It is a fight against hackers and not between customer and service providers. For example, at meXBT we just released a white paper with our partner IdentityMind on how we were able to prevent a fraud that even regular financial institutions were not able to detect. And we were able to return the stolen funds from their bank account to the customer.”

Alex Matanovic bares his own thoughts as follows:

“Well, of course, nothing beats good prevention, and exchanges should work together with customers to make sure bitcoins are as safe as they could be. However, problems happen. I would say there are 2 types of problems;

First, there is a case when user’s account gets hacked. It could be done both as a consequence of user’s or exchange’s lapse. As long as exchange and user agree about whose fault it was, there should be no problem in deciding who will take the losses. It becomes tricky when the exchange and user blame each other for the hack. Who has the final word in that case? Or to whom should the user complain to try to get his coins back? I guess with the fully compliant and regulated exchanges some kind of legal action from user could give results. Sadly, most of the exchanges are not like that and users would have a really hard time getting their coins back even if the loss wasn’t their fault. It becomes even worse if the user is not a resident of the country where the exchange is registered.

Second, there is a case when the exchange platform gets hacked. In that case there is no doubt about whose fault it was, but there is a question whether the exchange has enough funds to recover the losses (like Bitstamp a year ago) or it doesn’t (like MtGox 2 years ago). User may complain, they can even undertake some legal actions, they can win the case, but if the exchange is broke, there is simply no money (bitcoins) to recover their losses. It is a kind of a regulatory issue again. When a bank fails, there is usually a central bank to bail it out and save the customers from losses. But when a bitcoin exchange fails, there is no one to step in.

It is up on the regulators to define the rules for all the parties involved... like what are the obligations of exchanges and customers, how the exchanges should keep their funds safe, perhaps impose deposit insurance, etc. Until that happens, keeping the funds at a bitcoin exchange remains risky and people should take care of themselves – they should choose the exchange wisely, actually read T&C before clicking they have read them, take necessary security measures and, of course, keep online only what they can afford to lose.”

Alex Matanovic

Hosts and exchangers are residentially responsible for providing security systems for their clients and users. However, it is the imminent responsibility of wallet owners to ensure that their critical  information is kept in a secure environment very far away from the hawks waiting to pounce on their hard earned resources as the cyber space awaits more formidable and effective systems to check the activities of hackers and thieves hovering around the space seeking wealth to steal.