What to Do If Your Exchange Account Is Hacked
If your crypto exchange account is hacked, every minute counts. This post outlines five critical actions: freeze withdrawals, change passwords, enable 2FA, withdraw remaining funds, and submit a support ticket. It also explains how to prevent future hacks.
Discovering that your exchange account has been hacked is terrifying. But acting quickly can minimize losses. Follow these steps immediately.
1. Freeze Withdrawals
Most exchanges have an option to disable withdrawals from your account. Go to security settings and look for 'disable withdrawals' or 'lock account'. If you cannot find it, contact support via email or live chat and request an immediate withdrawal freeze. This stops the hacker from moving more funds.
2. Change Your Password
Use a strong, unique password that you have never used elsewhere. Do not reuse old passwords. If you use the same password on other sites, change those too. Use a password manager to generate and store complex passwords.
3. Revoke API Keys
Hackers often use API keys to trade or withdraw automatically. Go to your exchange API settings and delete all existing keys. Create new ones only after securing the account. Never share API keys with anyone.
4. Enable Two-Factor Authentication (2FA)
If you had 2FA, the hacker might have bypassed it via SIM swap or phishing. Check your 2FA method. Use an authenticator app like Google Authenticator, not SMS. Remove any old devices. Re-enable 2FA with a new code.
5. Withdraw Remaining Funds
After securing the account, withdraw all crypto to a private wallet (hardware or software wallet that you control). Do not keep large amounts on exchanges. Send a small test transaction first to confirm the address works.
6. Contact Exchange Support
Open a support ticket with all details: time of hack, suspicious transactions, and steps you took. The exchange may be able to freeze the hacker's account or recover funds if they act fast. Keep records of all communication.
7. Check Your Email and Devices
The hacker may have access to your email. Change your email password immediately and enable 2FA there too. Scan your computer and phone for malware. Use antivirus software. Consider factory resetting your phone if you suspect a SIM swap.
Preventing Future Hacks
Use a hardware wallet for long-term storage. Avoid storing large amounts on exchanges. Enable whitelist withdrawal addresses on exchanges. Never click links in unsolicited emails. Be wary of phishing sites that mimic exchange login pages. Regularly review account activity.
Being hacked is stressful, but these steps can limit damage. Learn from the experience and strengthen your security practices.