Buy Crypto
Markets
Trade
Futures
Earn
Square
More
Binance Blog

Crypto Myths – Debunked! Part 7: If an Exchange Is Hacked, You Lose All Your Crypto

2023-04-28
Crypto Myths – Debunked!

Main Takeaways

  • Over the years, crypto exchange hacks have occurred occasionally, with user funds getting stolen in the process. Whether users recover their assets in the aftermath of such events depends on the exact case and circumstances.

  • In the unlikely event of a significant hack, responsible exchanges can safeguard user funds with measures like using cold storage and putting up robust security systems. Some go even further, protecting their customers’ assets via insurance funds or other mechanisms that are deployed in exceptional circumstances.

  • Binance’s SAFU fund contains $1 billion worth of crypto assets set aside to compensate users in the case of extreme events such as a security breach.

With blockchain still being a relatively new technology, many falsehoods and misconceptions exist around crypto. Today, we will look at what happens if a crypto exchange is hacked and why it doesn’t always mean your funds are lost for good.

Many believe that once a crypto exchange holding one’s assets is hacked, there’s no way to get back the money. With millions of people regularly using centralized exchanges, today’s myth is one of the biggest we’ve taken on so far. If you’ve ever taken this misconception at face value – it’s time for a debunking.

In our Crypto Myths – Debunked! series, we take the most common false beliefs and show them for what they really are. It is an important part of our efforts to promote crypto literacy and shake off the stigma of one of recent history’s biggest innovations. Time to bust some crypto myths!

Myth: If an exchange is hacked, you lose all your crypto.

What Happens if a Crypto Exchange Is Hacked?

Crypto exchanges are online platforms that allow users to trade digital assets. While such exchanges, centralized and decentralized, provide convenient access to the world of digital finance, they can be vulnerable to hacking. Today, successful attacks on big exchanges are extremely rare. However, if an exploit does occur, the consequences for users can range from minor inconvenience to catastrophic loss of funds.

In severe cases, criminals may gain access to the wallets that hold users' funds and siphon off large amounts of cryptocurrency. Due to the nature of blockchain, these actions will be irreversible.

Additionally, the hacker may be able to access sensitive user information such as email addresses, passwords, and identification documents. These can be used for further attacks, such as phishing or identity theft. 

The possibility of such hacks, however, is not unique to crypto platforms: banks and other traditional financial institutions are as likely to become targets of criminals looking to compromise their internal systems to steal money.

Responsible crypto exchanges have layers of security measures and policies in place to ensure that hacks don’t happen. Yet, even in the highly unlikely event that nefarious actors manage to steal digital funds from an exchange, it is still far from game over. 

Although security breaches do happen on a central level, attackers are more likely to obtain unauthorized access through fraud: targeting individual users with highly sophisticated social engineering tactics to get them to disclose their login credentials and bypass two-factor authentication methods. 

Following the Stolen Funds

What happens in the case of a successful hack largely depends on the actions of law enforcement. Generally, the larger the scale of a hack, the more likely investigators are to invest significant resources in tracking down the perpetrators.

Thanks to the transparency of records on public blockchains, the stolen funds can be traced quite easily, making it difficult for the hacker to get away with the spoils. If the authorities find a way to link the wallets through which the funds move to the identities of hackers or their accomplices, the criminals are in trouble. Once they are arrested, law enforcement will most likely be able to seize at least some of the stolen money and use it to compensate the victims.

For example, in 2016, the Bitfinex exchange was hacked, resulting in the loss of approximately $72 million worth of bitcoin at the time. U.S. government agencies were able to recover the majority of funds and return them to users.

The victims of a 2014 hack of the exchange Mt. Gox were less lucky. Some $460 million worth of bitcoin was lost, and the exchange was unable to recover much of the money, leaving users with significant losses. Repayments began in 2023 with some recovered funds, but much is still missing.

As you can see, even the assets lost in major heists can be eventually recovered. However, it is an arduous, lengthy process, and no one can guarantee the desired outcome. Luckily, there are also things that the exchanges themselves can do to protect users in the event of a security breach.

What Can Exchanges Do?

Crypto exchanges constantly face threats from hackers and other malicious actors seeking to steal user funds. Exchange platforms implement various security measures to safeguard the funds that customers entrust to them. One good practice is to utilize cold storage, keeping user funds offline in hardware wallets. Careful consideration of the risks and benefits is needed to maintain the proper levels of liquidity for exchange operations to continue smoothly while minimizing any potential, even if unlikely, risks to user funds.

Multi-factor authentication and password policies are among other common security features used to prevent unauthorized access to user accounts. Many exchanges also have a cap on withdrawal amounts, with additional checks required to go beyond the limit. User education is also key to avoiding falling victim to scammers. 

Furthermore, some exchanges have proactively established insurance funds to provide additional protection to their users. One prominent example is Binance's Secure Asset Fund for Users (SAFU), funded by a portion of trading fees, which covers losses incurred by users as a result of extreme situations such as hacks. Some other exchanges have also established similar funds or insurance policies to provide an additional layer of protection for their customers.

Case in Point: The SAFU Fund

For example, in the event of a security breach or hack, Binance will use the funds in the SAFU fund to reimburse affected users. The compensation each user receives will depend on the extent of the breach and the amount of funds lost. 

Having established the fund in 2018, Binance began allocating 10% of all trading fees toward it, aiming to have $1 billion (USD) of assets available to use in emergency situations. Moving forward, Binance will continue to monitor the size of SAFU to ensure that it remains adequate to protect users' interests.

Our SAFU fund is also transparent and verifiable by anyone. You can check the status of the assets by checking the wallet addresses below.

A comprehensive self-insurance initiative, the SAFU fund is a testament to Binance's commitment to the security and well-being of its users. It represents a significant step forward in building trust and confidence in the cryptocurrency market.

Final Thoughts

Crypto exchanges employ a variety of policies and security measures to safeguard users’ funds and data from potential hacks. Exchange insurance funds are an excellent tool for providing extra peace of mind for users. After all, even the most advanced security systems are not infallible, and there always remains a possibility of a hack.

We have previously called on all centralized exchanges to introduce similar measures. Self-insurance benefits the entire ecosystem and demonstrates our collective commitment to raising the bar on upholding trust, integrity, and transparency in the crypto industry.

Fact:  Responsible exchanges constantly improve their security systems and build safety nets for their users, ensuring robust protection of customer funds in the face of potential hacks.

Further Reading