Educational Byte: Crypto Exchanges Can Be Hacked —and Your Data is Stolen, Too

Do you know what happens when a crypto exchange gets hacked? Because yes, it’s quite possible, even if these days black hats prefer weak DeFi protocols to do that. They still target crypto exchanges, and even big names aren’t exempt.

Well, when that happens and you’re a customer, it’s awful news for you. Your funds could be at risk, but also your face. Your personal data. The thing with centralized crypto exchanges is that almost all of them apply Know Your Customer (KYC) measures, which means they ask to verify your identity. Hence, they have valuable data about you, and that data can be leaked.

In May 2025, for instance, Coinbase suffered an attack of that kind. Hackers bribed rogue overseas support agents to get certain data about Coinbase customers, including name, address, phone, email, balances, masked social security numbers, and photographs. That made it easier for the cybercriminals to communicate with these customers on behalf of Coinbase and tell them lies about their accounts to steal their credentials and funds —a tactic called phishing.

They also asked for $20 million as ransom to return this data. Coinbase refused, and instead is offering that as a reward for information about the attackers. Who knows if these hackers can find another buyer in the Darknet, though? They probably can do it.

You may have heard that blockchains or distributed ledgers cannot be hacked directly, but there are ways to steal private keys to access funds. First, here’s an important point: when you keep your crypto on an exchange, you don’t have full control of it. The exchange holds the private keys, and you’re essentially trusting them to keep your funds (and data) safe.

In fact, your coins are often lumped together with everyone else’s in big hot wallets (connected to the Internet), and your account balance is just an IOU from the exchange saying, “We owe you this amount.” Not a real crypto wallet for you, but a fat wallet for hackers to steal only one private key. Or a few, in any case.

If hackers manage to trick employees into giving away passwords or private keys (through phishing emails, fake websites, malware, or... bribing), they could drain the exchange’s wallets. Another way exchanges get hacked is by exploiting security flaws in the exchange’s software or infrastructure. Hackers search for bugs in the code or weak spots in how the servers are set up.

Once they find a hole, they can slip in unnoticed and move funds out of their already opened wallets. Unlikely with current security standards, but still possible. Finally, some attacks happen from the inside. Employees (and even founders) with access to wallets or systems may misuse their privileges —an “inside job.”

Protecting Your Coins and Data: A Guide to Exchange Hacks

The most important tip is simple: don’t leave all your crypto on the exchange, and offer them as little information as possible. If you can use a specific email and phone just for this, the better.

To stay safe, transfer your coins to your own non-custodial wallet (with its own private keys). Ideally, also choose a cold wallet, which is offline and much harder for hackers to reach.

Obyte's main wallet is non-custodial, and you control your own private keys. However, if you send the funds to exchanges like Biconomy or NonKYC.io, you need to consider that they work like any other centralized exchange.

To securely save most of your funds offline, you can create a textcoin using the main wallet: more information.

What to Do If Your Exchange Gets Hacked

Even if you take precautions, sometimes the worst happens. If your exchange gets hacked, act fast: withdraw all your funds or whatever is left from the exchange as soon as possible.

Change your passwords immediately, enable extra security on your email accounts, and watch out for suspicious emails, calls, or texts. Hackers may use your leaked info to impersonate the exchange and phish you again.

You can also check if your data appears in leaks using services like HaveIBeenPwned. Finally, if your funds are stuck or lost after a hack, don’t panic —but don’t wait too long, either.

Contact the exchange’s support team and document everything. Some exchanges (or courts) reimburse losses or offer partial compensation. If the hack was big enough to go public, follow official updates on their blog or social media.

And if you suspect your identity is being misused, you can also file a complaint with your local cybercrime authority.

Staying Vigilant After a Hack

Staying vigilant after a hack is just as important as preparing beforehand! Monitor your accounts regularly and keep an eye out for suspicious activity. Don’t hesitate to report any issues you find.

Remember, it’s always better to be safe than sorry. Take control of your crypto and data, and protect yourself from the risks associated with centralized exchanges.