My wallet has been hacked. Help!
Since it’s already happened there is not much you can do.
Imagine that you’re entering your wallet and seeing no coins and several transactions to unfamiliar addresses. That likely means you’ve been hacked.
Due to the anonymous nature of cryptocurrency ‘ownership’ is determined by whoever holds the codes for it. So if it’s gone - in majority cases - it’s gone. You may track the address of the last wallet but it will give you nothing. Notify the company - it's possible you are not the only one - and review your wallet and PC/smartphone security, if it has significant flaws.
Although if you kept your coins at a crypto exchange wallet and that exchange was hacked, there is a possibility that some kind of compensation will follow. The best thing you can do to protect your wallet is to make sure you’re aware of possible threats and you use your wallet correctly.
How could this ever happen? How can hackers steal cryptos?
Hackers use simple human weaknesses
The most popular type of fraud is phishing. Hackers may sent you a fake email from behalf of your wallet service, containing a fake URL, which may differ by one or several letters from the real URL of your wallet service. Or hackers even may redirect the right URL to fake URL when you’re entering the online wallet. The latest huge phishing scam occured on April 24 2018 to My Ether Wallet users, who lost in total $150,000 worth of Ethereum in a DNS hack.
Besides of phishing, hackers use simple human mistakes, such as keeping private keys in mail, exposing the keys at public, using public unprotected networks that allows hackers to sniff all the information and find the password. Big amounts of tokens and large transactions may attract hackers to hack exactly your wallet.
Where should I keep the keys, then?
The shortest answer here is that offline is better than online.
A popular mistake is to keep crypto wallet keys in email, Google Drive or Dropbox, or any notes app in your smartphone. These are the first places hackers usually try to get in. In order to save your coins, you can relocate keys to any less obvious storage. You may record it to an USB stick, or just write it down and keep it in your drawer - you obviously shouldn’t expose it to anyone else.
What if I lose my keys?
It depends on the type of wallet you use.
For most popular software wallets, it’s ok to know only your backup phrase, a mnemonic phrase, consisting of 12 words. In case you forget your pin, you should just delete the app, install it again using the backup phrase, and create a new pin.
There are wallets that provide access via Touch/Face ID instead of pin-codes. For example, in the Lumi app, you should just switch on Touch/Face ID in the app settings. The good thing about apps like Lumi is that the only thing you need to know is a backup phrase. The bad thing is that once you’ve lost the backup phrase, you’ve lost an access to your wallet. In this case, technology is helpless. The last hope for such luckless crypto owners is hypnosis.
I noticed that my wallet sets a new address every time I sign in - is it ok?
Yes, it’s for your wallet safety.
This method is called HD-safe, or "hierarchical deterministic", and means that every time you send or receive funds, a new address will be generated for your wallet. That’s a useful option, because it makes your transactions harder to track, and impossible for hackers to calculate the actual amount of money you keep at your wallet. If you need to transfer a big amount of coins you better split it to several transactions.
Is there an ideal wallet type with the best security level?
No. All wallets differ by online and offline types, and the security mechanisms differ respectively.
The majority of existing online cloud wallets, or so called ‘hot’ wallets, use two-factor authentication, in case hackers try to enter your email. ‘Warm’ wallets, the ones that you install as a software to your computer, or as an app to you smartphone, use 12-word backup phrase and pin-codes. ‘Cold’ wallets are hardware ones, that are located at a USB stick or a special gadget — it seems like the most secure way so far, but, according to a recent report, even hardware wallets are not foolproof. Regular updates and careful key management are still vitally important. Whatever kind of wallet you use, you should make sure that your laptop or smartphone doesn’t contain malware.