What Happens If a Crypto Exchange Gets Hacked or Goes Bankrupt?

By / August 21, 2025

What Happens If a Crypto Exchange Gets Hacked or Goes Bankrupt?

Cryptocurrency history is full of hard lessons—some from hacks (stolen hot-wallet keys, insider compromise, supply-chain attacks), others from bankruptcies (liquidity crises, fraud, regulatory actions). If you keep coins on a centralized exchange (CEX), it’s essential to know what typically happens in each scenario, what it means for your funds, and how to protect yourself.

This guide breaks down the immediate steps exchanges take after a hack, how user balances are handled in insolvencies, how courts have treated customer assets, real-world timelines from major cases, and a practical action plan for users.

Quick reality check: even large exchanges have been hacked—Bybit (~$1.5B, Feb 21, 2025) and DMM Bitcoin (~$305–308M, May 2024) are recent examples linked by law enforcement to DPRK’s “TraderTraitor/Lazarus” actors. (Internet Crime Complaint Center, Reuters, Federal Bureau of Investigation)

Hack vs. Bankruptcy: What’s the Difference?

  • Hack (security incident): Criminal actors compromise hot-wallet keys or related systems and drain funds. Exchanges typically halt withdrawals, rotate keys, trace funds, and coordinate with other platforms and law enforcement. Depending on reserves/insurance and policy, they may cover user losses or create a remediation plan. (Binance, WIRED)
  • Bankruptcy (insolvency): A court-supervised process—often Chapter 11 reorganization (continue operating, propose a plan) or Chapter 7 liquidation (wind down, sell assets). The automatic stay pauses most collection activity while claims are evaluated and distributions determined. User outcomes depend on jurisdiction, terms of service, how assets were held, and the plan approved by the court. (United States Courts, Legal Information Institute)

What Typically Happens Right After a Hack

  1. Immediate freeze & forensics
    Withdrawals and deposits are paused; hot keys are rotated; internal and third-party incident response begins. Public disclosures follow, sometimes within hours. Binance (2019) paused activity and publicly detailed a 7,000 BTC breach, later stating losses would be covered. (Binance, WIRED)
  2. Tracing and law-enforcement coordination
    Exchanges, analytics firms, and agencies try to flag attacker addresses, request freezes, and follow laundering flows across chains, bridges, and mixers. The Bybit case shows rapid conversion and cross-chain movement, with the FBI issuing a public PSA and sanctions-style blocking requests. (Internet Crime Complaint Center, Wilson Center)
  3. User compensation options
    Outcomes vary by venue and scale:
  • Some platforms absorb losses via internal funds (e.g., Binance’s SAFU emergency fund has been used after incidents). (Binance, Binance)
  • Other platforms design tokenized claims or staged redemptions (e.g., Bitfinex 2016 BFX tokens, fully redeemed or swapped into equity within ~8 months). (support.bitfinex.com)
  • A portion of assets may be recovered/frozen with industry help (e.g., KuCoin 2020). (KuCoin)
  1. Longer-tail investigations & attributions
    Major heists in 2024–2025 (DMM Bitcoin and Bybit) have been publicly attributed to DPRK TraderTraitor/Lazarus, reflecting nation-state sophistication. (Federal Bureau of Investigation, Reuters)

What Happens If an Exchange Goes Bankrupt

The legal frame (U.S. overview)

  • Chapter 11 (reorganization): The company operates as “debtor in possession” while formulating a plan to repay creditors over time. Users file claims, and distributions follow court approval. (United States Courts)
  • Chapter 7 (liquidation): A trustee sells non-exempt assets and pays creditors by priority; the business ceases operations. (United States Courts)
  • Automatic stay: Filing triggers a broad injunction that halts most collection actions—relevant for customers, vendors, and counterparties. (Legal Information Institute)

Key practical point: In bankruptcies, claims are often valued in fiat at the petition date, not at current crypto prices. In the FTX plan, most customers were slated to recover based on USD values from Nov 2022, which meant missing subsequent market gains. (PR Newswire, Investopedia)

Do customers “own” coins on an exchange?

It depends on terms of service, account type, and custody structure:

  • In Celsius (a lender, but highly instructive), the court ruled that assets in Earn accounts were property of the estate, making depositors unsecured creditors—a stark reminder that ToS language can transfer title. (Arnold & Porter, Axios)
  • Major U.S. custodians have warned in SEC filings that custodially held crypto may be treated as property of the bankruptcy estate, potentially making customers general unsecured creditors in a bankruptcy—this is a risk factor, not an inevitability, but it underscores the importance of segregation and legal structure. (SEC)
  • Legal scholarship and practice notes emphasize ongoing uncertainty: ownership outcomes can hinge on ToS, segregation of assets, and state/commercial law frameworks. (Congress.gov, American Bar Association)

Real-world bankruptcy outcomes (selected)

  • FTX (filed Nov 2022): Court-approved plan set to become effective in Jan 2025; distributions to customers commenced based on petition-date valuations (with some complexities across jurisdictions). (PR Newswire, Wall Street Journal)
  • Bittrex US (2023): A plan allowed wind-down and customer withdrawals, with remaining creditors paid in full—an example where operational unwind plus court approval led to orderly exits. (Reuters, District of Delaware Bankruptcy Court)
  • QuadrigaCX (Canada, 2019): Customers faced years of proceedings; early distributions were ~13% of claims, illustrating how recoveries can be limited. (CoinDesk)
  • Mt. Gox (Japan, 2014 collapse): After a decade, the rehabilitation trustee began repayments in BTC/BCH in 2024–2025 via designated exchanges, highlighting the extreme length some processes can take. (Cointelegraph, mtgox.com)

Are Exchange Balances Insured?

In the U.S., FDIC insurance does not cover crypto assets or nonbank exchanges. Some firms have confused customers by implying FDIC coverage via their banking partners; regulators have published advisories and fact sheets clarifying no FDIC insurance for crypto. Treat any “insurance” claims as venue-specific and read the fine print. (FDIC)

Some exchanges maintain in-house emergency funds (e.g., Binance SAFU), but these are not industry-wide guarantees and can fluctuate with markets. They’re a potential backstop, not a legal entitlement. (Binance)

Timelines: How Long Could You Wait?

  • Weeks to months if the venue resumes operations quickly, funds are recovered/frozen, or an internal fund covers losses (e.g., Binance 2019; portions of KuCoin 2020). (Binance, KuCoin)
  • Months to a few years in many Chapter 11 cases (e.g., FTX’s plan running through 2025). (PR Newswire)
  • Many years in complex cross-border or fraud-heavy matters (e.g., Mt. Gox’s decade-long path to rehabilitation distributions; Quadriga’s prolonged shortfall). (mtgox.com, CoinDesk)

What You Should Do if Your Exchange Gets Hacked

  1. Stop transacting and secure your account
    Don’t send more funds to the platform. Change passwords, rotate 2FA (prefer hardware/app-based), revoke API keys. (WIRED)
  2. Monitor official channels and law-enforcement notices
    Look for address lists and freezing requests. The FBI’s Bybit PSA shows how quickly authorities publish guidance—use it to avoid interacting with tainted addresses. (Internet Crime Complaint Center)
  3. Export evidence
    Download balance statements, deposit/withdrawal histories, and tax reports. If a claims or remediation process emerges, you’ll need precise records.
  4. Withdraw when safe
    Once withdrawals reopen and you’re confident in the remediation plan, move long-term holdings to self-custody.
  5. Document the incident for taxes/compliance
    Depending on your jurisdiction, loss and recovery events may have reporting implications—consult a professional.

What You Should Do if Your Exchange Files for Bankruptcy

  1. Read the court notices and understand the timeline
    Learn whether it’s Chapter 11 (reorganization) or 7 (liquidation); note claim deadlines and the process for distributions. The U.S. Courts’ Bankruptcy Basics pages are helpful primers. (United States Courts)
  2. File a claim correctly and on time
    Even if your in-app balance shows funds, you’re a creditor in bankruptcy. Claims are typically denominated in fiat at the petition date—see the FTX plan for a prominent example. (PR Newswire)
  3. Expect asset-type differences
    Staked positions, open derivatives, and loaned assets can be treated differently than simple spot balances, depending on contracts and local law. (Celsius Earn illustrates how ToS language can flip ownership.) (Arnold & Porter)
  4. Watch for withdrawal windows
    Some courts approve limited customer withdrawals during wind-downs (e.g., Bittrex US), so act promptly if your case allows it. (Reuters)
  5. Mind the jurisdiction
    Cross-border cases (e.g., Mt. Gox in Japan) follow different procedures (civil rehabilitation vs. U.S. bankruptcy chapters), with unique timing and distribution mechanics. (mtgox.com)

Due Diligence Before You Deposit: A Short Checklist

Custody architecture
Look for minimized hot-wallet exposure and robust key management (MPC/HSM, key sharding, enforced policies). Incidents like Bybit 2025 and DMM 2024 underscore that hot-wallet operations are prime targets. (Internet Crime Complaint Center, Federal Bureau of Investigation)

Reserves transparency
Proof of Reserves” (PoR) can be useful, but PoR alone is not a solvency guarantee; it must be paired with liabilities. Treat PoR as one signal, not a substitute for audits and prudent risk management. (The Network Firm, d3h0qzni6h08fz.cloudfront.net)

Emergency backstops
Some venues disclose reserve funds (e.g., SAFU) with high-level composition and policy notes. Understand scope and limits. (Binance)

Incident history & response
How has the platform handled past breaches—clear communication, rapid freezes, remediation (e.g., Binance 2019 covering losses; Bitfinex 2016 completing redemptions)? Past behavior is an indicator of future response quality. (WIRED, support.bitfinex.com)

Regulatory posture & legal framing
Disclosures matter. Large U.S. custodians openly state the bankruptcy-estate risk around custodial crypto in SEC filings; read your exchange’s ToS and filings, especially around asset segregation and customer priority. (SEC)

Insurance reality check
No FDIC coverage for crypto at non-banks. Beware of marketing that conflates bank partners with deposit insurance for your coins. (FDIC)

Frequently Asked Questions

If an exchange is hacked, will I automatically be made whole?
No. It depends on the platform’s reserves/insurance and policies, the size of the loss, and recovery efforts. Binance used SAFU after its 2019 breach; KuCoin mobilized token recoveries and law-enforcement help in 2020; other cases have been more difficult. (Binance, WIRED, KuCoin)

If an exchange goes bankrupt, do I still “own” my coins?
It depends on how your relationship is defined in the terms. In Celsius, Earn assets were ruled to be the estate’s property, pushing customers into unsecured-creditor status. Different accounts and jurisdictions can yield different results. (Arnold & Porter)

How long before I see any money back?
Anywhere from weeks (orderly wind-downs that allow withdrawals) to years (complex cross-border cases like Mt. Gox). FTX illustrates a mid-range case with plan effectiveness in Jan 2025 and staged distributions. (Reuters, mtgox.com, PR Newswire)

Are balances on U.S. exchanges FDIC-insured?
No—FDIC insurance covers deposits at insured banks, not crypto at non-bank exchanges. (FDIC)

A Practical Self-Defense Plan

  • Self-custody your long-term holdings. Keep only working balances on exchanges.
  • Harden your accounts. Hardware/app-based 2FA, withdrawal-address allowlists, API key scopes, login/withdrawal alerts.
  • Segregate identities. Use separate emails/password managers for trading vs. cold-storage life.
  • Keep records current. Regularly export balance and transaction histories; snapshot positions monthly.
  • Vet platforms. Look for transparent custody disclosures, independent attestations, PoR with liabilities, and clearly stated incident policies. (The Network Firm)
  • Have an exit script. Know how to revoke API keys and mass-withdraw to self-custody quickly if red flags appear.

Real-World Case Studies (Concise)

  • Binance (2019): 7,000 BTC stolen; exchange paused withdrawals and covered losses via SAFU. (WIRED)
  • Bitfinex (2016): 119,755 BTC stolen; customers received BFX tokens; full redemption/swap within about 8 months; later, U.S. authorities recovered a large portion of funds from money launderers. (support.bitfinex.com)
  • KuCoin (2020): ~$275M lost; significant recovery via token swaps/freezes and coordination with projects and exchanges. (KuCoin)
  • DMM Bitcoin (2024): ~4,503 BTC stolen; FBI & Japan NPA attributed the theft to DPRK TraderTraitor actors. (Federal Bureau of Investigation)
  • Bybit (2025): ~$1.5B stolen; FBI PSA attributed to DPRK; rapid cross-chain laundering observed. (Internet Crime Complaint Center, Wilson Center)
  • Bittrex US (2023–2024): Chapter 11 plan allowed customer withdrawals and full payment to remaining creditors. (Reuters)
  • Mt. Gox (2014–2025): After civil rehabilitation, BTC/BCH repayments began in 2024–2025 to tens of thousands of creditors via designated exchanges. (mtgox.com)
  • QuadrigaCX (2019–2023): CCAA process in Canada; early distributions ~13% of claims. (CoinDesk)

Bottom Line

If a crypto exchange is hacked, you’ll likely see a rapid freeze, forensic work, and a mix of recovery and remediation—sometimes with users made whole, sometimes not. If an exchange goes bankrupt, your balance becomes a claim in a court process where outcomes hinge on contracts, custody structure, and jurisdiction. Plan for the worst: self-custody long-term holdings, harden accounts, and only keep an amount on exchanges that you can afford to have temporarily illiquid.

None of this is legal or tax advice. For specific cases (FTX, Mt. Gox, etc.), consult the court docket and your advisor.

References & Further Reading

  • FBI Public Service Announcement: North Korea Responsible for $1.5B Bybit Hack (Feb 26, 2025). (Internet Crime Complaint Center)
  • Reuters: FBI says North Korea responsible for $1.5B Bybit hack. (Reuters)
  • FBI Press Release: DPRK TraderTraitor responsible for ~$308M DMM Bitcoin theft (Dec 23, 2024). (Federal Bureau of Investigation)
  • Binance Academy: Secure Asset Fund for Users (SAFU) overview. (Binance)
  • Binance (2019): Security breach update; Wired recap of the incident and SAFU coverage. (Binance, WIRED)
  • Bitfinex Support (2025): 2016 Security Breach—BFX token redemptions. (support.bitfinex.com)
  • KuCoin (2020): Security incident updates & recoveries. (KuCoin)
  • U.S. Courts: Bankruptcy Basics (Ch. 11 & Ch. 7); Cornell LII: 11 U.S.C. §362 (Automatic stay). (United States Courts, Legal Information Institute)
  • FTX Case Site & Press: Plan effective Jan 3, 2025; distributions on petition-date USD values. (PR Newswire, Investopedia)
  • Mt. Gox Trustee: Repayments in BTC/BCH to creditors (2024–2025). (mtgox.com)
  • QuadrigaCX: OSC/monitor details; CoinDesk 13% distribution. (Oscillation Science Corporation, CoinDesk)
  • Celsius Earn ruling (ownership/estate): Judge Glenn’s opinion & summaries. (Arnold & Porter)
  • Coinbase SEC filings: Custodial crypto may be treated as property of estate in bankruptcy (risk factor). (SEC)
  • FDIC Fact Sheet & Advisory: No FDIC insurance for crypto at non-banks. (FDIC)
  • Proof of Reserves vs. solvency limitations: The Network Firm explainer and PoR practitioner guide. (The Network Firm, d3h0qzni6h08fz.cloudfront.net)

Related Posts

Scroll to Top