- Billions of dollars worth of crypto are lost yearly from theft and human mistakes.
- New safety measures prevent the loss of wallet passwords.
- Lost crypto recovery services are affordable for retail investors.
Nearly $3.8 billion worth of digital currencies were stolen last year because of hacking-related thefts. Around 13% of Bitcoin’s total supply, worth billions of dollars, has been lost due to human mistakes, such as misplaced private keys or forgotten recovery phrases.
The latter stands out as one of the most common reasons people lose their digital funds. Besides that, many do not know what to do when they lose access to their cryptocurrency wallets.
And even though there is a common belief that if you lose your private key, you lose your crypto forever, it’s not all doom and gloom. There are ways to recover lost assets and strategies for safeguarding them more cautiously.
Lost Crypto Recovery: When and How Does It Work?
The journey of recovering lost cryptocurrencies is challenging, and the success of the process significantly depends on how the assets were lost.
Retrieving wallets with forgotten passwords and recovering stolen digital assets are two different stories. They require different approaches to find a solution.
Recovering Crypto Wallets
Cryptocurrencies are designed to provide users with privacy and anonymity. As a result, crypto wallet providers do not have access to users’ passwords or the ability to reset them.
Instead, wallets utilize cryptographic techniques to generate private keys and seed phrases that are randomly generated. They are secret and unique words that serve as a backup or recovery mechanism.
The lack of central control ensures that the wallet owners maintain complete control over their funds. However, the wallet owner may face difficulties recovering access if the password is lost.
“The most common scenario is people forget the password to their wallet. Often, the wallet is created and the password is set during a crypto bull market. Folks have it memorized initially but then end up forgetting it after a while, especially during a bear market or if they start to access their wallets less often,” Dave Bitcoin from wallet recovery services has told DailyCoin.
The pseudonymous software architect has adopted haking methods to recover lost passwords since 2013. He utilizes brute-force decryption attacks on the wallets with their owners’ permission to decode access by systematically trying every possible combination of keys until the correct one is found.
The technique depends on the idea that the password is not very strong and can be figured out by trying many possibilities.
Dave sees a growing tendency of seed phrases not working when people try to restore their wallets. He says he can fix the problem in some cases, like if the order of the words is jumbled or a few words are missing or incorrect.
However, in his field of work, the success of the recovery process heavily relies on wallet owners providing any hints or possible variations of their passwords.
“It’s hard to know upfront how challenging the problem is, but it becomes clear within a week since that gives my system enough time to try a significant number of passwords on the wallet.
So if the actual password was close enough to the customer’s guesses, it is typically found by then.”
Per his experience, the chances of reconstructing forgotten passwords are also high if it is a commonly used keyboard sequence, like asdfgh, and far from what the user hinted.
However, Dave says recovering passwords randomly generated using a password manager or significantly different from what wallet owners remember is almost impossible.
After spending ten years in business and recovering thousands of wallets, most containing thousands of dollars, Dave Bitcoin says his success rate in recovering passwords ranges between 35-40%. Sometimes, after software enhancement, it’s possible to recover the wallet years later upon revisiting it.
Yet, this means that there is no 100% guarantee when it comes to crypto wallet recovery. On the contrary, regulators warn of crypto recovery frauds, asking for payments upfront and promising guaranteed retrievals. Crypto owners should not trust anyone who promises guaranteed returns and be wary about sharing their sensitive information with anyone.
Recovering Stolen Crypto
If recovering access to crypto wallets is possible, things get much more complex and expensive when recovering cryptos stolen in hacks or exploits, like pig-butchering scams.
Hackers, scammers, and other malicious actors move stolen funds among numerous wallets and coin mixers to hide the trace. Stolen cryptos almost always change jurisdictions and get parked at locations that are difficult to access. But sooner or later, stolen assets end up on crypto exchanges.
Recovering them is a long and complex process that involves on-chain digital forensic investigators, lawyers, and recovery agents, says Sachin Dutta, the Venture Partner at Brain-Too-Free Ventures and Head of Marketing at CryptoLock.ai asset recovery membership program.
“The first thing you need someone to do is a forensic report—an on-chain analysis, which can be usable in a court of law. You need to also instruct specialist lawyers that understand what crypto is because most lawyers won’t even know what a bitcoin is. And then you have to start doing the recovery process to get that to a court order.”
Since crypto transactions are pseudonymous and move easily across borders, following them effectively requires expertise and understanding of the complexities of various blockchains and employing sophisticated tools to collect, analyze, and preserve digital evidence.
In many cases, stolen cryptos land into account on legit exchanges. However, only lawyers or law enforcement can request trading platforms to freeze a suspected account and disclose its owner’s identity.
Since most crypto exchanges conduct KYC and AML checks on their clients, obtaining critical information on the account holder is possible, allowing for litigation.
Unfortunately, bad actors often park stolen funds on exchanges under fake names and identities. This is where following stolen money turns into an off-chain investigation that requires detective and corporate intelligence skills to find out the real account owners.
Open-source information gathering, thorough research on social media platforms or forums, website analysis, public records, and databases can be valuable tools for gathering evidence. This evidence can help uncover information about scammers operating under fake identities, recognize criminal patterns and track malicious actors as they plan their further steps on crypto exchanges.
The process is lengthy and may take months, sometimes even years, depending on the complexity of the case. The main objective of being able to recover funds is to act quickly. The jurisdiction is no less important, as well as the fact of what entity you will finally serve a court order to.
“Exchanges have a bit of a bad habit of being decentralized and jump the jurisdiction all the time. So that's where it really matters: do you have an inroad?” claims Sachin Dutta.
Safeguarding Crypto: Options We Have
So, if cashing lost digital money takes time and is consequently costly, it is time to start taking crypto protection more seriously. One thing we could do is to make our assets a more challenging target for criminals. Here are some ideas on how to do that.
Use a Multi-Signature Wallet
Many popular cryptocurrency wallets, like MetaMask, are Externally Owned Account (EOA) wallets controlled by a public and private key. They can only sign a transaction and do not contain code. Thus, funds are probably also gone if a private key is lost.
In contrast, multi-signature wallets approve transactions only through multiple key signatures. They require more than one private key – thus a group of users – to sign to authorize asset transfer.
Multi-sig wallets add an extra layer of security for funds, as a defined number of keys must sign a transaction to validate it. In short, any key holder may initiate a crypto transfer. However, the transaction keeps pending until several parties sign it.
Backup options are also available with multi-sig wallets. If the wallet’s code does not require all keys to verify a transaction, the owner may recover the wallet if one of the private keys is lost or compromised.
Employ Passwordless Authentication
For those who tend to forget and lose private keys and seed phrases, a passwordless authentication-based crypto wallet could be a solution.
The passwordless authentication method allows users to verify transfers without passwords and aims to replace seed phrases.
“Seed phrases are basically the old single-factor usernames and passwords of the past,” says Zhen Yu Yong, co-founder and CEO at Web3Auth, which tries to replace seed phrases with passwordless authentication solutions.
According to him, passwordless wallets offer a better user experience and are faster and easier to implement. In short, account security is based on a distributed threshold setup rather than a seed phrase. It allows users to access their cryptocurrency wallets through social media or email logins.
“We take a private and public key pair, and we split it up into multiple different parts using the technology called MPC, or Multi-Party Computation,” says Zhen.
The MPC technology does not store private keys, which are never reconstructed in any context. Instead, it allows storing split parts of a private key in different layers, such as applications, devices, or SMS one-time passwords (OTP), as authentication factors.
“Users can recover an account as long as they have two factors to their key. These can be any two factors that they have set up. They give a user access to the key but don’t reconstruct the key. It’s somewhat of a keyless wallet,” explains Zhen Yu Yong.
Subscribe to Lost Crypto Recovery Membership Programs
Finally, end-to-end solutions are available to prevent digital assets ahead and after the potential breach. One of these options is the CryptoLock membership program, which aims to make expensive and lengthy stolen crypto recovery services accessible for individual users and businesses.
Created as a response to insufficient crypto insurance coverage, the program acts as a bundle of services that include on-chain forensics, cyber and private investigations, ransom negotiations, court litigations, and asset recovery processes for a monthly subscription fee.
As Sachin Dutta told DailyCoin, phishing attacks and pig-butchering scams are some of the most popular reasons for asset losses they are dealing with. Yet, the key challenges for the victims are always the same: how to identify that incident has happened and how to act on it so no more cryptos get stolen because often, and especially in SIM swap incidents, the entire systems get compromised.
However, depending on the case’s complexity, the recovery process involves numerous parties that increase service prices. And since recovery or AML service providers charge a fee for the amounts they retrieve, they often deem recovering wallets under $1,000 unprofitable.
“The average Joe couldn’t just walk up to one of the AML providers and say, “Hey, can you give me the evidence that this happened?” They charge an arm and a leg for their services. Same with the lawyers,” says Paul Densley, the Director of Sales at CryptoLock.
According to him, membership programs such as CryptoLock solve the problem. These programs assist smaller retail investors in helping to prevent, detect and recover lost funds by leveraging the expertise of institution-grade industry players for a subscription fee.
Why This Matters
The world of cryptocurrencies presents both opportunities and risks for investors. And although everybody knows about private key losses, breaches, and scams, they still happen.
However, there are ways to prevent potential losses and places to seek help if an incident has occurred. The crypto industry is evolving and comes with new innovative security measures. Exploring them and staying vigilant may be the way to safeguard your digital assets and navigate the cryptocurrency landscape with greater confidence and peace of mind.
Find out more about potential risks at crypto exchanges:
Learn more about crypto investigators and their line of work: