Miracles can happen. After over two and a half years of watching the founders of celebrity-endorsed cryptocurrency exchange, FTX, take client money and run, cryptocurrency investors are finally getting their money back.
The company said in May that account holders who filed claims would get their money back, with smaller investors getting as much as 120% back. That basically means Bitcoin (BTC-USD) holding value plus interest.
But this is not the norm.
FTX was a big case involving the U.S. government. The same can be said about the 2021 Poly Network hack – a DeFi platform that saw around $610 million stolen from client accounts, and the massive February 2025 Bybit wallet hack of roughly $1.2 billion. Tokens were recovered within two weeks for Poly Network. Elliptic, a blockchain monitoring firm working with Bybit, says it recovered only $150 thousand of client funds. FTX clients did not lose money due to hackers.
Elliptic is still working on recovering funds from thousands of hacked wallets. Retail investors cannot directly contact Elliptic for help. Also worth noting, many crypto recovery firms are scams, especially those that ask for money up front and do not let potential new customers talk to previous clients on the phone. They are all over social media preying on retail investors that lost funds on the blockchain to theft.
There is little in the way of stopping these hackers. Crypto investors are at risk of being duped by professional hacking groups.
For example, on May 11, 2025, Coinbase (COIN) said that they were hacked for ransom. It was the biggest security breach in Coinbase's history. Some 70,000 account holders had their information stolen, and while this information might have been basic – name and phone numbers – it allowed hacking groups to contact Coinbase customers and pretend they were from Coinbase. The hackers were trying to get people to shift money from their Coinbase account to their Coinbase Wallet, which the hackers would then gain access to and wipe clean of all funds deposited there.
"Exchanges are currently far safer than hardware wallets for most people, but most people use hardware wallets on insecure devices or front ends that are vulnerable to blind signing," said Nanak Nihal Khalsa, Co-Founder of Holonym.
Blind signing means authorizing a transaction—often involving a smart contract on a blockchain—without being able to review or verify all the transaction details in an easily understandable format. This typically occurs because wallets, especially hardware wallets like Ledger Nano, cannot always decode or display the full contents of complex smart contract interactions, making it impossible for the user to see exactly what they are approving.
Holonym is a blockchain company specializing in decentralized, privacy-preserving digital identity solutions for the Web3 ecosystem.
"If you don’t know how to prevent blind signing or don’t feel comfortable in your ability to securely backup your seedphrase password, you should never use a hardware wallet," Khalsa said.
Software wallets aren't hack proof.
On X, someone posing as former Coinbase Compliance Officer, Melissa Strait, would contact customers and tell them that she can help them recover their funds. The problem is, this was not Strait herself, who left the company in April and was replaced by Joe Salama. This was the work of hacking groups looking to dupe Coinbase customers into moving funds off exchange and into their Coinbase Wallet.
Screenshot of a hacking group using an account claiming to be the Coinbase Compliance Officer – Source: Author
Coinbase said it will never contact account holders via email, phone, or text messaging and will never ask a client to move funds to their wallet. If anyone calls an investor claiming to be from an exchange, it should be assumed to be a hacking group.
X account @NanoBaiter had a good run down on how the hacking group was working to rob Coinbase retail investors by stealing their wallets. Even Coinbase CEO Brian Armstrong praised him for his work in April.
Screenshot Source: Author
Retail investors who have lost money are often desperate and will do whatever they can to get their funds back. Usually, once hacked, that money is gone forever. This is the biggest headwind for crypto investing.
Bitcoin Lost on the Blockchain Nearly Impossible to Recover
Some $2.47 billion was lost to crypto scams, exploits, and hacks in the first half of 2025 — already exceeding the total for all of 2024. That covers 344 incidents, including the massive Bybit wallet theft and a $220 million hit on DeFi exchange Cetus this year, Reuters reported on June 17.
According to Chainalysis, 2024 stolen funds jumped 21% over 2023 theft, hitting a record $2.2 billion. Centralized platforms like Coinbase are increasingly being targeted by hacking groups.
Recovery rates are low.
CertiK noted in a June 30 report about cryptocurrency hacks that only about $187 million has been recovered in the first half of this year — between 8% and 11% of the billions stolen so far this year.
SlowMist wrote recently on their Medium page that recovery rates for 2025 are 11.38%.
Exchanges and analytics firms can freeze some assets — but most stolen funds are never returned. Sometimes, they require large class action lawsuits to get professional analytics firms involved. Government agencies are also if little help to retail crypto investors who have been scammed.
Disclosure: The author is an investor in the Grayscale Bitcoin Trust fund.
© 2025 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
