My cryptocurrency has been stolen. What to do? Russia as an example.

“Currently, more than 10 million Russians have cryptocurrency wallets that hold more than 10 trillion rubles worth of cryptocurrency.”
Russian Prime Minister Mikhail Mishustin.

Meanwhile, Bloomberg wrote in February that the Kremlin and the government estimate the Russian cryptocurrency market at $214 billion (16.5 trillion rubles at the exchange rate at the time). In November last year, the Central Bank estimated the annual volume of transactions by Russians with digital assets at $5 billion (about 390 billion rubles).

At the end of 2020, the Russian Ministry of Internal Affairs reported that crypto-fraud and other “acquisitive crimes where virtual currency acts as the object of crime” are increasing by 400% annually in Russia. The agency cited the unclear legal status of cryptocurrencies, difficulties in tracing them and the inability to classify cryptocurrencies as civil rights objects as the reasons.

There are some of the most common ways to lose cryptocurrency:

  • As the cryptocurrency market grows, so do the hacker threats. Groups that the US government has linked to North Korean authorities, such as Lazarus, APT3, BlueNoroff and others, are causing increasing damage to blockchain projects and their users.
    Hacker attacks are not the only way to lose their cryptocurrency. In mid-February, Group-IB recorded a new wave of digital asset fraud and NFT fraud. Criminals are using images of Tesla CEO Elon Musk, Ripple CEO Brad Garlinghaus and Ethereum creator Vitalik Buterin to steal cryptocurrencies.

  • The scammers host fake YouTube streams and promise to double users’ investments. In reality, the attackers gain access to the victims’ cryptocurrency wallets and steal their assets. In just three days, Group-IB specialists managed to identify 36 fraudulent online streams.

  • Phishing is another common way to steal cryptocurrency. Attackers create a fake copy of a crypto service. For example, it could be a copy of an exchange page or a cryptocurrency wallet. As soon as the victim enters their username and password, they are immediately sent to the hackers, who gain access to the account and steal the funds.


One of the most striking cases in recent times is that of employees of the cryptocurrency exchange Thodex, who have been charged in Turkey with fraudulent use of information systems and setting up a criminal organisation. The detainees could receive prison sentences of up to 40,564 years each. According to the indictment, the losses of exchange users amounted to 356 million liras ($24 million).

Speaking of high-profile cases in Russia, at the end of March, the Interior Ministry opened the first criminal case for embezzlement of crypto exchange assets. The funds were embezzled by one of the actual owners of the trading platform. The detainee had cash worth more than 190 million rubles in two suitcases on his person. The detainee was charged and taken into custody, his account was seized and a petition for seizure of property worth more than RUB2 billion was filed.

Also in April, a district court in St. Petersburg allowed the seizure of stolen Ethereum worth about 1 billion roubles. The criminal case was initiated under the articles of unauthorized access to computer information and large-scale theft.

My cryptocurrency was stolen. How do I get it back?

The first thing to do is to prevent possible losses from other wallets. You need to make sure they are safe or take steps to protect your funds. For example, if you suspect that an address may have been compromised, you should carefully transfer funds to a safe wallet. The main thing is not to get nervous or rush, otherwise you could make a mistake and lose even more money.

The first thing to do is to prevent possible losses from other wallets. You need to make sure they are safe or take steps to protect your funds. For example, if you suspect that an address may have been compromised, you should carefully transfer funds to a safe wallet. The main thing is not to get nervous or rush, otherwise you could make a mistake and lose even more money.

Once you are sure that your remaining cryptocurrency is safe, record as much information as possible. If you have communicated with the scammer, write down their contact details, take a screenshot of all correspondence, and the website. The police will need this information during the investigation and it will be used as evidence in court.

Blockchain is a transparent system that stores the history of all transactions. Your transfer to an attacker and further movements of the cryptocurrency can easily be tracked using blockchain browsers. The most popular ones are:

Thanks to the browsers, it will be possible to trace the fate of the cryptocurrency. In the worst case scenario, it will go to a special service that confuses transactions, the mixer.

In the best-case scenario, the attacker will send the stolen funds to a centralised site. In such a case, it would be necessary to write to the help desk as soon as possible and ask for the funds to be frozen. However, crypto exchanges will likely take no action without a request from law enforcement.

Unauthorized withdrawal of cryptocurrency from a wallet is considered theft in most countries, said Moscow Digital School lecturer Yuri Brisov. He added that a report should be filed at the place where the offence was committed. This can be both a plus and a minus. It is a plus because there is no specific territorial link to the wallet. Therefore, de facto, law enforcement agencies may not be restricted in terms of territoriality. The disadvantage is that, for example in Russia, the Ministry of Internal Affairs uses the fact of uncertain territoriality as a reason to refuse.

If your cryptocurrency was stolen in Russia, you may fill the form directly on the MIA website with as many details of the theft and addresses of all wallets involved as possible, the representative of cryptocurrency exchange added. He advised to send e-mails (letters) to the exchange where the stolen funds are located, attaching copies of the letters to the Ministry of Internal Affairs. Without a request from MIA, the exchange will most likely not be able to do anything, but this way you can draw the attention of Compliance to the wallet where the stolen funds are stored and possibly speed up the process

In addition, if the money came to a large crypto exchange from some already “dirty” wallet (for example, there were several iterations), the account is likely to be blocked and the source of funds will be asked, said a representative of the site. This will require the fraudster to show where they bought the bitcoins (there will be receipts/statements/screens from the account at the exchanger or post office), as well as showing what they bought them for.

By the time this procedure is done, the police will have had time” claims a cryptocurrency exchange employee.

If you manage to trace cryptocurrency transactions to a foreign jurisdiction, try to contact the service first, Brisov advised. Many custodial services can freeze a suspicious account without a court order. It also makes sense to seek the services of a criminal lawyer in that country. If it is the US, it is important that the lawyer or firm practices in the state in which the wallet or exchange is registered, if the search can be narrowed down to a state. The lawyer will then request evidence from you and contact the law enforcement authorities himself. A complaint directly from a foreigner is unlikely to be considered, says the lawyer. However, if the case is big and there have been many appeals, you will be connected to an ongoing case or investigation, the lawyer stressed.

The law does not have any standard, rigidly defined list of documents when applying to law enforcement authorities, said Efim Kazantsev, member of the Commission on Legal Support of the Digital Economy of the Moscow branch of the Association of Lawyers of Russia. According to him, one may submit any documents that may help in finding offenders and bringing them to justice.

In this case, if the location of the attacker is unknown, the victim’s place of residence remains to be reported. This has advantages and disadvantages. The advantage is that it will be easier for the victim to monitor the application process. However, finding and prosecuting an offender who is in another region, or even in another country, is not easy for the local police department, the specialist says.

If we are talking about blocking fiat funds belonging to the cryptocurrency thief and held in his bank account, then such blocking is quite possible. Depending on the situation, it may be implemented as a property seizure in the framework of criminal proceedings (Article 115 of the Criminal Procedure Code) or as a security measure within the framework of civil or arbitration proceedings (Article 140 of the Civil Procedure Code and Article 91 of the Arbitration Procedure Code), Kazantsev said.

In addition, it is worth going to court with a claim for the return of unjust enrichment and an application for interim relief. It should be understood that criminal investigation and court proceedings do not guarantee the return of cryptocurrency. At the moment, the market is at an early stage of development, so in most countries, including Russia, it is still rather unregulated.

All of the above actions increase the likelihood of getting your assets back. However, it should be understood that law enforcement agencies do not yet have a wealth of expertise in conducting such investigations. Therefore, the bulk of the work of finding your own cryptocurrency falls on the shoulders of the victim.

There are analytics companies as well as law firms that specialise in cryptocurrency. In order to increase your chances of success, it is worth turning to professionals who can help with the paperwork and more thorough collection of evidence.

Subscribe to AML Crypto
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
This entry has been permanently stored onchain and signed by its creator.