I. Immediate Action: Stop Loss and Report
Freeze Account and Transfer Assets
Exchange Account: Immediately contact the exchange (e.g., Binance, OKEx) customer service to freeze the stolen account and track the flow of funds. Some exchanges may offer "Smart Recovery" services, but key information such as transaction hash (TXID) and transfer address is required.
On-chain Wallet: If using a hot wallet (e.g., MetaMask), immediately disconnect from the internet, transfer remaining assets to a cold wallet to prevent further theft.
Report to Police and File a Case
Transaction records, on-chain transfer screenshots, stolen address and hacker's address.
Account information of exchanges or wallet platforms, KYC verification materials.
Criminal Case Filing: Report to local police authorities, emphasize the significant amount involved, and provide the following materials:
Cross-regional Cooperation: If it involves cross-border cases, apply for police investigation through Interpol or judicial cooperation channels.
II. Technical Means: On-chain Tracking and Asset Locking
On-chain Analysis Tools
Use blockchain analysis platforms such as Arkham, Chainalysis, to track the flow of stolen funds, mark hacker addresses and monitor their transaction activities.
If funds are transferred to an exchange, request the platform to cooperate in freezing the target account (police case filing proof required).
Third-party Security Company Intervention
Entrust a professional blockchain security company to trace the source on-chain, analyze the hacker's attack path, and assist the police in locking down the suspect's IP or identity.
Cooperation with Project Parties
If the stolen tokens are stablecoins like USDT, contact the issuer to submit judicial documents and request freezing of assets at the hacker's address.
III. Legal Approaches: Criminal and Civil Actions
Criminal Accountability
Choice of Charges: Depending on the nature of the case, it may involve theft or illegal acquisition of computer information system data.
Key to Sentencing: Courts usually determine the amount involved based on the realized amount or market value at the time of theft, requiring proof of historical prices from exchanges.
Civil Litigation
Sue the Exchange or Wallet Platform: If theft is due to platform security flaws, claim compensation under the "Consumer Rights Protection Law" (however, most exchange user agreements stipulate foreign jurisdiction, making enforcement difficult).
Cross-border Litigation: If the hacker or fund flow is overseas, proceed through international arbitration or local courts, which is costly and time-consuming.
IV. Evidence Collection and Professional Support
Core Evidence List
Technical Evidence: On-chain transaction hash, wallet logs, hacker attack traces (e.g., phishing links, malicious software records).
Legal Evidence: Police report receipt, communication records with exchanges, appraisal reports issued by third-party security companies.
Lawyers and Experts Collaboration
Criminal Lawyer: Choose a lawyer familiar with virtual currency cases to assist in perfecting the report materials and promoting case filing.
Technical Expert: Hire a blockchain forensics expert to testify in court, explaining on-chain data and attack methods.
V. Subsequent Risk Prevention
Asset Storage Optimization
Cold Wallet: Transfer large assets to hardware wallets, store private keys offline.
Multi-signature Mechanism: Use multi-signature wallets (requiring multiple private keys for transactions), reducing the risk of single point failure.
Enhancing Security Awareness
Regular Audits: Check wallet authorization contracts, revoke high-risk DApp permissions (using tools like Revoke.cash).
Anti-phishing Measures: Use hardware keys (YubiKey) instead of SMS verification, avoid clicking unknown links.
VI. Success Rate and Risk Warning
Recovery Probability: According to case statistics, about 10%-30% of large cases can be partially recovered through cooperation between police and technical companies, but the process may take 1-3 years.
Legal Risks: Virtual currency transactions are not protected within China, avoid mentioning sensitive words like "investment" when reporting, focus on the fact of "property theft".
Summary: Key Steps Flowchart
Stop Loss Freezing → On-chain Tracking → Criminal Case Filing → International Cooperation → Legal Accountability → Asset Recovery
