Stop using the possibly compromised path
Do not keep logging in from a device that may contain malware or through a link that may be fake. Move to a clean, updated device and reach the exchange through a known official domain or app.
If you still control a trusted session, use any official account-freeze or security control available and contact authenticated support. Do not approve unexpected prompts, read out codes, install remote-control software, or move funds to a wallet supplied by a caller.
Secure the identity chain
Secure the linked email account before relying on an exchange password reset. Change exposed or reused passwords, revoke unfamiliar email sessions and forwarding rules, and protect the mobile account if SIM theft is possible.
Then reset the exchange password through the verified service, revoke unknown sessions, remove suspicious API keys and withdrawal addresses, and replace compromised authentication methods. Preserve provider recovery codes securely rather than posting or sending them.
Review what the attacker changed
Check login history, devices, security methods, API keys, address allowlists, subaccounts, trades, conversions, loans, withdrawals, and notifications. Record timestamps and transaction IDs before details disappear from the interface.
Unauthorized trading and unauthorized blockchain withdrawals are different incidents. A completed blockchain transfer may be irreversible, but the exchange still needs accurate evidence to investigate account access, security controls, and any remaining balance.
Report and preserve evidence
Open one clear case through official support and state that unauthorized access is suspected. Include the timeline, affected assets, transaction IDs, email or device alerts, and security changes. Do not send passwords, one-time codes, seed phrases, or private keys.
Report phishing messages to the impersonated provider and relevant consumer or law-enforcement channels in your location. The FTC warns that crypto recovery promises are commonly used to steal more money. Ignore anyone who contacts you privately offering guaranteed tracing or recovery for an upfront payment.
- Verified support case number
- Timeline in UTC where possible
- Login and device alerts
- Unauthorized trade or withdrawal IDs
- Suspicious URLs, emails, phone numbers, and usernames
- Actions already taken to secure email and the exchange
- Police or consumer-report reference when applicable
Rebuild security after containment
After the provider confirms the account state, use a unique password, phishing-resistant authentication where supported, protected backup methods, login alerts, and withdrawal controls. Review every device and browser extension used for financial accounts.
Do not restore access from an untrusted backup or immediately reuse the same compromised device. Continue monitoring email, mobile, exchange, bank, and identity activity because account takeover can involve more than one service.
Common questions
Frequently asked questions
What is the first thing to do if my exchange account is hacked?
Use a clean device, secure the linked email, reach the exchange through its verified app or domain, and use official freeze or support controls. Do not follow recovery links sent by strangers.
Can a completed crypto withdrawal be reversed?
Blockchain transfers are generally irreversible. Report the incident immediately with the TXID and account evidence, but do not trust anyone guaranteeing recovery.
Should I pay a crypto recovery service?
Treat unsolicited or guaranteed recovery offers as a scam warning. The FTC warns that recovery scams often target people who have already lost money.
Primary references
Official sources checked
These official pages were reviewed on June 15, 2026. Exchange policies can change, so open the source before acting.