As crypto adoption continues to grow, so too does the number of users falling victim to hacks and scams and, according to Harry Donnelly, CEO of crypto security firm Circuit, many of those victims are being exploited a second time by fake “recovery” companies promising to retrieve stolen funds.
“Most recovery efforts are futile,” Donnelly told crypto.news. “In fact, around 95% of so-called recovery firms are predatory they charge large upfront fees, deliver nothing of value, and prey on desperation.”
The warning comes as global crypto losses to hacks have already exceeded $3 billion this year, highlighting the persistent challenges of asset security despite advances in blockchain infrastructure.
When the “Cold Wallet” Isn’t So Cold
The issue hit headlines again recently after a U.S. retiree lost $3 million worth of XRP, unknowingly compromising their cold wallet. The funds were stolen and laundered through roughly 120 transactions, according to on-chain investigator ZachXBT.
Donnelly explained that in this case, the victim had imported their hardware wallet’s seed phrase onto an internet-connected laptop effectively defeating the purpose of cold storage.
“Once the seed phrase exists on an online device, it’s no longer secure,” Donnelly said. “Malware can easily scan the system and extract those keys.”
The Dark Side of “Crypto Recovery”
After such losses, victims often turn to online recovery services and that’s where things get worse.
“When people are desperate, bad actors step in,” Donnelly said. “They SEO-optimize their pages so they appear first when someone searches ‘recover stolen crypto.’ But in reality, they do nothing.”
Legitimate recovery is extremely difficult in crypto because blockchain assets are bearer instruments whoever controls the private key owns the funds. There’s no central authority to reverse a transaction.
Genuine recovery attempts usually involve legal teams and forensic experts using tools like Chainalysis or TRM Labs to trace funds and coordinate with exchanges to freeze stolen assets. But that only works if the funds end up in cooperative jurisdictions or KYC-compliant exchanges a rarity in practice.
“Less than 5% of stolen funds were recovered last year,” Donnelly noted. “Meanwhile, fake firms charge victims thousands of dollars for worthless reports some even tell people to email Tornado Cash, which is absurd.”
Prevention Is the Only Real Protection
Given the grim recovery odds, Donnelly emphasizes that prevention is the only reliable defense.
Circuit’s own security model focuses on stopping theft before it happens, using what the company calls automatic asset extraction a system that pre-creates encrypted backup transactions that can only be triggered by the legitimate user if a compromise is detected.
“We don’t just protect the private key we protect the assets directly,” Donnelly said.
“If an attack occurs, the user can hit the ‘red button’ to move funds instantly to a pre-defined backup wallet.”
Currently, Circuit serves only institutions and exchanges, including partners like Shift Markets, which manages 150 platforms globally. For these clients, the technology reduces downtime and prevents catastrophic losses from compromised wallets or lost access devices.
Major insurers are already recognizing the benefit. “Adding Circuit’s technology lowers risk profiles, making crypto insurance more accessible,” Donnelly said.
Institutions Lead, But Risks Evolve
While large institutions are adopting more robust safeguards, attackers continue to evolve. Donnelly compared the crypto security landscape to the ongoing “cat-and-mouse” dynamics of traditional cybersecurity.
The industry has progressed from multisig wallets to MPC (multi-party computation) systems, policy engines that block unauthorized transfers, and real-time detection tools. But even with these improvements, human response times remain too slow for modern hacks.
“Attacks like the SwissBorg/Kiln hack wiped out $41 million in under three minutes,” Donnelly said. “Humans can’t respond that fast automation and preemptive systems are essential.”
The Debate Over Freezing and Centralization
One of the more controversial topics in crypto security is whether DeFi protocols should have the ability to freeze wallets or pause contracts during attacks.
Donnelly believes that controlled safeguards are necessary:
“If pausing a smart contract for a few hours prevents hundreds of millions in losses, you should do it. Decentralization won’t matter if people keep losing their money.”
He added that properly designed smart contracts can hard-code emergency parameters without granting total discretionary control. “Transparency is key. You can define exactly when and why a pause occurs — and where funds go afterward,” he explained.
This kind of structure, he argues, will attract institutional capital to DeFi because it builds confidence through accountability. “Liquidity follows safety,” Donnelly said. “The biggest pools in the future will be those with built-in failsafes and insurance.”
The Future: Real Crypto Insurance
Looking ahead, Donnelly sees insurance as the next frontier for crypto maturity.
“Traditional insurers have billions in reserves and deep experience pricing risk,” he said. “If we can give them the data and tools to understand crypto threats, we unlock massive capital inflows into the ecosystem.”
For Donnelly, it’s simple: “If we want real institutions and banks in DeFi, we need real insurance. Once that happens, everything else liquidity, adoption, and user trust will follow.”
The Bottom Line
Crypto’s greatest vulnerability isn’t its technology it’s human error and misplaced trust. As Donnelly put it, “Recovery is rare. Prevention is everything.”
Until the industry prioritizes proactive defense and credible insurance over after-the-fact fixes, victims will continue to be scammed twice first by hackers, then by those claiming to help them.
