<\/p>\n
Victims of crypto hacks often find themselves victimized again by unscrupulous recovery firms, says Harry Donnelly, CEO of Circuit. <\/p>\n
<\/p>\n
Crypto adoption is rising, and an increasing number of people are joining. However, despite years of innovation, crypto is still failing some of its most vulnerable users. In a recent incident, a U.S. retiree lost $3 million in XRP after unknowingly compromising their cold wallet. <\/p>\n
The incident shows that security is still the top issue in crypto. For this reason, crypto.news spoke to Harry Donnelly, CEO of the crypto security firm Circuit. He explained why the ecosystem lost over $3 billion to hacks this year alone, and why recovery is usually very difficult. <\/p>\n
Crypto.news:<\/strong> We\u2019ve seen a recent security incident where a wallet holder lost their life savings in a hack. What does this tell us about crypto asset security? <\/strong><\/p>\n Harry Donnelly: <\/strong>This is the XRP wallet incident: an alleged U.S. retiree lost about $3 million in XRP, their retirement savings. ZacXBT posted about it on Twitter. The victim said they tried to file a police report but couldn\u2019t reach law enforcement. The funds were then laundered across roughly 120 transactions.<\/p>\n We don\u2019t have full confirmation of the exact vector because the victim isn\u2019t crypto-savvy; without access to their laptop to trace the steps, it\u2019s hard to be certain. But cases like this often involve malware that scans a device for seed phrases and other secrets.<\/p>\n In this case, the person thought they had a cold wallet \u2014 purchased from Ellipal \u2014 but they imported the seed phrase onto their laptop. That defeats cold storage: once the seed phrase exists on an internet-connected machine, the hardware wallet\u2019s protection is effectively gone.<\/p>\n CN:<\/strong> ZacXBT said many recovery firms are questionable. What is your view?<\/strong><\/p>\n HD:<\/strong> Totally fair. When people are desperate, bad actors will prey on them. The worst actors often SEO-optimize their pages so they appear first when someone frantically searches \u201crecover stolen crypto.\u201d<\/p>\n Legitimate recovery is hard. Crypto is a bearer asset: possession of the key equals ownership. You can\u2019t call a bank and reverse an on-chain transfer. Legit recovery firms are typically legal shops that work with law enforcement, use blockchain forensics tools like Chainalysis or TRM Labs, track the funds, and try to get exchanges to freeze accounts with legal notices.<\/p>\n But that only works if funds hit a KYC exchange willing and able to cooperate and if the jurisdiction is cooperative. Attackers often route funds to non-cooperative exchanges or mixing services; last year, under 5% of assets were recovered with those methods.<\/p>\n Predatory firms will charge something like $10,00 large fees for basic scans and produce a report that gives victims false information. For example, they tell them to email Tornado Cash, which is useless.<\/p>\n <\/p>\n CN:<\/strong> So it seems like recovery is a long shot. What\u2019s the alternative?<\/strong><\/p>\n HD: <\/strong>Because recovery probabilities are low, prevention is critical. Circuit focuses on preventing loss rather than relying on post-hack recovery. Once funds leave a wallet, chances of recovery are slim; stopping theft before it happens has a much higher success probability.<\/p>\n There are two loss modes: (1) you lose access to your private key (funds are inaccessible) or (2) someone else obtains your private key (funds are stolen). Circuit addresses both by protecting the assets directly rather than solely protecting the key.<\/p>\n We build what we call automatic asset extraction. Instead of only safeguarding a private key, we pre-create signed transactions that move funds to a predefined backup wallet. Those transactions are created ahead of time, encrypted, and stored \u2014 never broadcast unless the legitimate user triggers them. <\/p>\n CN: So, who controls that big red button? <\/strong><\/p>\n HD: <\/strong>The user controls it. They go into our web app, verify their identity using 2FA, and press the button. That decrypts and broadcasts the transaction, and the funds move to the backup wallet.<\/p>\n We store the pre-signed transaction, encrypted, but the user is the only one who can decrypt and trigger it. They define the destination address in advance, and we cannot change that address. Once it\u2019s signed, it\u2019s locked. Our system simply holds it securely and allows the user to trigger it when needed.<\/p>\n CN:<\/strong> Who uses this service at the moment? <\/strong><\/p>\n HD:<\/strong> Right now, it\u2019s all institutions and enterprises. We don\u2019t serve retail users yet. Our partners are exchanges, asset managers, OTC desks. These are people managing large sums and client assets. For them, downtime or loss of access can be catastrophic.<\/p>\n One example is Shift Markets. We\u2019re deploying our technology across 150 exchanges that they work with. These exchanges can\u2019t afford to lose access to funds, even for a few hours.<\/p>\n For institutions, it\u2019s not just about preventing theft. Sometimes someone misplaces a signing device, or a service like Fireblocks goes down. That can halt all operations \u2014 no deposits, no withdrawals.<\/p>\n With Circuit, they can recover within minutes instead of being down for days. And for them, that can mean saving their reputation \u2014 and millions in customer retention.<\/p>\n CN: And how do users choose their backup wallets? Should it be another hardware wallet, an exchange account, or a custodian?<\/strong><\/p>\n HD: <\/strong>Great question. We recommend that the backup wallet be just as secure as the primary. So that means using different wallet providers, storing keys in different locations, and making sure the infrastructure isn\u2019t co-located. You don\u2019t want both sets of keys in the same vault or server.<\/p>\n Also, we enforce quorum approvals \u2014 4-eyes or 6-eyes policies \u2014 to avoid any single point of failure. Most large institutions already operate this way. Some use different MPC or multisig setups for primary and backup wallets. Others use different secure facilities or even different jurisdictions. The idea is: if disaster hits one system, the other is unaffected.<\/p>\n We also work with major insurance companies, and they recognize this as a risk reducer. A lot of crypto insurance claims are for lost access or stolen funds. By adding Circuit\u2019s technology, firms become a lower risk. So insurance providers offer discounts to clients who use us. That makes insurance more accessible and, in turn, brings more institutional capital into crypto.<\/p>\n CN:<\/strong> Have you actually had any cases where someone had to use the red button? <\/strong><\/p>\n HD:<\/strong> Yes, we\u2019ve used the red button, both in real cases and in controlled tests. We\u2019ve even intentionally given access to attackers in white-hat or simulation environments to try and steal the funds. Every time, it\u2019s held up. Our engineering team has worked hard to make sure we\u2019ve covered edge cases and real-world threats.<\/p>\n We\u2019re working with some of the biggest players in the space who\u2019ve tested it independently. We\u2019ll have a public announcement in the next month or two showcasing some of those validations.<\/p>\n CN: And for institutions, the typical failure scenario?<\/strong><\/p>\n HD:<\/strong> It depends on their wallet setup. If they\u2019re using non-custodial services like Fireblocks, the institution bears some responsibility \u2014 they must be able to access their wallets even if Fireblocks is down or unavailable.<\/p>\n If they\u2019re using fully custodial solutions like Coinbase or Anchorage, those providers manage everything end-to-end. But with Fireblocks, you still need your own secure access to the key shards or signing devices.<\/p>\n So imagine an exchange relying on Fireblocks, and they lose a device \u2014 maybe someone\u2019s phone or YubiKey. That can temporarily lock them out, halting withdrawals and deposits.<\/p>\n <\/p>\n CN: You mentioned earlier that attackers are getting more sophisticated. What\u2019s your perspective on how the crypto industry is adapting to that? What\u2019s changing in security?<\/strong><\/p>\n HD: <\/strong>It\u2019s similar to Web2 cybersecurity; it\u2019s a cat-and-mouse game. New attacks emerge, we build defenses, attackers evolve again, and so on. Early on, the big breakthrough was multisig, requiring multiple keys to approve transactions.<\/p>\n Then came MPC wallets (multi-party computation), which improve on multisig. In a multisig setup, compromising two out of three keys gives you partial info about the third. In MPC, that\u2019s not the case as each shard gives you no info about the whole, making it more resilient.<\/p>\n Companies like Fireblocks have had a lot of success with MPC. Then on top of that came policy engines \u2014 rules that block transactions under certain conditions. For example: \u201cblock all transfers over $1 million,\u201d or \u201cdon\u2019t allow transfers to non-whitelisted addresses.\u201d <\/p>\n Then came detection tools, which are services that monitor chain activity and flag suspicious behavior. But today, most of those still require a human to act on the alert. In some setups, you might need approvals from people in the U.S., Europe, and Asia, which could take hours. Meanwhile, attacks are happening in minutes or even seconds.<\/p>\n