Cointelegraph Bitcoin & Ethereum Blockchain News

Understanding liquidity crises

A liquidity crisis occurs when an organization lacks sufficient liquid assets, such as cash or assets readily convertible to cash, to meet its short-term financial obligations.

Major hacks in the cryptocurrency exchange sector can trigger liquidity crises in several ways. The immediate depletion of assets, especially from compromised hot wallets, can severely impact an exchange’s ability to process withdrawals and maintain normal operations. 

Beyond the direct financial loss, panic-driven user withdrawals can escalate a crisis. Once news of a hack spreads, customers may rush to withdraw their assets, fearing further losses. This sudden spike in withdrawal requests puts immense pressure on an exchange’s remaining liquid reserves, making it even harder to maintain solvency. 

Additionally, the broader market confidence in the exchange can deteriorate, leading to a decline in trading activity, reduced investor interest and further capital flight. 

Without quick and strategic intervention, such liquidity shocks can spiral into insolvency, forcing the exchange to suspend operations or seek external financial assistance.

Immediate response actions to protect user funds after a hack

When a hack is detected, exchanges must act swiftly to contain the damage and protect user funds. The first steps include:

• Freezing asset movements: Exchanges suspend withdrawals and deposits to prevent further losses. In 2019, Binance halted all transactions for a week to conduct a security review, while KuCoin immediately froze funds and transferred assets from compromised wallets.
• Transparent communication: Quick and clear messaging helps maintain user trust and prevent panic. In a 2025 Bybit hack, the CEO addressed the community within 30 minutes and held a livestream within an hour. Binance, during its 2019 hack, tweeted “Funds are #SAFU” to reassure users.
• Industry coordination: Competitor exchanges help by blacklisting hacker addresses, making it harder for stolen funds to be moved or laundered. This was seen in Bybit’s 2025 hack when major platforms blocked suspicious transactions.
• Security investigations: Exchanges mobilize internal forensics teams to identify the breach, whether it’s a hot wallet compromise, leaked API keys or a smart contract exploit. Logs are analyzed, vulnerabilities patched and affected systems secured.
• Ensuring user confidence: While technical details aren’t always immediately disclosed, exchanges assure users that a thorough security check is underway.

​Did you know? The first 24 hours after discovering a cyberattack are often called the “golden hours.” Actions taken during this critical period can significantly impact the extent of damage and the success of recovery.

Containment and damage assessment after a crypto hack

Once the immediate threat is neutralized, exchanges focus on identifying the breach and securing assets. This phase involves determining exactly what happened, how the attack was executed and the extent of the financial loss.

Identifying the cause

A forensic investigation is launched to uncover the technical root of the hack. The 2016 Bitfinex breach was traced to a multisignature wallet vulnerability, while Bybit’s 2025 cold wallet exploit revealed new attack vectors in multisig security. Exchanges analyze logs and system activity to pinpoint weaknesses, whether from leaked private keys, software bugs or exploited smart contracts.

Quantifying financial impact

Exchanges must quickly calculate how much was stolen and which assets were affected. Blockchain analytics firms assist in tracking stolen funds, as seen in KuCoin’s 2020 hack when investigators identified hacker wallets within hours and disclosed them publicly. Knowing the exact financial damage helps exchanges determine their next steps in liquidity management and user compensation.

Securing remaining funds

To prevent further losses, exchanges transfer unaffected assets into new wallets, often switching hot wallets and reinforcing cold storage security. When KuCoin suffered a breach, it abandoned compromised wallets and moved all funds to new secure wallets, ensuring ongoing security. Some exchanges may also halt trading temporarily to prevent market manipulation.

Full damage assessment

With the breach contained, exchanges audit affected user accounts, currencies and potential personal data leaks. Many bring in external cybersecurity firms for deeper forensic analysis. This investigation, typically completed within one to two days, sets the foundation for the exchange’s recovery and compensation plan.

Did you know? ​Bybit’s February 2025 hack was the largest crypto heist in history, with hackers stealing about $1.5 billion worth of Ethereum during a…