As a crypto exchange, perhaps the worst thing that can happen to you is suffering a security breach. We’ve all seen the headlines of millions of dollars being stolen from crypto exchanges. And besides being a financial nightmare, it is a clear-cut crypto PR crisis.
But if it does happen to your exchange, how can you navigate it? After all, you’ll need to secure public trust and goodwill if there is any chance of survival. In this article, we’ll highlight some steps to survive a crypto exchange breach.
-
Acknowledge Immediately
The most important part of surviving a crypto PR crisis related to a security breach is maintaining customers’ trust. This cannot be done if they are left in the dark or feel like you are avoiding responsibility. As soon as your team confirms that a hack as taken place, immediately log into your social media platforms and email accounts to send the message to all of your users.
The worst case scenario is them spending hours speculating about whether a breach has indeed taken place. That sort of press will tarnish your image long after the hack is over so make sure to get ahead of it.
-
Brace For a Crypto PR Crisis
As a business, you cannot be in denial about things. No matter how well you handle the security breach, the fact that it happened at all will put a hit on your public goodwill. So, as you handle the backend business of securing your platform and working with law enforcement, begin to consider how you will navigate this reputational damage.
This could mean planning to lay low for a bit or aggressively court public favour. Either way, have an honest talk with your team and prepare yourselves financially and reputationally for some challenges.
-
Give Instructions to Customers
It is not just enough to be transparent with your customers about the breach; you need to give them tools to mitigate the damage and protect themselves. So, your first statement should be not only an admission of the situation but should give them the next steps to take.
Depending on the opinion of your security team, it could be to immediately remove their funds and change their password or to do nothing at all. The most obvious question they will have is what to do and you need to pre-emptively answer it to gain some goodwill.
-
Give Minute-by-Minute Update
When a security breach of a crypto platform takes place, both the public and the press will want to know certain details. How much was stolen? What type of attack was it? Have the perpetrators been traced? Having information released to customers by the minutes stops speculation and shows transparency.
If multiple attacks happened, for example, report on each publicly so a clear timeline can be established. Twitter/X is a good idea for this as you can start a thread to update people. Of course, speak with your security team before revealing any sensitive information to the public.
-
Put Out a Formal Statement
Social media posts might be enough to pacify your customers in the moment but after the situation dies down and the facts have been confirmed, you’ll have to put out a formal statement about the incident. This should be via a press release that summarizes the incident; how much was lost, how the breach happened, and in what capacity an investigation has been done.
This statement should be signed by an executive of your company and, ideally, have a statement from a security professional close to the situation. This offers a formal record and might even be needed further down the line once law enforcement or courts are involved.
-
Outline Restitution Efforts
After a crypto platform has been hacked, the big question on everyone’s mind is whether or not customers will get any of their money back. After all, we’ve seen situations where customers are refunded in full and others where no compensation was given years after.
As soon as your legal team approves, let customers know what the outcome will be. If you can afford to pay them back, put out a detailed timeline of when this will be and how they can claim compensation. If no compensation can be given, make that clear early on to avoid speculation. No matter what the outcome is, let it be known as soon as possible.
-
Don’t Shift Blame/Be Transparent
Crypto security breaches are big media stories especially when there is a lot of trading blame. If no culprit is identified, news sites begin to speculate about rug pulls and North Korean hackers and this can tarnish the reputation of the business in question.
So, make sure you give the media as little to report on as possible by being transparent. If you don’t know who is responsible, think it’s due to an internal fault, or anything else, state it openly. Even if you’re still waiting for the facts before confirming anything, state that as well.
-
Offer a Retrospective
Months or even years after the breach has died down, don’t hesitate to give updates if they are relevant to your customers. Some exchanges have updated their customers years after the fact when funds were recovered or the culprits were caught.
This is one of the best ways to secure public goodwill as it lets everyone know that you are willing to hold yourself accountable and be transparent no matter what. Of course, clear this with your legal team to avoid getting into hot water.
Conclusion
A security breach is arguably the worst crypto PR crisis that an exchange or any other trading platform can experience. Besides the money lost, earning back user trust can prove to be an uphill battle.
This is why you need to have a game plan in case this happens. Much of this boils down to being transparent with your customers and letting them know that no matter what, you are on their side.