A DeFi exploit has drained your wallet, and your assets are gone. Beyond the immediate financial shock, a pressing question arises: can you deduct this loss on your taxes? The answer is a qualified yes. For U.S. taxpayers, a crypto theft can be a deductible event, but the process is complex and governed by specific IRS rules that depend on your intent for holding the assets and the tax year in question.

DeFi Under Siege: When Hacks Hit Your Wallet

The world of decentralized finance (DeFi) is rife with innovation, but also with risk. Billions of dollars have been lost to sophisticated exploits, smart contract vulnerabilities, and rug pulls. In Q1 2025 alone, over $1.6 billion was reportedly lost to hacks and exploits across DeFi and centralized exchanges. High-profile incidents include the reported $1.5 billion Bybit breach and the $270 million Drift Protocol exploit, where attackers drained liquidity pools and left thousands of liquidity providers with near-worthless positions in a matter of minutes. When these events occur, they can trigger a chain reaction, causing investors to pull liquidity and destabilizing entire ecosystems.

From a tax perspective, it's crucial to distinguish between different types of losses:

Market Volatility: Your crypto's value drops due to market forces. This is an unrealized loss and is not deductible until you sell or exchange the asset.
Worthlessness: An asset's value drops to zero with no hope of recovery. This may be deductible, but proving complete worthlessness to the IRS can be challenging.
Theft: Your crypto is stolen through a hack, scam, or fraudulent scheme. This is a distinct event that can trigger a deductible theft loss.

This guide focuses on the third category—theft losses—which are unfortunately common for participants in the DeFi space.

How the IRS Treats Stolen Crypto: Investment vs. Personal Loss

The foundation of crypto taxation is that the IRS treats digital assets as property, not currency, according to its guidance in Notice 2014-21. When property is stolen, the tax treatment of the loss depends on how that property was used. Under Internal Revenue Code (IRC) § 165, there are two primary categories for individuals who suffer a theft.

Personal vs. Investment Theft Loss Under OBBBA (2026 and beyond)

A critical piece of legislation, the Tax Cuts and Jobs Act of 2017 (TCJA), suspended deductions for personal casualty and theft losses for tax years 2018 through 2025, allowing deductions only when the loss was attributable to a federally declared disaster.

The One Big Beautiful Bill Act (OBBBA), enacted in 2025, made this restriction permanent going forward, with one modest expansion: beginning in 2026, personal casualty and theft losses may also qualify if attributable to a state-declared disaster (OBBBA § 70109), not only a federally declared one. For most everyday DeFi exploits — where no disaster declaration applies — the personal theft loss path remains closed.

The good news: losses from property held for investment or in a transaction entered into for profit (§ 165(c)(2)) are NOT subject to the TCJA/OBBBA personal-loss restriction and remain deductible. For the typical DeFi investor who bought tokens, provided liquidity, or staked with the goal of earning a return, this is the deduction category that matters.

Here’s a comparison of the two types of theft losses:

Feature	Investment Theft Loss (§ 165(c)(2))	Personal Theft Loss (§ 165(c)(3))
Description	Loss from a "transaction entered into for profit."	Loss of property not connected to a trade, business, or investment activity.
Example	Crypto bought on an exchange for speculation is stolen from your wallet.	Crypto you held to buy NFTs for a personal collection or for use in a game is stolen.
Deductibility (2026 Onward)	Deductible as an itemized deduction.	Deductible again, but with significant limitations.
AGI Limitation	Not subject to the 10% AGI floor.	The total of all personal casualty and theft losses is only deductible to the extent it exceeds 10% of your Adjusted Gross Income (AGI).
Per-Event Reduction	No per-event reduction.	Your loss from each single theft event must first be reduced by $100.
IRS Form	Form 4684, Section B	Form 4684, Section A

Most crypto holders who actively trade, stake, or provide liquidity with the goal of making money will likely fall into the "transaction entered into for profit" category. The IRS itself, in a Chief Counsel Advice memorandum (202511015), noted that investing in financial products is often considered prima facie evidence of a profit motive.

Three Paths for Crypto Losses: Theft, Capital, or Abandonment

When you lose crypto, there isn't just one way to report it. Depending on the circumstances, your loss could fall under three distinct categories. Choosing the right path matters enormously—it affects the size of the deduction, the forms you file, and your annual limits.

Factor	Theft Loss	Capital Loss	Abandonment Loss
Trigger Event	Criminal taking of your property (hack, exploit, scam).	Sale, trade, or other disposition for less than your basis.	Asset becomes completely worthless; you discard it.
IRS Form	Form 4684, Section B	Form 8949 & Schedule D	Form 4797, Part II
Loss Type	Ordinary Loss	Capital Loss	Ordinary Loss
Annual Limit	No cap on offsetting ordinary income (requires itemizing).	Offsets capital gains first, then up to $3,000 of ordinary income per year.	No cap on offsetting ordinary income.
Deduction Amount	Your adjusted cost basis in the stolen crypto.	Proceeds (often $0) minus adjusted cost basis.	Your full adjusted cost basis.
Key Requirement	Proof of theft + no reasonable prospect of recovery.	A completed sale or exchange.	Proof of complete worthlessness + affirmative act of abandonment.
Best For	DeFi hacks, exchange exploits, investment scams.	Tax-loss harvesting; selling declined assets.	Rug-pulled tokens, coins on dead blockchains, lost private keys.

For victims of a DeFi exploit like Drift Protocol, the theft loss path is typically most favorable: it's an ordinary loss with no $3,000 annual cap, meaning a $50,000 basis in stolen crypto can potentially offset $50,000 of income in a single year—provided you itemize deductions.

The Deduction Dilemma: When to Claim a Loss

Claiming a theft loss isn't as simple as noting your crypto is gone. The timing and circumstances are critical.

Theft vs. Frozen or Worthless Assets

As the IRS Taxpayer Advocate Service clarifies, you cannot claim a loss just because your assets have plummeted in value or are locked on a bankrupt platform. A loss is recognized only when there is a "closed and completed transaction."

Bankruptcies: If your assets are tied up in a bankruptcy proceeding (like Celsius or Voyager), you don't have a deductible loss yet. You must wait until the case is resolved. At that point, you will know what, if anything, you will recover. Your loss is then calculated based on the difference between your asset's cost basis and the value of the settlement you receive.
Theft: A theft, by contrast, is an identifiable event that can be considered "closed and completed" for tax purposes once you meet a key condition.

The "Reasonable Prospect of Recovery" Rule

Under IRC § 165(e), a theft loss is deductible in the year you discover it. However, you can only take the deduction if there is no reasonable prospect of recovery.

This is a factual determination. If the hacked protocol announces a full or partial reimbursement plan, or if law enforcement has a real chance of seizing the funds, you likely have a reasonable prospect of recovery and must wait to claim a loss.

However, if the hacker is anonymous, has sent the funds through a mixer like Tornado Cash, and the project has no plans to compensate victims, it's generally safe to conclude there is no reasonable prospect of recovery. In that situation, you can claim the loss in the year you made that determination.

Proving Your Loss: Documentation the IRS Expects

If the IRS questions your deduction, the burden of proof is on you. Meticulous record-keeping is your best defense. To substantiate a crypto theft loss, you should gather a comprehensive file of evidence.

Transaction Records: Collect the on-chain transaction IDs (hashes) showing the unauthorized transfer of assets from your wallet to the hacker's address. Blockchain explorers provide immutable proof of these movements.
Proof of Basis: You must prove what you originally paid for the stolen assets. Your deductible loss is limited to this acquisition cost, not the value at the time of the theft. Crypto tax software is invaluable for this, as it can trace the purchase history of specific lots of crypto.
Police Reports: File a report with your local police department as well as federal agencies like the FBI's Internet Crime Complaint Center (IC3). A police report helps establish that a criminal theft, as defined by your local jurisdiction, has occurred.
Communications and Announcements: Save screenshots of phishing emails, malicious links, or official announcements from the hacked project acknowledging the exploit.
Evidence of No Recovery: Document your attempts to recover the funds. This could include emails to the project's developers or statements from law enforcement indicating that recovery is unlikely.

Keeping track of the original cost of every coin and token that was stolen can be a nightmare. Platforms like dTax automatically import your transaction history from hundreds of exchanges and wallets, calculate the correct cost basis for each asset, and provide the detailed records needed to support a theft loss deduction.

How to Report a Crypto Theft Loss

Once you've determined your loss type and gathered your documentation, you must report it on the correct IRS form.

Step 1: Calculate Your Loss Amount Your deductible loss is your adjusted basis (usually your purchase price plus any transaction fees) in the stolen crypto, minus the value of any insurance or other compensation you received. You cannot deduct unrealized gains. For example, if you bought 1 ETH for $1,000 and it was worth $4,000 when stolen, your loss is limited to your $1,000 basis.

Step 2: Complete Form 4684, Casualties and Thefts This is the central form for reporting your loss. You will use a different section depending on the loss type.

Section A for Personal-Use Property: If the stolen crypto was personal property, you'll report it here. The form will guide you through applying the $100 reduction per event and the 10% of AGI limitation.
Section B for Business and Income-Producing Property: If the crypto was an investment, you'll use this section. The calculations are more straightforward and are not subject to the 10% AGI floor.
When describing the stolen property, be specific: e.g., "1.5 ETH lost in Drift Protocol exploit, Q1 2025 — funds drained from liquidity pool via reentrancy attack." Specificity deters IRS challenges.

Step 3: Transfer the Deduction to Schedule A The final deductible amount from Form 4684 is carried over to Schedule A (Form 1040), Itemized Deductions. A theft loss is an itemized deduction, meaning you can only benefit from it if your total itemized deductions exceed your standard deduction.

Navigating the Aftermath of a DeFi Hack

The period following a hack is stressful and confusing. Be vigilant. Scammers often target victims by creating fake "recovery" services that demand an upfront fee to retrieve stolen funds, only to disappear with more of your money.

If the hacked project or a third party does provide a reimbursement in a future year—perhaps through an airdrop of a new token—you must be careful. If you already claimed a theft loss deduction, this reimbursement is considered a "recovery" and must be reported as income in the year you receive it, up to the amount of the tax benefit you received from the prior deduction.

Common Pitfalls When Claiming a Theft Loss

Avoid these mistakes that can get a legitimate deduction disallowed:

Deducting market value instead of cost basis. Under IRC § 165(b), your deduction is capped at your adjusted cost basis—not what the crypto was worth when stolen. If you bought 10 ETH at $1,000 each and it was worth $40,000 when taken, your maximum deduction is $10,000.
Claiming in the wrong tax year. The loss belongs in the year of discovery, not the year you originally invested. If you discover a late-2025 exploit in January 2026, it is a 2026 deduction.
Insufficient documentation. A deduction without police reports, IC3 filings, on-chain transaction hashes, and proof of basis is an audit risk. Build the file before you file.
Confusing worthlessness with theft. A token that collapses to zero due to a rug pull or market crash is not theft—it may be an abandonment loss (Form 4797), which has a higher bar to prove.
Claiming while a recovery is still possible. If the exploited protocol announces a compensation plan, or law enforcement has a realistic path to recovery, you must reduce or defer the deduction accordingly.

Frequently Asked Questions

### What if my crypto is just stuck in a bankrupt platform? Is that a theft?

No, this is generally not treated as a theft. According to IRS guidance, assets frozen in bankruptcy proceedings are not considered a "closed and completed" transaction. You cannot claim a loss until the bankruptcy case is finalized and you know the final value of any distribution you will receive. The difference between your cost basis and the value of your settlement will typically be a capital loss, reported on Form 8949.

### Can I deduct the loss if the hacker returns some of the funds?

Yes, but you must adjust your loss calculation. Your total theft loss is your basis minus the fair market value of any property or cash returned to you. If the hacker returns funds in a later tax year after you've already taken the deduction, you must include the value of the recovery as income on that year's tax return.

### The value of my stolen crypto was much higher than what I paid for it. Can I deduct the higher market value?

No. Under IRC § 165(b), a loss deduction is strictly limited to your adjusted basis in the property. You cannot deduct "paper" or unrealized gains that you had not yet reported as income. Your loss is what it cost you to acquire the asset, not what it was worth when it was taken. (The IRS restates this basis-limitation principle in CCA 202511015 in the context of crypto scam losses.)

### I lost access to my private keys and can't recover my crypto. Is that deductible?

Possibly, starting with the 2026 tax year. The expiration of the TCJA restriction may reopen the door for claiming a loss on permanently inaccessible property as an abandonment loss on Form 4797. The standards are high: you must prove the asset is completely worthless to you and that you have taken an affirmative step to abandon it (for example, destroying or overwriting all backup phrases). Extensive documentation of your recovery attempts is critical. Consult a tax professional before claiming this deduction.

### My stolen crypto originally came from an airdrop. Can I still deduct the loss?

Yes, if you treated the airdrop as income when you received it. Per IRS guidance, airdropped crypto is taxable as ordinary income at its fair market value on the date you gained control of it—and that value becomes your cost basis. If you reported the airdrop income and have a basis, you can claim a theft loss equal to that basis. If you never reported the airdrop as income, your cost basis is zero, and there is nothing to deduct.

This content is for informational purposes only and does not constitute tax, legal, or financial advice. Consult a qualified tax professional for your specific situation.

The complexities of DeFi exploits add another layer to an already challenging crypto tax landscape. Accurately tracking your basis, identifying transactions across multiple wallets, and generating the right documentation are essential for correctly reporting a theft loss. Don't navigate it alone. Try dTax free at getdtax.com to automate your crypto tax reporting and face tax season with confidence.