Did TCJA eliminate crypto theft loss deductions?

No. TCJA suspended personal casualty and theft losses under §165(c)(3) through 2025 unless tied to a federally declared disaster. It did not touch §165(c)(2), which covers theft in any transaction entered into for profit. Most crypto held by individuals is held for profit, so §165(c)(2) remains the operative track.

What is the profit-motive test for crypto theft losses?

You must have held the crypto with the objective of profit, not as personal property for consumption. A wallet of BTC/ETH held for investment clearly qualifies. A wallet full of small amounts used for casual transactions is a closer call. Document your investment intent with contemporaneous evidence — how you tracked the holdings, what you expected to do with them, any investment planning records.

Is a DeFi rug pull a theft loss?

Often yes, if the developers intentionally defrauded investors — promised a project, took investor funds, then drained or abandoned the treasury. That conduct is theft by false pretenses under the law of most jurisdictions. A project that failed in good faith is not theft; it's a worthlessness or capital loss, which is far less valuable at tax time.

How much can I deduct for a crypto theft?

Your adjusted basis or the FMV at the time of theft, whichever is lower, per Treas. Reg. §1.165-7(b). You cannot deduct unrealized appreciation. The deduction is not subject to the 10% AGI floor under §165(h)(5)(B) if claimed under §165(c)(2). You must itemize on Schedule A.

When is the theft loss sustained?

In the year of discovery, provided there is no reasonable prospect of recovery. A pending class action or bankruptcy with realistic recovery potential may defer the deduction. For a wallet drain to an anonymous address that hit a mixer, recovery becomes speculative within days and the loss is generally sustained in the year of discovery.

What documentation do I need?

Block explorer links showing unauthorized transactions, police reports, FBI IC3 complaint, any exchange incident reports, affidavit describing what happened, basis reconstruction if records are incomplete, and contemporaneous evidence of profit motive. The more contemporaneous, the stronger the claim.

Is losing my seed phrase a theft loss?

No. A forgotten password or lost seed phrase is not theft. The coins are still owned by you; they're just inaccessible. No closed and completed transaction has occurred, so no §165 loss. This is one of the harshest results in the crypto tax code.

How far back can I amend to claim a theft loss?

Seven years from the return due date under §6511(d)(1), which is longer than the standard three-year refund-claim window under §6511(a). That extra window has rescued many late-discovery theft victims whose original return missed the deduction.

Crypto Theft Loss Tax Deduction IRS 2026: §165 & Giambrone

Crypto theft loss deduction under IRC §165. Giambrone, profit-motive test, rug pull vs. traditional theft, and what TCJA did to personal theft losses.

Crypto theft losses are the most misunderstood deduction in the tax code. People assume they can't claim anything because "TCJA killed theft losses." People at the other extreme assume they can write off every rug pull, hack, and lost seed phrase. The truth is narrower and more technical than either. Here's what the statute and case law actually say, and what documentation will hold up when the IRS asks.

The Three-Track Framework of §165

IRC §165 allows a deduction for "any loss sustained during the taxable year and not compensated for by insurance or otherwise." For individual taxpayers, §165(c) restricts that to three categories:

§165(c)(1) — losses incurred in a trade or business.
§165(c)(2) — losses incurred in any transaction entered into for profit, though not connected with a trade or business.
§165(c)(3) — losses of property not connected with a trade or business or transaction entered into for profit that arise from fire, storm, shipwreck, or other casualty, or from theft.

TCJA limited §165(c)(3) to losses from federally declared disasters for tax years 2018–2025. This is the source of the widespread (partly wrong) belief that theft losses are dead. TCJA did not touch §165(c)(1) or §165(c)(2). Those tracks remain fully alive.

So the threshold question on any crypto theft loss is: was the crypto held for profit? If yes, §165(c)(2) applies and the loss is deductible. If it was purely personal — crypto you were holding to spend, not to grow — §165(c)(3) applies and you're blocked through 2025 unless it's a federal disaster.

Giambrone and the Profit-Motive Test

The leading authority on whether crypto held by an individual was "entered into for profit" is CCA 202302011 and related guidance, which analyzed a taxpayer whose cryptocurrency had substantially declined in value. The IRS confirmed that a §165(a) worthlessness loss requires both a closed and completed transaction and that the property has no current value and no potential future value.

More directly on theft, Giambrone v. Commissioner (and the progeny) established that the taxpayer must show: (1) a theft occurred under the law of the jurisdiction where the loss occurred, (2) the taxpayer owned the property, (3) the taxpayer's basis, (4) the year of discovery, and (5) no reasonable prospect of recovery. The IRS applies the same framework to crypto.

The profit-motive element under §165(c)(2) is typically the easiest to prove for crypto — the asset class exists almost entirely as an investment vehicle. But you do need to be able to say, in writing, "I held this for investment." A trader's wallet of BTC, ETH, SOL is obviously for profit. A wallet full of meme coins accumulated while playing a blockchain game is a harder conversation.

Rug Pull vs. Traditional Theft

The two most common crypto theft scenarios require different analyses.

Traditional Theft (Wallet Drain, Exchange Hack, Seed-Phrase Compromise)

Someone takes your private key or exploits your account. Your crypto is gone. This fits the classic definition of theft under every state's penal code. The §165 analysis is straightforward if you can show the facts. A ransomware payment is theft. A phishing attack that drained your wallet is theft. An exchange hack where coins were stolen from the exchange's hot wallet and never recovered is theft (if the exchange doesn't compensate you — if they do, no loss).

Key evidence: on-chain transaction hashes showing the unauthorized transfer, police reports, FBI IC3 complaint, any exchange incident reports, and your own contemporaneous statement of what happened.

Rug Pull

The token developers abandoned the project after raising funds, or drained the liquidity pool, or disabled selling with hidden contract functions. The IRS and Tax Court have not directly addressed whether a rug pull is a §165 theft loss. The fact-specific question is whether the conduct rises to theft under the law of the jurisdiction. Developers who intentionally deceived investors from day one — promising a product they never intended to build, then draining the treasury — have committed fraud under the laws of most jurisdictions. That's theft by false pretenses.

Developers who built the project in good faith, failed, and abandoned it are a different case. Those may qualify for §165(g) worthless security loss (if the token is a security) or §165(f) capital loss (if not), but not theft. Capital losses are bounded by the $3,000 ordinary-income offset under §1211, which is far less useful than an above-the-line or itemized theft deduction.

The Distinction Matters a Lot

A $100,000 theft loss under §165(c)(2) at a 32% bracket saves $32,000 of federal tax. The same $100,000 as a capital loss saves $960 this year (32% × $3,000) and the rest carries forward at $3,000 per year — twenty-four years to use up the remaining $97,000 absent offsetting capital gains. Same dollars of loss. Radically different present value.

Worked Example: Wallet Drain After Phishing

Client clicks a malicious link posing as a MetaMask update. Attacker drains $62,000 of ETH and USDC from his hot wallet. Client discovers the drain within hours and files an IC3 report the same day. The wallet contents were investment holdings — he bought ETH to hold, and was using USDC as a dollar-denominated reserve inside the wallet.

On the return: §165(c)(2) profit-motive theft loss of $62,000. Reported on Form 4684 Section B (income-producing property), flowing to Schedule A as an itemized deduction not subject to the 10% AGI floor. At a 32% marginal rate, federal tax savings of $19,840. State savings additional.

Documentation: IC3 complaint number, police report, MetaMask transaction history showing the unauthorized transfers, Etherscan links to the draining transactions, affidavit from the client describing the phishing attack, screenshots of the fake site if archived, and a clear statement that the wallet was held for profit.

The Reasonable-Prospect-of-Recovery Problem

Under Treas. Reg. §1.165-1(d)(3), a theft loss is not sustained until there is no reasonable prospect of recovery. For a wallet drain where the funds went to a mixer and a foreign exchange, the reasonable prospect of recovery collapses within days. For an exchange hack where the exchange is likely to make customers whole (think Bitfinex 2016 post-recovery distributions, or Mt. Gox creditor payouts), you may not have a sustained loss until the recovery process concludes.

The rule is fact-specific. A pending class action is not itself enough to defer a deduction if the recovery is speculative. A bankruptcy estate with actual assets and an announced distribution percentage may defer the loss until the distribution occurs. Document the recovery analysis contemporaneously — the IRS does not let you pick the year retrospectively.

Basis: What You Can Actually Deduct

The theft loss amount is your adjusted basis in the stolen property or its FMV at the time of loss, whichever is lower, under Treas. Reg. §1.165-7(b). You cannot deduct unrealized appreciation. If you bought ETH at $800 and it was $3,200 at the time of theft, your deduction is $800 per ETH, not $3,200. The appreciation goes away untaxed — neither income nor deduction — which is the right answer under the realization principle.

For crypto where basis is hard to establish (lost records, defunct exchanges, self-custody history gone), reconstruct. Bank records showing wires to exchanges. Historical price data at your best estimate of the acquisition date. Wallet activity logs. Zero basis is the IRS's default when you can't prove it — and zero basis on a theft loss means zero deduction.

Reporting Mechanics

Form 4684, Section B — for losses on income-producing property (§165(c)(2) investments). Carries to Schedule A.
Form 4684, Section A — for personal use property losses from federally declared disasters (§165(c)(3)). Subject to $100 per event and 10% AGI floor.
Form 1040-X — to amend a prior year you missed. Under §6511(d)(1), theft losses get a seven-year refund-claim window, not the usual three.

The 1099-DA Interaction

For 2025 and later, Form 1099-DA reports proceeds of crypto sales. A theft is not a sale — nothing should appear on a 1099-DA for stolen coins unless the thief sold them through an exchange where your KYC was on file (unusual). If proceeds appear on the 1099-DA from transactions you didn't initiate, override on Form 8949 with an explanation, and separately claim the theft loss on Form 4684. Don't try to net the two on one form — they're structurally different.

What Does NOT Qualify

Lost seed phrase / forgotten passwords. Your coin isn't stolen; it's stranded. Not a §165(a) loss because the transaction isn't closed and completed — you still own the coins, you just can't access them.
Sent to wrong address. User error, not theft.
Coin price dropped to near zero. Not a loss until you sell (or establish worthlessness under §165(g)).
You sent crypto to someone expecting to get it back. That's a loan or investment, not theft, absent fraud.

Crypto theft loss creating a tax question? Let's talk.

Theft loss deductions are won and lost on documentation. If you've been drained, rugged, or hacked and want a real read on what the IRS will and won't allow, pick up the phone. Call (813) 229-7100 or book at https://getirshelp.com/contact. Free consultation. 32 years of cleaning up exactly this.

Crypto Theft Loss Tax Deduction: §165 After TCJA, Giambrone, and Rug Pulls