We examine how cybercrime impacts victims’ risk-taking and returns. The results from our difference-in-differences analysis of a sample of victim and matched non-victim investors on the Ethereum blockchain are in line with prospect theory and suggest that victims increase their long-term total risk-taking after losing part of their wealth, leading to lower risk-adjusted returns in the post-cybercrime period. Victims’ long-term total risk-taking increases because they increase diversifiable risk due to victims’ post-cybercrime withdrawal from altcoins. At the same time, the reduction in risk-adjusted returns correlates with increased trading activity and churn, due plausibly to managing cybercrime exposure. In the cross-section of Ethereum addresses, we show that the most affluent victims take a systematic approach to restore their pre-cybercrime wealth level, while the least affluent victims turn into gamblers. Finally, a parsimonious forensic model explains a good part of the addresses’ probability of being involved in cybercrime, on both the victim and the cybercriminal side.