As large-scale heists like Mt. Gox and Coincheck have constantly reminded us, the cryptocurrency world is not free of the grasp of enterprising hackers. During moments where the crypto market has achieved peak value, there was always a huge incentive to fleece coins out of less secured parts of the internet and disappear with the funds.
Although the companies managing cryptocurrency exchanges and some of your wallets are ramping up their efforts significantly to make sure your valuable coins stay safe, they still can’t remove the onus from you to protect yourself. That’s why we’d like to show you a list of some of the most egregious ways you can end up throwing your wealth away and some of the steps you can take to protect yourself from this grim possibility.
1: Exchanges Still Aren’t Unhackable
It sounds like a no-brainer, right? Very few things in this world are impenetrable, as the Ottomans taught the Byzantine empire by blasting the Theodosian walls with their big bronze cannons.
You still trust these companies to know what they’re doing and protect you on some level. It’s important to know that while they’re doing their best, it may not always be enough. As recently as December 2021, BitMart got a sledgehammer to the face when it lost nearly a quarter of a billion dollars in its users’ valuables.
What Can You Do?
Don’t let yourself get lulled into complacency, thinking, “This can’t happen to me! I did a lot of research on which exchange is safest!” The earlier BitMart incident happened despite providing two-factor authentication, withdrawal confirmations by email, IP monitoring, significant API key protections, and ample encryption of its users’ personal info.
Once your business is done with that exchange, keep whatever cash you don’t plan on using for trading out of its system. Even using a mobile wallet that has a decent track record with maintaining its users’ trust can protect you more than an exchange that presents a more target-rich environment to hackers.
2: Phishing
Whether you’re using NFTs to purchase in-game goods in your favorite shooter or day trading like the rapture’s coming, you’ll one day find some link leading you to something that appears to be a site you regularly use. It looks exactly like your go-to crypto hub, quacks like it, and even has the trademarked logo, but it’s anything but what you intended to visit.
If you commit to giving your personal details to that site, instead of logging you in, it sends the details to the creator of an elaborate scheme to steal your information and your money. This is unfortunately an easy trick to fall for, and phishing continues to be a serious threat despite being one of the oldest in the book (since before Netscape was even a thing).
What Can You Do?
Phishing is actually surprisingly easy to counter. If you go to a site from a link, check out the URL on the bar. Is this the URL you’re used to logging into? This may sound like a little bit of tedium, but it goes a very long way to protecting your cryptocurrency from theft.
Also, look out for URLs with “%3C” and “%3E” in them. These are URL escape codes that incorporate opening and closing HTML tags. Sometimes this is used to execute cross-site scripting (XSS) attack, giving you a modified version of the legit page you’re going to that feeds information to the attacker rather than the page.
3. Catching A Computer Cough
It may not sound like viruses are much of a thing these days with all the sophisticated heuristic techniques that antivirus applications use to catch them, but they’re sadly still around. A lot of malicious actors have created software attached to popular pieces of pirated software that constantly “listen” to your clipboard and keyboard input for patterns resembling cryptocurrency wallet credentials.
Once they find what they need, they “call home” with the information and give a hacker full access to your coins.
What Can You Do?
If you use Windows or Mac, the best thing is to keep your system up to date and avoid installing any pirated software. Learn to use the free alternatives instead and try to keep your head out of trouble by exercising prudence around sites that can’t fully be trusted. Even if what you’re downloading isn’t technically pirated (to the best of your knowledge, at least), it could still contain malware attached if it comes from a less-than-reputable source.
If you’re using Linux, don’t think you’re out of the woods! Although it’s near impossible to get a computer virus in your system, hackers can still execute arbitrary code in some of the more common applications you use if you do not keep them up to date. It costs you nothing but a few minutes to update (unless you’re a masochist and use Gentoo) and it could be the difference between a system that’s open for attack and one that’s prepared for anything that comes its way.
4: Losing Your Wallet
If you have a hardware wallet like Ledger or Trezor, or you store everything on your computer, there’s a very distinct possibility that this method could fail spectacularly the moment you lose the key phrases to these devices.
Since your wallet’s ownership is determined by the passphrase generated for you upon its creation, the devices don’t matter as much as the phrase itself. Your computer can suddenly explode or you could drop your Ledger wallet into a lake; the currency doesn’t depend on those anyway.
However, the moment you’ve lost the 24-ish word phrase needed to access your coins, they’re gone forever.
What Can You Do?
Since you’re managing the security that binds your wallet to you, this puts the greatest onus on you to make sure it’s secure. At this point, security depends more on redundancy than the possibility of intrusion, depending on your circumstances.
To knock both birds with one stone, make sure that you keep multiple copies of your passphrase on secure media. My favorite way to do this is to write down the phrase on a slip of paper and keep it in a safe place and store another copy of it in an encrypted flash drive.
This way, should you lose the paper for some reason, the drive is your go-to. The same works vice versa.
5: Giveaway Scams
Although they’re not as prominent as they used to be years ago, scammers still run rampant on most popular communications platforms. This often starts innocently enough as a person advertising some big giveaway of ETH, EOS, or some other cryptocurrency or NFT.
They’ll make a big show of it and ask you to click on a link to register. After you “win” this giveaway, they’ll ask you to send a smaller sum to the “giveaway organizer” wallet to “release” the funds.
These scams will sometimes go as far as making completely believable websites that resemble those of upstart exchanges. On Discord and Telegram, they send you direct messages saying you’ve won an unbelievable sum, leading you to such a site and asking for a “small” release fee that represents a fraction of the cost.
Giveaway scammers don’t expect to break the bank with this, instead offering the “reasonable alternative” fallacy as a means to ensnare you into parting with a small amount of what is in your wallet. Over time some of these people can earn upwards of six figures with all the people they’ve duped.
What Can You Do?
If you ever encounter someone asking you to fork over some of your precious coins to “release” something you’ve won, it’s a scam. Just don’t send them anything. The transaction fees can be covered by the funds you’ve won if the giveaway were actually legitimate.
