Start the conversation
If you're already investing in cryptocurrency, or if you're even thinking about getting started, then you need to get laser-focused on security.
Everyone who's misplaced a wallet or had one stolen knows how easy it is to lose conventional money. But you need to be even more cautious with crypto.
Not only are there more ways to lose your tokens, but the transactions are designed to be "one-way" - there's no mechanism to reverse them. And the lack of sufficient regulation means that in many cases, lost or stolen crypto cannot be recovered.
Hackers and scammers made off with $14 billion worth of crypto last year, according to analytics firm Chainalysis - and an astounding amount is completely lost.
Crypto data firm Glassnode puts the number of "lost forever" bitcoins at 3 million, with some estimates even higher. That's nearly 16% of all existing bitcoins and 14.3% of all the bitcoins that will ever be mined. At current prices (about $44,000), that's $132 billion worth of BTC lost.
To help you keep your crypto safe, we put together this comprehensive guide.
In it, you'll find out the most common ways you can lose your crypto, the biggest security mistakes you need to avoid, and exactly what steps you can take to protect your investments...
Scammers, Hackers, and Criminals
Thieves have multiple ways to take other people's crypto. But you can make it harder for them to get yours. Here are some of the most common things to look out for and what you can do about them...
Last year alone, there were more than 20 separate hacks of crypto exchanges that caused losses of more than $100 million.
What you can do: A mantra among crypto veterans is "Not your keys, not your crypto." That means you don't have the same full control and possession of crypto you have stored on an exchange as you do with a private wallet stored on your PC or with a hardware wallet. You only want to have crypto on an exchange when you're trading it. Otherwise, move it to a private wallet for safekeeping.
Otherwise known as "social engineering," phishing scams seek to trick you into surrendering your crypto voluntarily. Scammers typically send phishing texts or e-mails (although sometimes you'll see these on social media as well) to lure victims to fake websites that look like legitimate, well-known exchanges.
Often the e-mail warns of some sort of problem with the user's account, and that they need to fix it immediately or their account will be closed. But all links take the victim to the fake website. When the victim types in their credentials, the info is sent to the scammer - who can then use them to access the victim's real exchange account to drain it.
What you can do: Treat e-mails from exchanges with skepticism. Try to go to the exchange site directly to do business. And when on an exchange site, double-check the address bar to make sure the URL is correct and there are no misspellings. Look for the secure badge.
We're not talking about airdrops here. That's when a project gives away a portion of its tokens to crypto users who qualify (such as by holding another, better-known crypto). Airdrops are legit and are used to jump-start adoption and raise awareness.
What you can do: People typically don't just give away crypto on social media, and when they do, they don't ask for a "donation" up front. If it sounds too good to be true, it probably is.
A rug pull is when the developers behind a crypto project are actually scammers. They rush together a token and hype it up. When the price moves high enough, they dump their holdings, shut the project down, and disappear.
What you can do: Watch out for young projects that are all hype and no substance. The best way to avoid rug pulls is by sticking with well-established cryptocurrencies.
SIM Swap Fraud
A SIM is the ID card in your smartphone. Scammers call your mobile carrier, claiming to be you and saying the original SIM (the one still in your phone) was lost, stolen, or damaged. Using personal info obtained from one of the many major data breaches that have occurred over the past few years, the scammer convinces the carrier they are indeed you. The carrier reassigns your phone number to the scammer's SIM. Now they have control of everything on your phone - including any crypto accounts you may have. You can be cleaned out in a matter of minutes.
What you can do: This is a tough one. The only way to avoid losing your crypto to a SIM swap scam is by not having any crypto apps on your phone. But you'll have to sacrifice the convenience of using crypto apps. A few crypto sites are only accessible via their phone apps.
Several browser extension wallets, including the very popular MetaMask, as well as Nifty Wallet, Binance Chain Wallet, MEW CX, Ronin Wallet, TronLink, and the relatively new Coinbase Wallet, are susceptible to a new malware variant. Called Mars Stealer, this malware is spread through file-hosting websites and torrent clients. Once installed, it sniffs out the browser wallet's address info and private keys, which it transmits to the hacker. Then it deletes itself.
What you can do: Don't visit file-sharing sites or use any torrent clients (like BitTorrent).
User Mistakes You Need to Avoid
Unfortunately, crypto investors also can lose tokens by making a critical error. When sending or storing crypto, you need to be very careful.
Sending to the Wrong Address
Addresses - those crazy long strings of letters and numbers - are how crypto knows where to go when zipping around the Internet. The trouble is, the addresses are so long and random that it's easy to get wrong. That's why you want to cut-and-paste addresses when doing crypto transactions. But it gets trickier. Some related cryptos, such as the forks of Bitcoin, have very similar addresses. People sometimes send Bitcoin to a Bitcoin Cash (BCH) or Bitcoin SV (BSV) address. And when they do, that BTC is lost forever.
What's become more prevalent in recent years with the rise of "platform" networks is folks sending crypto to the wrong platform. The stablecoin USD Coin (USDC) is a good example. USDC is primarily an ERC-20 token that runs on the Ethereum network. But USDC also runs on top of the Binance Smart Chain network as well as Solana (SOL). If you erroneously send ERC-20 USDC to the Binance Smart Chain (or vice-versa), you will lose it.
What you can do: Double and triple-check your receiving addresses to make sure they're correct. (After pasting an address into a receiving window, look at the site where you copied it from and make sure the letters and numbers match exactly.)
Leaving Your Private Key Out in the Open
Because crypto private keys tend to be long phrases, a lot of people want to make sure they won't forget it by putting them in an unencrypted text file (like a Word document) or taking a screenshot of them. While this may seem like a good idea, it's really just making you more vulnerable to getting your crypto hacked.
What you can do: Never do this. If you have already done it, delete the files. If you really want to keep a copy of your private key somewhere, write it on a piece of paper and hide it in a place where you know you'll remember where to find it.
Forget/Misplace Private Key
This is something of a corollary to the item above. Private keys can be easy to forget since they need to be so long. If you do forget your private key, there is no way to access the crypto in your wallet. The worst part is, you can still see the crypto, right there in your wallet - right there in front of you. But you can't move it to trade or spend it. And even if you have no trouble remembering your private key, you need to consider what would happen if you died unexpectedly. In 2019, we saw that happen on a large scale when the founder of Canada-based crypto exchange Quadriga died. He never shared the private keys, so $250 million worth of customer funds became locked and inaccessible forever.
What you can do: If you have a poor memory, write your private key on a piece of paper. And make sure at least one trusted loved one knows where that paper is.
More Security-Minded Crypto Habits
Finally, keep these tips in mind to keep your crypto as safe as possible.
Just about every crypto exchange requires 2FA (two-factor authentication), but most make it optional. That's unfortunate because 2FA is an extra layer of protection for your crypto exchange account, and making it optional means many users won't bother with it. It's actually pretty easy to set up. Two apps provide most 2FA - Google Authenticator and Authy. When you set it up, you usually scan in a QR code. After that, every time you log in to your exchange account, it will ask for a 2FA code. You need to fetch the code for that exchange from your 2FA app and type it in. (The codes change every 30 seconds.) The added security is worth the effort.
Weak/Re-used Private Key
Your wallet password (private key in crypto-speak) protects your crypto. If it's short or too easy to guess, you're making yourself vulnerable to the bad guys. Choose a long phrase you will remember (see above) but that no one else would associate with you. And don't re-use private keys for different wallets. That gives a hacker who gets the key access to all of your wallets instead of just one (which is bad enough).
Now That Your Crypto Is Safer...
We hope this guide was useful and will help crypto investors at all levels of experience protect their assets from scammers and hackers.
After getting a handle on all this, the next step is, of course, to invest. Just about everyone needs Bitcoin and Ethereum in their portfolios, given their status as "foundational" cryptos.
But there's a whole cryptocurrency market outside of those two well-known coins - "microcurrencies" that you can often get for pennies on the dollar. Yes, top insiders are saying Bitcoin could rally to $100,000 this year, but the potential in the smaller tokens could make BTC and ETH profits look positively tiny by comparison.
They are already scoring some of the biggest gains we've ever seen anywhere - beating the stock market and gold market. Heck, they're even crushing gains made by Bitcoin - by 75X, 211X, even 5,567X more in the same six-month time frame. It's a revolution in the making... go here for all the details.
Follow Money Morning on Facebook and Twitter.
About the Author
David Zeiler, Associate Editor for Money Morning at Money Map Press, has been a journalist for more than 35 years, including 18 spent at The Baltimore Sun. He has worked as a writer, editor, and page designer at different times in his career. He's interviewed a number of well-known personalities - ranging from punk rock icon Joey Ramone to Apple Inc. co-founder Steve Wozniak.
Over the course of his journalistic career, Dave has covered many diverse subjects. Since arriving at Money Morning in 2011, he has focused primarily on technology. He's an expert on both Apple and cryptocurrencies. He started writing about Apple for The Sun in the mid-1990s, and had an Apple blog on The Sun's web site from 2007-2009. Dave's been writing about Bitcoin since 2011 - long before most people had even heard of it. He even mined it for a short time.
Dave has a BA in English and Mass Communications from Loyola University Maryland.
Or to contact Money Morning Customer Service, click here.