Almost every day there are messages in popular media about crypto hacks or new malicious techniques utilized by bad actors. Crypto users need to be aware of the most common risks they can face since forewarned means forearmed. We have prepared the list of top-50 risks in crypto. Remember about them and do not let hackers steal your money.
What are the risks of owning crypto?
Risks beyond the control of a crypto user
1. Market risk. The risk of adverse changes in the value of an asset due to changing market tendencies. For example, the decisions of the Central Banks of leading economies (USA, EU, Japan, China) such as the ones related to interest rates may have a significant impact on the crypto market. The same relates to reports issued by financial authorities or regulators. Substantial interest rate increase may lead to the depreciation of crypto assets.
2. Credit risk. The risk of the cryptocurrency issuer’s bankruptcy or failure to meet its payment obligations. Many crypto projects operate on borrowed money and their failure to pay off the debt due to poor performance may result in their ultimate collapse.
3. Low liquidity. The risk of not being able to convert the entire position volume into fiat currency (or equivalents) at the best possible prices. The pair with your crypto may have low liquidity meaning that there is not enough supply to fill in your order. As a result, you will either need to wait a lot of time or dramatically lower the price;
4. Operational risk. The risk of encountering the inability to perform trade transactions or asset deposit/withdrawal. Crypto platforms may experience technical issues due to different reasons such as cyberattacks, mistakes made by developers, etc.
5. Throw coins on a farming pool, which then gets hacked. Hackers can hack the pool and steal all your assets. The project behind your crypto cannot fully control the security of liquidity pool if it is made on a third-party platform.
6. Lack of crypto investors’ regulatory protection. Every country has its own laws regulating cryptocurrency transactions. They change pretty often, and such instability creates new risks. Regulatory uncertainty may leave the victims of a crypto hack with no compensation.
7. Taxes. In many countries, there are no taxes on funds held in cryptocurrency. However, legislation is changing, and investors may soon have to pay any taxes on their cryptocurrency savings thereby getting lower profits from crypto.
8. Natural disasters. If a user stores confidential data such as seed phrases or private keys on a paper and an unexpected natural disaster takes place as a result of which the user’s home is damaged, then he can lose access to his wallet forever.
9. Too big dependence on key individuals. If projects’ owners decide to exit the crypto business due to family problems or other reasons such as illness, then the project will likely collapse. Unlike fiat currencies that are under the governance of a Central bank, cryptocurrencies are managed by the teams behind the projects they represent.
10. Internet issues. To make a crypto transfer, you need to have a stable connection to the Internet. If there is no Internet in your area, you cannot do anything with your crypto.
11. Blackmail. Blackmail is a well-known method used by fraudsters threatening to disclose confidential information if they are not reimbursed somehow. These reimbursements are usually in the form of cryptocurrencies, particularly Bitcoin since due to a non-regulated environment, fraudsters may not face any penalties for demanding ransom in crypto.
12. Fake Exchanges. As the name implies, fake exchanges are fraudulent copies of legitimate crypto exchanges. Typically, these scams have the form of mobile apps, but you can also find them as desktop or fake websites. Fake exchanges try to fully copy the legitimate players including their design, features, etc.
13. Fake Giveaways. They are used to lure cryptocurrency from you by offering something for free in exchange for a small deposit. Scammers usually ask you to send funds to a Bitcoin address first to get more Bitcoin in the future.
14. Social media phishing. This is a common Bitcoin scam. Scammers create an account that will look like an account with a high level of authority in the crypto space. They later use this account to post messages containing malicious links or misleading information by following which a crypto user may lose his fortune.
15. Copy-and-paste malware. This is a very clever way for scammers to steal your funds. This type of malware grabs your clipboard data and will send money directly to scammers if you’re not careful. Thus, do not follow any suspicious links or download unknown files.
16. Phishing emails. Using phishing through emails tricks you into downloading an infected file or clicking on a link that leads to a malicious website that looks legitimate. Phishing emails try to fully resemble the messages sent by your colleagues or employer.
17. A Ponzi scheme and a pyramid scheme. Two of the oldest financial frauds in history. A Ponzi scheme is an investment strategy in which old investors are paid income at the expense of new investors’ money.
18. Killer programs. This type of malware blocks victims’ mobile or computer devices or prevents them from accessing valuable data unless a ransom is paid. Killer programs are installed on your devices as a result of scams.
19. Rug pull. Pump and dump schemes, commonly known as rug pulls, occur when developers illegally take investors’ money and abandon the project after allocating a considerable amount to a fake crypto project. Rug pull is difficult to be predicted and, generally, investors do not get their money back.
20. Join the unofficial coin channel (scam clone) and buy a scam coin instead of a real one at the beginning of sales. Hyped tokens are the most lucrative targets for scammers. By creating fake liquidity pairs or similar tokens they can lure users to spend their money on these fakes.
21. Participate in a bitcoin giveaway from Elon Musk(s). There are real cryptocurrency giveaways on YouTube. But this is not the case: if you send cryptocurrency to “Elon Musk,” the scammers will take everything themselves.
22. Fake wallets. Fake bitcoin wallets usually have a name very similar to official and trusted wallets such as Coinbase or Mycelium, and in some cases, fakes post the same logo. Download wallets only from the verified pages.
23. Cloud mining scams. These websites offer to buy power, but no mining. Typically, these sites require users to make a payment to start the mining process. Then, after some time, the company and the users’ funds disappear and, of course, victims do not get any mining rewards.
24. Cryptocurrency-based network marketing. Network marketing without an actual product or service promising high commissions for successful referrals is just another type of pyramid scheme. The funds paid to participants are not income but money from new contributors.
25. Fake exchanges or crypto trading applications. These companies usually attract customers by reducing commissions, accepting more payment systems, etc. Also, they can organize frequent giveaways or airdrops while not requiring users to do anything. When something seems to be too attractive to be true, then it is likely a scam.
26. Fake cryptocurrency donations. There were cases when crooks created fake pages for contributions. Often these pages are created following some news or announcements made by politicians or famous people. For example, after the russian invasion of Ukraine, there were several cases of fake crypto donation pages.
27. Fake celebrity endorsements. To attract the attention of potential victims, crypto scammers sometimes impersonate celebrities, business people, and influencers or claim support from them. For example, scammers create fake videos with Elon Musk containing some words about airdrops or giveaways thereby luring users to transfer their assets or connect wallets to dangerous websites.
28. Free giveaways. Scammers promise to return or multiply the cryptocurrency sent to them in what is known as a free giveaway. Remember that it is a trap. Don’t send your money or virtual assets to non-verified individuals.
29. Initial cryptocurrency placement scams. This is a way for cryptocurrency startups to attract funds from future users. Typically, customers are promised a discount on new cryptocurrencies in exchange for investments in existing popular cryptocurrencies such as bitcoin, Ethereum, etc.
30. Don’t tell anyone your seed phrase. This is a sequence of 12, 18, or 24 words generated by the wallet during registration. If a malicious actor knows your seed phrase, he can access your wallet and, thus, steal your assets.
31. Pump&Dump is selling scam coins. Scammers find or create a currency, for example, priced at $0.00000001, with a paltry capitalization and liquidity. The lower they are, the easier it is to manage the rate. The chosen coin is “pampered,” advertised on social networks, and attracts new investors. When the speed reaches a peak, the scam organizers “dump” the coin and leave the exchange. And investors are left with notes that will never grow again. If unknown individuals invite you to suspicious groups offering you to participate in such schemes, don’t do it.
32. Coins that can be bought but cannot be sold. Attackers create some new cryptocurrency and write in the smart contract that it can be purchased but cannot be sold. Then, according to the standard scheme: advertising, mailing on social networks, etc. The more you invest in this coin, the more you lose.
33. Swap scams. Phone numbers are stolen to access people’s crypto accounts. Last year, 19-year-old Xzavyer Narvaez made headlines by stealing more than $1 million worth of BTC using this sim swap tactic.
34. Advertising fraud. Attackers post an ad for a used car on a classified site and demand a bitcoin deposit to keep the car for you. Victims pay the bitcoins but never get the car or their bitcoins back because the transactions are irreversible.
Common user mistakes
35. Send USDT ERC20 to a TRC20 wallet. Losing coins by sending them to the wrong wallet is a common occurrence in the cryptocurrency world. Always double-check whether you’ve chosen the correct network for transfer. Most of the operations in crypto are irreversible.
36. Sending XRP without a MEMO number. The Destination/Memo tag is an additional address characteristic needed to identify the recipient in addition to the XRP/XLM wallet address on a centralized exchange or wallet.
37. Buy a token on dex that can’t be sold. Use a trusted DEX to buy tokens before their IDO. Many reliable DEXs participate in IDOs, including PancakeSwap and BakerySwap. Using them gives you the best chance of getting tokens before IDO. Don’t buy such tokens on unknown exchanges.
38. Mix up the wallets of the networks during the bridge. If you try to transfer Ethereum to a Bitcoin address, the coins will be lost. Make sure you bridge your tokens to supported networks.
39. Not all exchanges support smart contracts. Usually, the platform indicates a warning next to the user’s wallet address. If ignored, the funds will reach the deal but not be credited to the trader’s balance. Do not ignore any warnings issued by the platform you work with.
40. Set two-factor authentication, lose the phone and do not initially backup the two-factor code. The simple truth is that there is no guarantee that your authentication factors will be available when you need them. In most cases, it is, but it only takes one mistake to lock you out of your accounts.
41. Loss of a secret code. This is the key to accessing a crypto wallet. Loss of the secret code implies the loss of access to all assets stored in the wallet. This can happen if the PC’s complex drive malfunctions or the flash drive on which the code is stored is damaged.
42. Erroneous user transaction. Entering just one digit incorrectly or sending the assets to the wrong address will also result in a loss. The transaction cannot be reversed, so the amount sent cannot be refunded.
43. Do not use a weak password or reuse passwords. You follow lousy security practices if you have a strong password but use it for multiple accounts. Breaking into one of these platforms could potentially affect every interpretation you use that password with.
44. Asking for the technical assistance in the general community chat. Don’t do it since you can immediately receive messages from so-called technical assistance or other “kind” specialists. Remember that the projects’ team members do not PM first.
45. Neglecting locking your device in public places. If you use your laptop for crypto trading and people near you see it, there is a risk that someone may decide to steal your private data. For example, you go to WC for 2 minutes and this time is enough for a hacker to perform all malicious operations on your laptop if it has not been locked.
46. Impermanent loss. An impermanent loss of the liquidity pool occurs when the price of a token increases or decreases after you contribute them to the liquidity pool. This change is considered a loss when the dollar value of your token at the time of withdrawal becomes less than its amount at the time of deposit.
47. Buy hawks and sell on lots is the worst trading strategy. This usually happens during a long growing trend, when traders use every drawdown to buy more stock. If you don’t place a stop order, you may be left with an expensive store.
48. High slippage tolerance. Slippage is the difference between the expected transaction price and the price at which the exchange occurs. It usually occurs when volatility is high or due to a long transaction process.
49. High leverage margin trading. Margin trading allows you to borrow money from the exchange. In return, it borrows the user’s funds. If the value of assets purchased by a user drops, the exchange keeps the collateral. Leveraged trading is prevalent because it allows you to increase your working capital, sometimes hundreds of times. But with this option, the risk of losing all funds is high.
50. Accidental errors when setting the price. When making a transaction, users manually enter the price of the asset they want to buy/sell. By making an accidental error when entering the price, users can lose a lot of money. For example, setting the buy price at $1000 instead of $100.
As you can see, the major portion of the risks of owning crypto are under the user’s personal control. User’s security is first of all his own responsibility. Remember the basic rules of cyber hygiene, monitor crypto security news, and don’t interact with suspicious projects and individuals. And don’t forget that there are no easy money.