Bitcoin and its cryptocurrency brethren have been all the rage in 2021, and record numbers of investors are now getting caught up in the excitement. And while the critics do raise plenty of interesting questions about the long-term viability of crypto, there’s no denying that vast fortunes have been made by some. One of the areas of crypto investing that has mostly been overlooked, however, is the risk of owning crypto investments — not the risk of capital loss, which has been much discussed, but rather the risk of being duped, scammed or outright robbed of your investment. Here’s a look at some of the most prominent cyber risks to investing in cryptocurrency.
Cryptocurrency isn’t a tangible item, like a dollar bill. It only exists in the virtual world. As such, it’s vulnerable to theft in any number of ways, just like your online bank account. While the chance that any one specific person will fall prey to crypto theft may be small, the crime is rising dramatically on the whole.
According to Crystal Blockchain Analytics, from January 2011 to December 2021, $3.18 billion was stolen through security breaches, and $1.76 billion through DeFi hacks. For the most part, cryptocurrency assets held in crypto wallets are highly secure. They can only be accessed through private keys, known only to the owner. These keys are strings of letters and numbers similar to passwords. But as with any type of password system, hackers have clever ways to break into your private wallet. Here are a few of the most common.
Phishing attacks come in a number of forms. One common method hackers use is creating websites that look nearly identical to ones you are familiar with so that you’ll click on them. For example, if you check your crypto account at a fictional site like “cryptocurrencyholdings.com,” hackers might create a similar looking site at “cryptocurrencyholding.com,” dropping the “s.” Other forms of this attack include fake Google ads that look like legitimate crypto wallet sites. If you’re not wary, you might enter your crypto credentials or other vital information on the hacker’s website.
Another common phishing play is if you receive a notification from a legitimate-looking website asking you to update your login information or password for security reasons. If you click on the link, it takes you to a hacker’s site where they can steal your information and get access to your crypto.
Two-factor authentication is a way that companies try to enhance their cybersecurity by requiring you to respond to a notification on your phone or in your email when your account is accessed. However, clever hackers can bypass this system by either cloning your SIM card or calling your phone company and convincing them to transfer your number to their SIM card. Then, they can hack your crypto account and “confirm” that the login is authentic via the two-factor authentication on their own phone, instead of yours.
Crypto scams have resulted in even more losses to consumers than outright crypto theft. Crystal Blockchain Analytics data pegs losses due to crypto scams from January 2011 to December 2021 at a whopping $7.21 billion. To help keep yourself safe from crypto scams, read about some of the most common methods criminals use to part you from your cryptocurrency.
Pump and Dump
Pump and dump isn’t a new scam developed in the age of crypto. It’s actually one of the oldest stock market manipulation tricks in the book. Essentially, some “authority,” be it a talking head, or a group of message board leaders, or someone with influence in the crypto community, will talk up a new cryptocurrency as “the next big thing.” As word spreads, it creates its own momentum, as more investors pile into the crypto the faster that it rises. Once it’s achieved a significant gain, the original touts will dump their crypto, driving the price down and ending the mania, leaving small investors holding the bag.
The “rug pull” is a close cousin to the pump and dump scheme, and they share certain characteristics. In both cases, scammers hype up the price of a crypto until it’s time to cash out and leave investors holding the bag. But with the rug pull, a crypto is created specifically for the point of defrauding investors. Once legitimate crypto is exchanged for the scam one, the creators withdraw all the liquidity and the coin typically goes to zero. According to Chainalysis, rug pulls are dramatically on the rise, totaling $2.8 billion in 2021. This comprised 37% of all scam revenue in 2021, up from just 1% in 2020.
Scamming Yourself: Forgetting Your Private Key
Perhaps one of the most painful ways to lose access to your crypto investments is to forget your private key. Since digital crypto wallets are decentralized and not tied to any bank, if you forget your private key, you can kiss your crypto assets goodbye. After a certain number of tries, most wallets permanently lock, removing access to your cryptocurrency forever.
More From GOBankingRates