Cryptocurrency safety
Page Article
Hacking & phishing prevention
Hacking and phishing attacks are among the biggest security threats to your cryptocurrencies, so you must set strong passwords for your wallets and all accounts that deal with cryptocurrencies.Keep these tips in mind when setting up or using your cryptocurrency accounts:
- Use different passwords for every account you use to limit any damage that can be done by hackers.
- Use a unique email when opening accounts on each exchange and only use that email address for that specific exchange.
- Enable two-factor authentication for your exchange accounts. This adds software to your smartphone which adds extra security to your account. Without two-factor authentication, a hacker only needs your username and password to empty your balance.
- Don’t store your wallets and passwords in the same place or an attacker can gain access to both your passwords and your wallet at the same time.
- Never mention what exchange or wallet you use on social media or online forums. Any information you post online can be turned against you.
- Maintain backups of your cryptocurrency wallets and recovery phrases to ensure your coins aren’t lost for good if something happens to your main device.
- External hard drives, USB sticks, and encrypted backup files can be used to secure your recovery options and programs like VeraCrypt can encrypt these sensitive files.
The different types of cryptocurrency wallets
- Desktop Wallet: This is installed on your desktop computer and gives you access to and control over your wallet. This wallet is only accessible from the computer on which it is installed and offers a high level of security. However, it’s at risk if something happens to your computer. Examples of desktop wallets are Exodus, mSigna, and Copay.
- Mobile Wallet: This is run from an app on your smartphone for the most convenient but most vulnerable option. These wallets need to be backed up securely; if you lose your phone, or it is compromised, you could lose your cryptos with it.
- Online Wallet: This is a web-based wallet, which means that your data is stored on an online server, making it easier to access it from anywhere. However, since your private keys are stored online with this wallet, they are more at risk of hacking and theft. Examples of online wallets are Coinbase and Blockchain.
- Hardware Wallet: Wallets are built to specifically hold cryptocurrency and keep it secure. You can turn them into hot wallets by connecting them to your computer, then take it offline once you’re done. You don’t need a specialized device for a hardware wallet, even USB sticks will do.
- Paper Wallet: The most basic form of a wallet involves a pen and paper. Simply write out your private key and you will be able to recover your wallet if you ever lose access to it. You can also print out a QR code for both your public and private key, which avoids storing data digitally, providing a high level of security.
Transaction safety
- Wallet Address: Because of the irreversible nature of cryptocurrency transactions, it is very important to ensure that you have entered the correct wallet address. If you send coins to the wrong address, it may not be possible to recover them.
- Special Requirements: When using different cryptocurrencies, it is important to understand how they work before making transactions. Certain cryptocurrencies can have special requirements or safety precautions that should be taken. For example, with IOTA you should always use a new address when you send your cryptos, otherwise, your security is reduced. With Ripple, there can sometimes be two parts to the address: a wallet address and a destination tag. If the proper destination tag is not included, the coins you send can be lost or end up in the wrong account.
- Malware & Viruses: Another risk to watch out for is trojans that have been detected lurking on people’s computers. When the victim copies a cryptocurrency address to send tokens, the trojan will swap the wallet ID that was copied for its own malicious wallet address in payment fields. Therefore, pay careful attention to the cryptocurrency address you are sending your cryptos to.
- Phishing: Phishing attacks, Ponzi schemes, and ransomware are all common types of cyber fraud and theft of cryptocurrencies. There have been reports of cybercriminals sending phishing emails with infected attachments that give the attacker access to the victim’s computer and their wallets. Always be vigilant when dealing with suspicious emails and attachments, especially when you are unsure of their source.
Paying with cryptocurrency
- If you're thinking about paying with cryptocurrency, know that it's different from paying with a credit card or other traditional payment methods.
- Cryptocurrency payments do not come with legal protections. Credit cards and debit cards have legal protections if something goes wrong. For example, if you need to dispute a purchase, your credit card company has a process to help you get your money back. Cryptocurrencies typically do not.
- Cryptocurrency payments typically are not reversible. Once you pay with cryptocurrency, you can usually only get your money back if the person you paid sends it back. Before you buy something with cryptocurrency, know the seller's reputation, where the seller is located, and how to contact someone if there is a problem. Confirm these details by doing some research before you pay.
- Some information about your transactions will likely be public. People talk about cryptocurrency transactions as anonymous. But the truth is not that simple. Some cryptocurrencies record some transaction details on a public ledger called a "blockchain." That's a public list of every cryptocurrency transaction — both the payment and receipt sides. Depending on the cryptocurrency, the information added to the blockchain can include details like the transaction amount and the sender's and recipient's wallet addresses. A wallet address is a long string of numbers and letters linked to your digital wallet. Even though you can use a fake name to register your digital wallet, it's possible to use transaction and wallet information to identify the people involved in a specific transaction. And when you buy something from a seller who collects other information about you, like a shipping address, that information can be used to identify you later on.
Cryptocurrency ATMs and Fraud
Cryptocurrency ATMs, often referred to as “Bitcoin ATMs,” and virtual currency kiosks are found in grocery stores, gas stations, convenience stores, and malls. Regardless of the name, they look and operate like traditional bank ATMs. However, these ATMs allow individuals to purchase and send virtual currencies, like Bitcoin, Ether, and Tether, to other parties anywhere in the world instantaneously.
Cryptocurrency Fraud
Traditionally, a fraudster would convince an unsuspecting victim to send fiat currency via wire transfers, gift cards, P2P digital transfer, etc. Now, fraudsters direct victims to send virtual currency via cryptocurrency ATMs. The fraudster typically instructs the victim to withdraw fiat currency from their financial institution and deposit it into a cryptocurrency ATM, providing the victim with a QR code linked to a wallet controlled by the fraudster. As noted above, tactics may vary, but the goal is to gain a victim’s trust, create a false sense of security, and fabricate an urgent situation that requires the victim’s help or demands payment. The fraudster directs the victim to deposit cash into a virtual currency ATM and purchase virtual currency, which is then sent to the fraudsters’ virtual currency wallet.
Once this is done, the money is essentially gone. Therefore, it is crucial to understand the difference between making a cash deposit at a traditional financial institution ATM and at a cryptocurrency ATM. A traditional fiat currency deposit goes directly into a known party's bank account (controlled by a financial institution) or even into your own account. However, in this fraud, the cryptocurrency ATM deposit goes into an anonymous or un-hosted wallet address controlled by an unknown party. If using a cryptocurrency ATM, the user must only deposit funds into a wallet controlled by the user to avoid becoming a victim.
Preventative Measures
- Invest with reputable exchanges and wallets with a long user history.
- Do not deposit cash in a crypto ATM in exchange for a QR code.
- Do not permanently link cryptocurrency brokerage accounts to traditional bank accounts.
- Do not respond to unsolicited messages about investing in cryptocurrency.
- Enable multi-factor authentication on accounts associated with crypto wallets or exchange platforms.
- Be wary of the personal information you post online, and constantly update your privacy settings on all social media platforms.
- Use strong password management and set up two-factor authentication.
- Understand that there are no get-rich-quick schemes; if it sounds too good to be true, it is.
- Genuine investment companies will never call you, so be extremely cautious with anyone you do not know who calls with an opportunity to increase your wealth.
- Before investing in any type of opportunity, take the time to research and talk to people you trust, such as family, friends, or advisors.
- Never send money to someone you have never met in person, and always seek advice from someone you trust before sending money to someone you recently met or started a relationship with online, especially if the relationship is remote or primarily through text/chat app/phone.
- Be wary of anyone asking you to receive money on their behalf and then later transfer it.
- You cannot win a lottery you have not entered, and legitimate lotteries will never ask for money upfront.
- Do not trust people who promise you can quickly or easily make money in the cryptocurrency markets.
- If you meet someone on a dating site, app, or social media, and they want to show you how to invest in crypto or ask you to send them cryptocurrency, it is a fraud.
- Beware of fraudulent schemes leveraging cryptocurrency ATMs and QR codes to facilitate payment.
- Do not send payment to someone you have only spoken to online, even if you believe you have established a relationship with the individual.
- Do not follow instructions from someone you have never met to scan a QR code and send payment via a physical cryptocurrency ATM.
- Do not respond to a caller claiming to be a representative of a company where you are an account holder and who requests personal information or demands cryptocurrency. Contact the number listed on your card or the entity directly for verification.
- Do not respond to a caller from an unknown telephone number who identifies as a person you know and requests cryptocurrency.
- Practice caution when an entity states they can only accept cryptocurrency and identifies as the government, law enforcement, a legal office, or a utility company. These entities will likely not instruct you to wire funds, send checks, send money overseas, or make deposits into unknown individuals’ accounts.
- Avoid cryptocurrency ATMs advertising anonymity and only requiring a phone number or e-mail. These cryptocurrency ATMs may be non-compliant with US federal regulations and may facilitate money laundering. Instructions to use cryptocurrency ATMs with these specific characteristics are a significant indicator of fraud.
- If you are using a cryptocurrency ATM and the ATM operator calls you to explain that your transactions are consistent with fraud and advises you to stop sending money, you should stop or cancel the transaction.
Cryptocurrency investment tactics to watch out for:
- Promises that you can earn lots of money in a short time and achieve financial freedom. If they promise you'll make a profit, that's a scam. Even if there's a celebrity endorsement or testimonial. Nobody can guarantee a set return, say, double your money. Much less in a short time.
- Having to pay in cryptocurrency for the right to recruit others into a program. If you do, they say, you'll get recruitment rewards paid in cryptocurrency. The more cryptocurrency you pay, the more money they promise you'll make. But these are all fake promises and false guarantees.
- Unsolicited offers from supposed "investment managers." These scammers say they can help you grow your money if you give them the cryptocurrency you've bought. But once you log in to the "investment account" they opened, you'll find that you can't withdraw your money unless you pay fees.
- Unsolicited job offers to help recruit cryptocurrency investors, sell cryptocurrency, mine cryptocurrency, or help with converting cash to bitcoin.
- A promise free of money. They'll promise it in cash or cryptocurrency, but free money promises are always fake.
- Big claims without details or explanations. Smart business people want to understand how their investment works, and where their money is going. And good investment advisors want to share that information.
Other scams to avoid
- Blackmail emails - Scammers will often send emails that say they have embarrassing or compromising photos, videos, or personal information about you. Then, they threaten to make it public unless you pay them in cryptocurrency. Don't do it. This is blackmail and a criminal extortion attempt. Report it to the FBI immediately.
- Social media scams - If you read a tweet, text, email, or get a message on social media that tells you to send cryptocurrency, it's a scam. That's true even if the message came from someone you know, or was posted by a celebrity you follow. Their social media accounts might have been hacked.
'Pig Butchering' Crypto Scam:- The scammer targets a victim on a dating app like Tinder, initiating a romantic relationship that’s exclusively online.
- Through online chats, a level of trust is established.
- Inevitably, the “lover” encourages their target to invest in cryptocurrency, commonly directing them to a fake website or app that is secretly controlled by the scammer.
- After the victim has agreed to invest some money in the phony platform, the lover disappears (along with the money) - never to be seen again.
- Once the victim starts getting skeptical or tries to withdraw their funds, they are often told that they have to pay tax on the gains before funds can be unlocked.
Here are some common elements of a pig butchering scam:
- Dating apps: Pig-butchering attempts are common on dating apps, but they can begin with almost any type of communication, including SMS text messages.
- WhatsApp: In virtually all documented cases of pig butchering, the target is moved fairly quickly into chatting with the scammer via WhatsApp.
- No video: The scammers will come up with all kinds of excuses not to do a video call. But they will always refuse.
- Investment chit-chat: Your contact (eventually) claims to have inside knowledge about the cryptocurrency market and can help you make money.
Here’s how to protect yourself:
- Never send money, trade, or invest based on the advice of someone you have only met online.
- Don’t talk about your current financial status to unknown and untrusted people.
- Don’t provide your banking information, Social Security Number, copies of your identification or passport, or any other sensitive information to anyone online or to a site you do not know is legitimate.
- If an online investment or trading site is promoting unbelievable profits, it is most likely that—unbelievable.
- Be cautious of individuals who claim to have exclusive investment opportunities and urge you to act fast.
Best practice tips to keep you safe when dealing with cryptocurrency exchanges
- Use a new computer for trading and install reliable antivirus software. Apply operating system patches and antivirus definition updates as soon as they are released. Also, back up your data to offline storage sites on a regular basis.
- After you register with an exchange service, use an Authenticator App with only one IP address whitelisted.
- Enable two-factor authentication for logging in.
- Use a VPN (virtual private network) solution for trading and private communications. (This tip is particularly relevant when you’re conducting transactions with a poorly secured public Wi-Fi because a VPN renders man-in-the-middle attacks futile.)
- Refrain from openly mentioning your personal email. Exchange services usually submit notifications to your registered email ID when you purchase or sell cryptocurrency. By compromising your email account, attackers can track your transactions and perhaps gain unauthorized access to your crypto wallets.
- Safeguard your email account by using a strong password containing uppercase and lowercase letters and special characters. Multi-factor authentication will add an extra layer of security to your email. Keep in mind that the overwhelming majority of cryptocurrency-related hacks are accomplished by compromising a user’s email.
- Use your smartphone wisely. It might be a good idea to get a separate mobile phone exclusively for trading. Also, do not conduct transactions from a smartphone with many apps. By hacking one of these apps, cyber crooks could obtain sufficient privileges to access your private data and blackmail you.
- Do not keep your cryptocurrency on exchanges when you aren’t actively trading. You are much better off storing your own digital cash in cold storage.
- Use a tamper-proof hardware wallet for high-frequency trading.
- Bear in mind that a dependable exchange service requires new users to verify their identity and location prior to making a deposit.
- A reputable exchange provides evidence of cryptocurrency kept in cold storage.
- A trustworthy exchange also participates in cryptocurrency-related events, hackathons, and other academic initiatives in this domain.
- Diversify your risks to make sure your trading posture has no single point of failure:
- Consider using more than one exchange service.
- Use decentralized peer-to-peer exchanges.
- Invest in several different cryptocurrencies.
- Stay on top of the markets. Keep track of industry news, examine charts and visit dedicated discussion forums. Familiarize yourself with algorithmic trading. Abstain from trading with more than 30% of your cryptocurrency. Have a plan to convert your coins to fiat money if necessary.
- Follow your intuition to identify red flags. If some big names in the industry quit their jobs, it might speak volumes about the cryptocurrency exchange’s future prospects.
- Steer clear of shady exchanges that ”coincidentally” react to Bitcoin price fluctuations by crashing. When they are back up and running, users might discover that their transactions were completed at a worse rate than they anticipated.
- If it takes the exchange’s customer service operators a long time to respond to helpdesk tickets, that’s a clue suggesting that the service might not be trustworthy.
- In case the exchange engages in high-volume trade campaigns involving altcoins [an alternative to Bitcoins] with a fishy reputation, treat the cryptocurrency exchange with caution. Furthermore, participation in ventures like Initial Coin Offerings may be a sign of a shady exchange. Keep in mind that trading new coins is a slippery slope.
- The cryptocurrency market is full of pseudo-coins and rogue services. Take your time and do your own scrupulous due diligence before trusting an exchange service with your cryptocurrency. Some healthy paranoia is a good thing.