Five ways crypto can get stolen

Cryptocurrency theft is a growing Problem

In the last two years, investors have lost $12 billion from Decentralized Finance (DeFi) platforms due to theft and fraud. These losses are accelerating too, having increased from around $1.5 billion in 2020 to $10.5 billion in 2021.    

While the unregulated nature of DeFi is what makes it so innovative, it also makes it next to impossible to claim back your losses. There is no bank or government to step in when things go wrong, even if your crypto is held on an exchange or in a hot wallet. This make is more important to be aware of the threats that are out there, and how to protect yourself.

Here are five ways crypto is being stolen:

1. Exchange Hacks

While blockchain itself is almost unhackable due its decentralized nature, cryptocurrency exchanges are vulnerable to attack. If you’re keeping currencies in your exchange account, you may be exposing yourself to risk.  

In 2021, there were over 20 Crypto exchange hacks where thieves stole more than $10 billion worth of cryptocurrencies. In early December 2020, trading platform Bitmart announced they had suffered “a large-scale security breach”. Their losses were estimated at around $196 million - one of the largest amounts on record.

One way to minimize this risk is to store your Crypto assets in an offline hardware wallet – also known as cold storage. Alternatively, you can also use a form of online digital storage known as a hot wallet - but being connected to the internet has both positives and negatives. Hot wallets can be more user-friendly, but they are also more liable to theft. If you do decide to use one, taking out a form of Personal Theft Protection where transactions can be monitored for unauthorized spending is a good idea to make sure your funds stay safe.  
 

2. Exit Scams

An exit scam is when fraudulent cryptocurrency promoters raise money from investors during an Initial Coin Offering (ICO), and then vanish with the money. In November 2021, the Squid Game token sold 70 million tokens at a value of $11.9 million. This left investors with their Squid Game tokens worth almost nothing once the value of the tokens collapsed.  

A related form of scam is the ‘rug pull’, where developers abandon a project and leave with investors’ funds. Blockchain analytics firm Chainalysis suggests that the emergence of rug pulls has contributed towards an 81% increase in the value of cryptocurrency scams between 2020 and 2021.  

As Chainalysis puts it, in 2021 scams were “the largest form of cryptocurrency-based crime by transaction volume, with over $7.7 billion worth of cryptocurrency taken from victims worldwide.”

This is why many beginner Crypto investors steer clear of initial coin offerings and stick to trading in established currencies. If you are tempted to take part in an ICO, make sure to do your research to avoid giving your money to an unreliable source.

3. Phishing Attacks

On Friday 5th November 2021, DeFi platform bZx received a series of notifications about suspicious activity. Upon investigation, the company discovered that a hacker had stolen millions in a variety of currencies from customers and the company’s own team wallet.  

One of the company’s developers had opened an attachment in a phishing email causing the breach. The attachment contained malware which ran a script on his personal computer and compromised his personal mnemonic wallet phrase. The full amount stolen was estimated at over $55 million.  

Never open any emails or attachments you’re not sure are legitimate, or from any email address you don’t recognize.  

4. Password or Private Key Theft

In mid-2017, BBC tech journalist Monty Munford invested in Ethereum. Munford was aware of the risks of holding Crypto in an exchange account, so he opted to store his currency in a wallet. However, in 2018, when he decided to withdraw some of his Ethereum, his wallet was empty.  

“It had been moved to another private key address and there was absolutely nothing I could do about it,” Mumford said in a 2019 article describing his experience. Mumford had stored his private key information in his Gmail account, where a hacker had found it.

“Malware can scan keystroke movements and sniff out a private key – even if, as I had done, you chop it up into separate blocks and store it in different places,” Mumford said.  

To make sure this doesn’t happen to you, it is imperative that your private key is backed up securely. While some people do choose to keep physical copies, if your key is properly encrypted and locked away there is minimal risk storing it online. 
‍

5. Device Hacks

Hacking mobile devices to steal cryptocurrency is another technique used by crypto thieves. In 2019, investment firm Algo Capital lost up to $2 million in bitcoin and ALGO tokens to thieves who had hacked the phone of their Chief Technology Officer.

Hackers are increasingly targeting small Crypto investors via SIM swaps or switching a phone number from one device’s subscriber identity to another.  

Basic precautions such as making sure you have two-factor authentication (2FA) on your device and installing anti-virus software from a reputable provider significantly reduces the likelihood of hackers being able to access your information.

How to keep your crypto safe

This list highlights some of the most common risks to individual crypto investors. The key to staying safe is keeping up to date with these risks so you can take action and be in control of your security.  

Find out how you can protect your crypto from being stolen with Coincover's Personal Theft Protection.