If you’ve been in the cryptocurrency space for some time already and if you’re active on bitcoin or crypto-related communities, posts about people complaining about their cryptocurrency investments getting lost or stolen shouldn’t really be new to you.
While securing your funds and backing up your private keys properly is a vital part of investing in bitcoin or cryptocurrencies in general, this is often overlooked or simply ignored by most people. For your educational purposes, here are a few reasons on how most people lose their bitcoin/crypto.
1. Viruses & Bad Private Key Storage
Leaving your private keys exposed means hackers can easily steal your private keys and your funds. Saving your recovery seed on a text file or a word file on your personal computer or on your mobile phone’s notes app is a really bad move, as there are a certain type of malware that are specifically made to scan people’s files and look for their 12-24 word seed. Regardless of how secure your devices are or even if you’re using the most secure hardware wallet in the market; saving your recovery seed digitally is almost always a bad idea, unless you’re quite experienced with computers and you really know how to prepare an air gapped device.
Storing your private keys in a safe manner is pretty easy. Store them offline, whereas hackers can’t reach them through the internet. If you can’t afford a Cryptosteel, simply write your recovery seed down on a piece of paper, then leave it on a fire-proof safe.
2. Losing the Recovery Seed
A recovery seed is a set of 12-24 words that is used to get access to your bitcoin or cryptocurrency wallet if you ever lose your laptop/phone or accidentally uninstall your wallet app. To put it simply, if you lost access to your device without backing up your recovery seed, then your cryptocurrency holdings are pretty much lost forever.
If you’re planning on storing your bitcoin or cryptocurrencies long term, backing up your recovery seed safely and accurately is heavily recommended. Back them up as soon as possible to prevent future problems when something unfortunate happens to your device. Don’t be a victim of the “I can do it later” excuse. Again, store your recovery seed non-digitally. On a piece of paper or a CryptoSteel.
3. Leaving Funds on Exchanges
Exchange accounts and exchanges in general are really susceptible to hackers simply due to the pseudo-anonymous nature of most cryptocurrencies. If a certain account or if an exchange itself gets hacked, while you could trace on which addresses the funds are going to, there’s no way for sure to know who the owner of the addresses are. Because of that, hackers can potentially get away without any trace whatsoever.
Another reason is that exchanges hold A LOT of money. The top exchange we have right now, Binance, has traded 23.8 billion dollars worth of crypto, in only one month(October 2018). With banks, if your online banking account gets hacked, you have a chance of getting the funds back by asking for help by simply contacting the bank. With cryptocurrencies though? While you can contact the exchange support to help you re-gain access back to your account, there’s nothing you could do with the stolen funds. All the transactions that take place on the blockchain are FINAL.
If you’re not a trader and you’re holding your cryptocurrencies mainly as an investment, get your funds immediately out of exchanges. Exchanges should be used for one reason, and one reason only: a platform for exchanging cryptocurrencies. Just download and install a decent software wallet or better, purchase a good hardware wallet especially if you’re holding huge amounts of funds.
4. Getting Tricked by Phishing Sites
Phishing is one of the most simplest ways of hacking, yet one of the most effective. Phishing sites are scams sites that are masquerading as your favorite exchange or wallet sites, mostly spread through Google ads or hidden links on private messages. They steal funds by luring victims into logging in to their phishing site with the victims thinking that it’s the legitimate site; then the victim’s login credentials will be sent to the hacker, usually by email. Making the victim’s exchange/wallet account accessible to the hacker.
A very common tactic of hackers spreading their phishing links is sending emails to people, saying that someone else is attempting to login to their exchange account and they should change their password; while including a “Change Password” button on the email that links the victim to the phishing site.
Common signs of a phishing site:
- The site contains a different URL – no matter how similar the URL is to the website you’re planning on using, if it’s not the exact URL then it’s most likely a phishing site. (e.g. colnbase.com instead of coinbase.com)
- The site contains no secure badge
- The site’s layout and overall appearance looks strange/weird; as some phishing sites are unable to copy exactly the original website’s look
Common sites being used for phishing:
Tips to not get phished:
- always do a double or triple check on your browser’s address bar and confirm if you’re actually on the legitimate website
- install an ad blocker on your browser
- don’t do a Google search on the website. Instead, type the URL manually and accurately on your browser’s address bar; or better, save the correct URL as a bookmark
5. Getting Scammed in General
Different kinds of scams have existed since forever, even long before computers were invented.
People are getting scammed both online and offline mostly because of two reasons:
Situation 1: Alice bought 3 bitcoin on Coinbase, and unknowingly sent the funds to a fraudulent wallet she downloaded; due to Alice not doing enough research on which bitcoin wallets are actually secure and reputable. Instead, Alice just did a quick Google search and clicked on the advertised link that ended up being a fraudulent wallet. Resulting in Alice losing her hard-earned money.
Situation 2: Bob knew about the Bitcoin Cash(BCH) hard fork and wanted to collect them to exchange for another cryptocurrency. Instead of doing ample research on how to collect his BCH, Bob simply downloaded a shady program he saw on a certain online forum and entered his recovery seed. Resulting in Bob losing all his bitcoin to the scammer.
When dealing with anything with value in general, whether it’d be in cryptocurrencies or not, it’s always best to do your research to make sure that you’re aware of certain scams or technical problems that could potentially cause you to lose your funds. Especially when planning on using certain services you haven’t heard about.
Situation 1: Alice saw an ad on social media on how investing in this ‘cloud mining’ site can earn her 10% profit every week. Alice thought she finally found a way to pay her student loans in no time. Not knowing that 99% of ‘cloud mining’ sites are actually scams.
Situation 2: Bob was browsing Twitter one day and saw a Tweet that Vitalik Buterin is giving away 50 ETH if you sent him .5 ETH. “Ez money”, Bob claims. Not knowing that it wasn’t actually Vitalik, but a scammer that’s impersonating as Vitalik. “GG”, Bob reacted.
Scams that are claiming to be “cloud mining” contracts or “bitcoin investment” contracts have been around for some time already, and they’re not going anywhere soon. Why? Simply because people are still falling for these scams.
It’s always suggested that people should think and make decisions in a realistic manner. No one online would simply give free money to hundreds of random people in the internet. Also, there’s no such thing as ‘guaranteed profit’ or ‘guaranteed returns’ especially when talking about mining and trading cryptocurrencies.