Investing in crypto-assets can be rather straightforward, and as accessible as downloading a mobile app. Over the years, access to crypto coins and tokens has expanded, and acquiring bitcoin is no longer the esoteric journey to niche parts of the Internet. In most cases, acquiring crypto assets is also fully legal and transparent, breaking away with anonymity.
But investing in crypto assets is by no means foolproof, and legislation has only scratched the surface on crypto activity. Because it is relatively accessible and easy to build blockchain projects, by simply copying and tweaking older code, the potential for new types of scams or pitfalls is always present. However, most of the potential sources of loss are rather predictable, and a well-informed crypto user can circumnavigate the worst underwater reefs of crypto.
We’ve looked at the top bad practices and risks when investing in crypto assets, outlining the need for special attention to both good habits in using wallets, and to noticing the red flags when it comes to third parties.
1. Private Key Loss
Perhaps the biggest mistake in a potentially lucrative investment, to be totally locked out of accessing those assets. While a cryptocurrency wallet looks like a straightforward app, it is also quite unforgiving about passwords. A wallet is specifically designed not to divulge its private keys easily, or it would defeat its own purpose. So unless a user has arranged some form of backup, wallets never offer recovery.
In the early days of BTC, private key loss and locking up coins was an honest mistake that happened often. Wallets relied on a file stored on a computer, and the loss or corruption of data led to losing the coins. Because BTC was an experimental asset, or its price was relatively low, early adopters were less careful about preserving their coins, passwords or other authentication data.
Later wallet versions used a seed phrase and could display the private key to an authorized user. Usually, the best approach is to safely store a paper copy of the seed phrase. To further diminish risk, it is possible to generate several wallets, and never store a significant balance in one single wallet. The aim of BTC is to make every user "their own bank" but that task comes with the added layer of responsibility.
Hardware wallets are another tool where care should be taken to avoid password, PIN or seed phrase loss. A feature on PIN entry for hardware wallets extends the lag time after each attempt, making it easy to lock oneself out of a wallet. One cautionary tale of a notorious user tracks the disaster that may follow after getting locked out of a hardware wallet.
2. Unauthorized Exchanges
Investing in crypto assets means seeking out opportunities to trade profitably, or exchange the coins for fiat if needed. Usually, to trade on an exchange, a user will need to deposit the coins. This is a simple transfer from a personal wallet to the exchange's own address, where funds from all users are pooled.
Because of heightened interest in trading, exchanges soon found themselves sitting on significant stashes of BTC, and in later years, other valuable coins. In the early years of trading, the first significant loss after the closing of the Mt. Gox exchange in Tokyo led to market-wide panic, and a deep crash of BTC prices. Thousands of users lost thousands of coins, at a time when BTC traded between $1,300 and $1,000. But even with price fluctuations, the loss of Mt. Gox meant early investors could only watch as BTC climbed to prices near $20,000, while knowing their coins were held in custody.
Mt. Gox, however, was not the only risky exchange. In the years since 2016, multiple exchange hacks started happening. Bitfinex was a notable example, losing nearly 120,000 BTC. As crypto prices grew, so did attacks against market operators. Binance, with its relatively robust security, paid out 7,000 BTC to an unauthorized hacker.
One of the biggest mistakes in crypto investment is to keep the bulk of one’s holdings on an exchange. Even without theft, there is the risk of exit scams, as in the case of BTC-E. Even more notoriously, the Canadian exchange QuadrigaCX took away all assets deposited. Instead of keeping the available coins in secure custody, it is suspected the exchange’s founders performed risky trades with the funds of users. Needless to say, those that deposited coins never saw them again.
Over the years, a multitude of exchanges simply disappeared. Investing in altcoins meant some coins could only be traded through relatively small exchanges. In the case of RAI Blocks, also known as NANO, the BitGrain exchange was exclusively used to store and trade the coin. The reason for this was that NANO had not perfected its wallet technology, and most users trusted BitGrail with their coins. It turned out the exchange managed to lose 17 million NANO, worth as much as $170 million back in 2018.
The Cryptopia exchange, another hub for trading various less popular coins and tokens, also went down, starting a lengthy and nearly futile task of returning coins to their owners. Cryptopia suddenly lost almost all its ETH coins to a hacker, as well as multiple token wallets.
The best approach to avoiding loss is to stick to the best-established exchanges, and not entrust all of one's holdings. If an exchange carries niche coins, make sure you can afford the loss before buying the assets. An unauthorized exchange can disable withdrawals at any one time, so to be sure you have access to your coins, you can keep most of them in a wallet where you control the private keys.
While some exchanges are risky, others are simply storefronts for outright theft. New exchanges, especially those sporting high volumes after just days of work, are suspect. Research an exchange thoroughly before sending any coins for trading.
3. Faulty Addresses and Loss
Every time a user operates with crypto coins, there is a chance for error, which in most cases cannot be repaired. Unfortunately, crypto addresses are not intuitive and are easily mistaken.
There are several main mistakes in address errors. One of the common misdirections is confusing forks of Bitcoin for the actual BTC coin. Sending BTC to a < href="/coins/bitcoin_cash/">Bitcoin Cash (BCH) address locks up the coins, and vice versa. The best approach is to send a small amount of BTC to the intended address, to be certain the coins would arrive. Sometimes, brand-new addresses also need a small initial transaction before being used for larger transfers.
BTC ownership must take into account the numerous coins that were forked from the main chain, bearing similar names. The most avid competitors are BCH and Bitcoin SV (BSV). Both can confuse new investors, by making claims they are "the real bitcoin". However, BSV and BCH have a very different liquidity and risk profile, and while offering returns, they should not be mistaken for the first legacy crypto coin in the world.
The other common error is to mistake Ethereum network addresses with the address of smart contracts. A smart contract does not work like a wallet, and essentially the coins sent to that type of address are lost with no chance of recovery. To be sure you have the right Ethereum network address, use the Etherscan feature, to verify the final destination of funds.
Finally, it is a good habit to check the first four and last four digits of the intended address. This also prevents clipboard hijacking, where a malicious address may be inserted. The first and last four digits are sufficient to ensure there is no address coincidence.
4. Malicious Wallet Software
Wallets can hold unwanted surprises. For most coins, especially the older ones, the wallets are well-known, and most users see no troubles using them. However, it is possible to download or be redirected to a malicious wallet.
A classic scam that lasted for more than a year was the attempt to steal MyEtherWallet private keys. Because the wallet is web-based, a scam site with a slightly altered address (such as MyEtherWa11et) called for private key inputs, or for uploading a keystone file. Similar web-based wallets for coins like NEO or NEM also saw similar attempts at spoofing.
But malicious wallets also stem from clones of the Electrum wallet, especially if distributed through GitHub. One notorious case affected the Bitcoin Gold wallet, uploaded on the project’s repository page. At that time, the project attracted voluntary contributors from all over the world, not stopping to vet or check their identities. One of the contributors, with rights to publish on the GitHub repository, managed to inject a malicious wallet, where users deposited BTC to also receive the new Bitcoin Gold forked coin. It turned out the wallet was sending out private keys in a hard to notice connection on the Internet, and soon most users found their coins missing, both BTC and Bitcoin Gold.
Other wallets have been discovered to generate tainted addresses or the same address known to a hacker. The best approach to avoid this type of loss is to use brand-name wallets from authorized download links. For new projects and recently created coins or tokens, wait for a while, or avoid over-investing while the wallets are still not well-proven.
The other pitfall to avoid is rogue wallets uploaded to GooglePlay. Always use the authorized versions, and check for reports for a faked wallet.
Also be aware about online private key generations or seed phrase generators. Randomness generators or other free tools, especially if offered online, can also produce tainted addresses, or communicate the key to a third party. The best approach is to use an offline machine for the generation of the private key.
Acquiring a hardware wallet, such as Trezor, KeepKey, or Ledger Nano, maybe a solution for a safe, long-term offline storage. The best approach is to make sure you buy the device from an official store, and that there are no signs of tampering. Preventing the physical loss of the device is important, as well as making sure the device cannot be opened and tampered with.
5. Faked Coins and Tokens
Not all assets carrying the BTC ticker are actual bitcoin. During the boom of altcoins in 2017, a new type of project appeared - the platform coin. Platform coins could generate tokens, and also perform simple exchanges. Because of heightened interest in BTC trades, platforms like WAVES, Komodo, and Next started offering the tools to emulate coins and tokens. Almost immediately, tickers appeared that spoofed real BTC, ETH and other leading assets.
However, tokenization is still possible. The ascent of decentralized finance created assets like Wrapped BTC (WBTC) or other forms of tokenized bitcoin. A new user must be careful to differentiate between the tokenized asset and real BTC. In theory, the tokenized BTC can be redeemed, but decentralized finance (DeFi) projects are still new, and there may be unexpected events such as liquidations of the collateral. The best approach is to use authorized exchanges, making sure they carry the right type of asset.
Decentralized exchanges are one of the hotspots for potentially faked assets. Decentralized exchanges are simply software that runs on the Ethereum blockchain, allowing for trades to happen through an algorithm, even avoiding order books. Those exchanges offer a ticker and a price, but there is no central verification of the underlying asset.
During the DeFi frenzy, the Uniswap exchange saw problems with faked or copied tokens. The best approach is to avoid decentralized trading, unless absolutely certain of how those exchanges work. Social media may be a good source of warnings about faked tokens, so make sure you check the discussions around a project.
As altcoins and tokens become too numerous, not all can find a place on curated centralized exchanges. For that reason, automated protocols may replace the usual approach of order books and an order matching engine. To avoid losses, it is best to explore how a coin or token will gain liquidity, and who may be interested in trading the asset. Listings on decentralized exchanges mean a coin will not be stagnant, but price moves may become very risky and erratic as trading moves on to new and potentially hotter assets.
6. Trading on Hype and Picking Hot Altcoins
No doubt, smaller assets hold the potential for higher returns. New, hot coins have been known to appreciate as much as 10,000 times from their initial trading price. As a strike of luck, a single altcoin could achieve significant returns.
However, falling for the hype may be one of the worst mistakes in crypto investments. While some altcoins are solid and safe, some projects have been created with the aim of separating investors from their money. Projects like Centra (CTR) promised a lot, and the asset even went on to trade as high as $4, appreciating by 400% in a few weeks. CTR then went on to crash to one penny within days after its founders attempted to pull an exit scam and leave the USA.
Hype for altcoins moved into the DeFi space, where new tokens appear almost every day. Those assets depend on hype for their price appreciation, but for some projects, the hype lasts for a very short time, only days in some cases. Investing in a hot new DeFi token, even if it is liquid at the moment, may mean a total loss as traders shift liquidity to yet another new asset. At this warp speed, the strategy of holding does not work, and following the hype without being prepared to sell at some point may lead to deep losses.
The other risk for trading altcoins is to deliberately expect pumps. For many assets, a pump is the chief tool to achieve returns. The problem is that insiders have already started selling, so it may not be possible to have the orders filled on time. Price crashes for pumped coins are deep and steep, happening within hours.
DeFi projects boomed in the summer of 2020, and became another example on how value can shift very fast in the world of cryptocurrencies. Often dubbed "fast food coins", those projects carried the names of street food - Tendies, Sushi, HotDog, Yams. The hype surrounding the coins meant that each new asset would be popular for at least a few days. In the case of HotDog, the initial hype lifted the asset to $4,000, only to fall to $1 in minutes. The liquidity of DeFi projects can thus boost prices, but also move away just as fast.
7. Cloud Mining Schemes
Cloud mining schemes crop up as tools to achieve passive income in crypto assets. To achieve passive returns, cloud mining contracts require a time commitment and a significant upfront investment. However, the promised passive income may never materialize, as mining is not a guarantee of profitability.
During the length of a mining contract, which may run as long as two years, there are risks that mining becomes too competitive. In this event, the cloud miner cannot gains enough block rewards and is being displaced by more powerful mining farms. The other risk is asset price fluctuation, which may require additional efforts to achieve returns. Over the course of two years, any BTC mined could have contracted and recovered multiple times.
Cloud mining is also often used as a decoy for other types of schemes. The most usual way to achieve gains is not the mining itself, but a multi-tiered referral program. The risk is even higher if the investment is tied to buying yet another token to gain returns from mining. For most assets, mining is almost a zero-sum game, and for a solo investor may hold significant risks.
The other risk of cloud mining is projects which block the withdrawal of rewards, which may cut into earnings. For some users, the mining activity never really manages to produce enough coins to withdraw and sell on an exchange, thus making the investment a total loss.
8. Coin Multiplier Scams
The classic coin multiplier scam may use a gamified website to offer a high return in exchange for depositing valuable crypto coins. Initially, a user would send a small amount of BTC and have it returned with a 100% gain. But when sending a larger sum, the coins never returned to their wallet.
The other form of scams is distributed through social media. The most pervasive form is on Twitter response threads, usually impersonating leading figures in crypto, such as Vitalik Buterin, the founder of Ethereum, or Changpeng Zhao, co-founder of the Binance exchange. The fake handles demand a small amount of ETH, promising to return a higher sum. Some of those scams actually manage to swindle users of some of their crypto coins.
Overall, whenever sending out BTC or other coins to a third-party wallet, there is the potential for a loss. The coin multiplier scams are simply the most direct and blatant form.
9. Risking Too Much with Leverage
Trading looks like one of the most promising activities, especially for the chance of quick, significant returns. However, leveraged trading for beginners may lead to deep losses. Most exchanges offer leverage for BTC trading, as it is the most liquid coin. Only a handful of altcoins have leveraged trading, and those are even riskier and more unpredictable.
Leveraged trading on Bitmex is one of the most active BTC markets. However, extreme volatility on BTC spot markets means any positions taken on BitMex could be liquidated fast. The best approach is to avoid betting on the direction BTC will take, as wild price swings are possible. Moreover, BTC trading is established by bot-driven orders. It is possible to glean the information on short or long positions, then pressuring the BTC price to lead to liquidations. Only in hindsight, new traders understand how fast BTC can move in comparison to traditional markets.
For that reason, trading CFDs, a derivative instrument, is also highly risky. Binary options, or another form of betting on a BTC price direction, are also one of the riskier investment tools. Entering that market without awareness of price volatility is one of the biggest mistakes in the crypto world.
If risky trading is understood, it may be suitable as a source of returns. But for anyone wishing to pick up coins as an alternative investment, the best approach is to buy real BTC or other assets, and keep them as securely as possible in a self-owned wallet.
Resources to Avoid Fraud or Scams
The best approach to verifying crypto opportunities is to look for previous scams. A list of previous or potentially ongoing problematic projects was compiled by CryptoChainUni.
An over-zealous list of coins and past projects, with a very skeptical slant, can be found at DeadCoins.
Another risky crypto site list has also been compiled by the Belgian Financial Services and Markets Authority.
The best approach to crypto investment is to avoid investing sums you cannot afford to lose in whole or in part. Risk exposure to digital assets is an alternative to traditional investments, with more lenient regulations, allowing for more bad actors or dishonest activities. Crypto assets are available worldwide, and ownership and trading may pose risks, or be outright banned in certain jurisdictions.