You have probably already been warned. Cryptos are not safe. It easy for a scammer to take them. The bearer of these warnings is right, but that doesn't mean that there is nothing you can do.
Keeping your cryptos safe depends entirely on where you keep them. I will go through the main risks, and what you can do about them.
A major financial risk to you in the crypto space is the wild fluctuations crytpos experience. With all the 1000% increases in value, there are equally as many 1000% decreases. Investment advisors suggest never investing more than you can spare, because the likelyhood that you will lose it all is very high. With over 1400 coins to pick from, how do you pick a solid coin that isn't going to crash? Its virtually impossible.
What can you do to protect yourself? Your only resource is to try to buy into something that has long lasting value, a crypto that will have value long after the original hype has worn off. Do some research, read their website, find a social media group that discusses it (facebook/reddit etc). First eliminate it as a scam, then think about if it is a service that you can imagine using yourself, or the someone else would use. Of course, this research still doesn't protect you, but it tips the odds slightly in your favour.
So you are ready with your spare money, and you want to pick a solid coin to invest in. That leads to the next risk...picking the right coin. You first need to understand that this industry is virtually unregulated, and is the first industry of its kind that crosses international borders with ease. Regulators are still playing catchup trying to figure out how to provide protections to both country and to citizens. This non-regulated space has bought out the best and the worst of mankind. The best are using the opportunity to shape our future and are using their freedom to reshape some of our current restrictions. The worst are using this as an opportunity to relieve you of your money, any way they can, because they can.
One way they relieve you of your money is by creating a scam coin. These come in several different formats: the Ponzi Scheme; the Ghost Coin; the Honest Scam.
There are a number of sites that collate data on the revealed scam coins, such as ScamBitCoin or BadBitCoin. These are useful ways to check for scam coins before you buy.
Buying and Selling
Exchanges are a vital part of the crypto community, but their existence brings with it an inherent risk because you are trusting your cryptos to someone else. It is easy to think of an exchange as a bank, because they use similar terminology, and they have similar functions. But unlike a bank, they are poorly or unregulated in most countries, and an exchange makes no guarantee that your coins will be safe with them. Exchanges have a bad reputation of struggling to employ enough people fast enough to cope with the huge increases in traffic on their exchange. In any new industry, many, many mistakes get made by:
* the many inexperienced users that enter the space
* crypto code bases that are not fully tested
* inexperienced or overloaded exchange staff.
This combination leads to enormous frustrations from all parties, and regularly results in lost coins or very delayed transfers (usually when transferring coins from one place to another).
In the worst case scenario, the exchange itself can fail, or be a scam exchange. The most famous example of this is Mt. Gox, with some speculation that fraud was involved.
But it doesn't stop there. If you keep your coins on an exchange, you are at risk of a hacker figuring our your username and password, and simply logging in with you credentials and transferring your coins out. However, most exchanges will allow you to have 2-factor-authentication, although these are normally optional. You should consider them mandatory, as it one of your few protections from thieves.
In New Zealand, you are afforded some protection if the exchange is registered with the New Zealand Financial Service Provider Register. By registering the directors and senior managers are checked for recent criminal convictions or insolvencies, and no convictions at all for money-laundering or terrorist financing. In addition, the nature of the
services they provide is available on the FSPR.
Brokers seem to attract less security risks than an exchange, most likely because they rely on repeat business to earn their commission, so if a transaction goes wrong, the customer is less likely to trust that broker again. The broker also does not keep your coins in their wallet on your behalf, you must maintain your own wallet, so you have better control over your coins. You will notice in our article Exchanges and Brokers in New Zealand you will notice that Brokers tend not to be registered with the New Zealand Financial Service Provider Register. This might not necessarily be a drawback, as brokers can more closely be considered to be like a reseller, rather than an adviser, or keeper of your assets. The price for this extra security, however, is higher fees on your transactions.
Sites like LocalBitcoins also rely heavily on trader trust, so your security is slightly higher here too. Traders have very detailed feedback and trust scores, so a buyer can easily gauge how trustworthy a seller is before commencing with the trade.
This, in my opinion is the most clever way to steal your coins. Why do anything, when you victim can do all the work for you? Pick a domain name very similar to a well known safe wallet, load the site up with the fake wallet that immediately funnels the coins into your own wallet, advertise it on google adwords, and wait for your prey. With this system, when your victim googles for the known wallet, and both options will appear. There is a good chance many victims will choose your link. This is also happening with apps in the Apple App store and the Google Play Store. So, how do you protect yourself? Do your research. Make sure the wallet link comes from the approved crypto's own site. Check, and double check. Make sure the wallet is officially endorsed by the community behind the coin. If you are unsure, check again.
Cloud Mining is a scheme where you are offered the chance to mine crypto currency without the outlay of hardware. You just pay them, and they will mine on your behalf. There is a lot of discussion about this style of mining, which I won't get into here, but almost all cloud mining sites to date have been found to be fraudulent, ponzi schemes. The most famous of these sites, which is still in production, Genesis Mining, has been in operation since 2015, appears to be legitimate, but many reviews report that it is not profitable until thousands of dollars are invested. On the whole, however, these sites are almost impossible to tell if they are legitimate, so my advice it to stay away.
Safety on the Internet
The Internet is by its nature a dangerous place for your computer, with all variety of malware lurking everywhere and hackers waiting to hold you to ransom for your data. This becomes infinity worse if you become involved with cryptocurrency. You have inadvertently given yourself a target on your back. Hackers are waiting for you.
One trick that is becoming increasingly common, is for sites to use your CPU for mining. If you go to a site, then find your computer starts going really slow, then this might be the case. This is especially true for Crypto self help sites and blogs (yes, like this one!). You are new and vulnerable, so your are a perfect target. An example of this is mycrypto.guide.
Annoyingly, the site is actually helpful, with great tips for beginners. But notice the ESET EndPoint Security warning? This is my Antivirus protecting me from the mining code embedded in the website. If your antivirus also pops up, then rest assured your antivirus is doing its job, and you have entered a dodgy site. If your antivirus doesn't pop up, then check the code for yourself. Right-Click anywhere on a webpage and select View Page Source. Warning! If you are not familiar with code, this screen can be a little intimidating. However, all you need to do is do a word find (Ctrl+F) and look for ".start" (with the dot in the front). Even for a beginner, its pretty obvious what that code does. Although the code won't necessarily mention a "miner", the ".start" command is telling you that something is running, and if it is paired with a wallet address (for example "B45f3455fvcfck994854rDKDNmco904") then you are definitely looking at a miner.
If you find this code, then stay away. The good news is, that when you leave the page, the mining stops.
Another way thieves can steal your coins are with keyloggers. This is malware that keeps track of the keys you type into your keyboard. Usernames and passwords are very easy to steal this way, but a good antivirus will keep them out. But you can protect yourself.
Firstly, don't mention your holding on the internet, anywhere. Not via email, not on your facebook page, not anywhere. Word of your crypto riches will quickly spread, and sooner or later, to the wrong person.
Secondly, get decent antivirus software. Use this rule of thumb, if its free, its rubbish (and probably malware itself). Buy some decent antivirus protection. Read some reviews, see what gets a good rating. Ask your local IT company and find out what they sell - it is in their best interests to recommend quality software to their clients. Then buy it, and install it.
Lastly, RENEW YOUR ANTIVIRUS! Most antivirus software must be renewed monthly or annually. Purchasing the antivirus in the first place is only the first step. If you fail to renew, your antivirus will continue to run (for most of them) but it will not update, so it won't catch any new threats. Considering there is a new threat created every 4.2 seconds, then you are taking a huge risk.
Social Media can be a great resource for newcomers to cryptos, and I highly recommend joining some groups that support the crypto(s) that you support. However, these groups are vulnerable to FUD (Fear, Uncertainty and Doubt) . Sometimes the discussion will be about how exciting Bitcoin is, sometimes its about a great new ICOs. Or it focuses on how cryptos are a bubble about the burst, or state-level bans, or how some big-wig thinks cryptos are a waste of money. This kind of talk can easily be overwhelming, and lead you to make choices that you might not have otherwise chosen to. This kind of thing is often intentional, started and fed by those who seek to manipulate the market. You best protection from this is to understand that this happen, regularly, and try not to be influenced by it.
Friends & Family
Keep your holdings to yourself. Even if your friends and family are 100% trustworthy, if they mention to a friend that you are doing well, and that friend mentions to a friend that you have something worth a lot, then you are asking for trouble. Finding the details of a friend of a friend is surprisingly easy with social media.
This article does not outline all the risks you take when joining this community, just some of the more common ones. Be aware that risk is around every corner, and be careful. Good Luck!