Cryptocurrency has been experiencing a major increase recently and is starting to make investors a sizable return. If you want to make money yourself, the premise is rather simple. You invest in a particular cryptocurrency or trade among several alt-coins you feel might rise in value and hold until the value increases. Easy enough.
But, there are many people who have woken up to find that their investment has suddenly vanished or is completely out of their control. Amazingly, this happens more often then one would be comfortable thinking about.
With a new medium of exchange comes a new set of rules, and in this post, I am going to go through three dumb ways you can lose you cryptocurrency investment and how you can prevent it.
Losing Your Password and Your Backups
This is a lesson I personally had to learn the hard way because, like a dumbass, I tried to make up my own solution to hold my cryptocurrency and I lost dearly.
In early 2016, I invested in Bitcoin (about $100 worth) and decided to manage my own wallet. Being the smart guy that I was, I created a two part, alpha-numeric super password to hold my newly acquired BTC.
I opened my wallet, created my new address, entered my password twice and inserted my whole BTC payment into the address. I went to sleep feeling confidently. The next day, I opened my computer and wanted to test send some BTC just to make sure I had access to my account.
I put in my password and…. Access denied.
I tried it again…. Access denied.
I tried it again and again… the wallet wouldn’t unlock.
After one nigh I had lost my password and couldn’t get my Bitcoin. If this were a bank or a social media account, no problem, just go to your account and reset your password.
But that’s not how cryptocurrency wallets work. There is one password you have to unlock your address. If you forget that password and don’t backup your passphrase or private key, its gone. You have to find that password through brute force to reacquire your account.
I have yet to brute force my password and never backed-up my wallet, so as the price of BTC skyrockets, I get to sit back and watch helplessly.
How to Avoid this Problem
After this loss, I re-evaluated how I managed my security and found a method that works. Here is what I recommend for those wanting to create new private wallet address.
- On a clean computer (ie recently scanned, no malware), create a new address in your wallet.
- Create a new password and write it down before using it (a password keeper is ideal for this, but notepad works for temporary storage).
- Use that password as the password for your new wallet by copying and pasting it.
- If given a passphrase (6, 12 or 24 word phrase after creating your wallet), save that as well. This passphrase is as good as your wallet and will allow you (or anyone else) to recover your cryptocurrency.
- Send your wallet a trivial amount of cryptocurrency and then send it back to your original address. This confirms that the password you used before actually unlocks your wallet.
I found this method to be effective at creating and maintaining wallets for small amounts of funds on my personal device. However, there are larger threats at play, which is why additional measures are need. This leads to our next problem…
I personally would not have believed that this would be a common occurrence, but it very much is. Here is one user’s story about their Ethereum Parity account being hacked:
Yesterday I was playing around with my parity node on the testnet, when I realized that suddenly a transaction withdrew 8 testnet ether. I quickly checked my main wallet and it was drained (fortunately only lost a very small amount).
What worries me most is that I have no clue how they got in.
Another user recently was discussing their time investing in cryptocurrencies and told this troubling story:
I once got “hacked” and lost 5,000 ETH and 10,000 LTC by having an image of my ETH and LCT wallets on my desktop as a PNG file. I must have had a remote thing and they got everything. It was really fucked up. I contacted the police but did not file a report, I learned that I am a total fucking idiot (my wife has literally been telling me that week to take our money out of bitcoin).
In both of these cases, the users were not doing anything overtly wrong with their security, they just happened to visit the wrong site, got a malware looking for private keys and passwords and lost everything.
Because of this, even having a great security system on your internet connected device has major vulnerabilities. If you have a significant amount of cryptocurrency on your computer, then you are susceptible to this problem.
How to Avoid This Problem
The answer to this problem is very simple. While it’s not free, it is one of the most secure ways to store your cryptocurrency, removing all threats from hacking.
There is a method of storing wallets called ‘cold storage’, where you keep a copy of your address in a paper form or on a flash drive, completely disconnected from the internet. A few enterprising companies took this concept a step further and created what is known as the hardware wallet.
A hardware wallet is a device that has the ability to create cryptocurrency addresses, hold private keys and send transactions without ever exposing it’s private keys. Unlike computer wallets, which runs the risk of being infected with malware, the passphrase for your hardware wallet is inputted on the wallet itself through manual button pushes. This is far less prone to hacking and malicious attacks.
For any major cryptocurrency investment, this is the most practical way to carry your investment. The computer wallets works for small transactions on a day to day basis. But for the majority of your investment, keeping it in a hardware wallet is the safest choice.
Investing in Pump and Dump Cryptocurrencies or Outright Scams
You’re probably familar with some of the big cryptocurrencies, like BTC and ETH. You may have even heard about some cryptocurrencies like LTC, DASH or even XLM. But did you know that there are thousands of cryptocurrencies out there?
You can see a relatively comprehensive list here.
Many more cryptocurrencies are being introduced via ICOs and other methods. If you’re an ambitious trader, you might like what you see in BTC or ETH, but want to make more… and in order to do that, you’ll want to get in on the ground floor and try to find the next big cryptocurrency.
If you go to Poloniex, there will be about 100 cryptocurrencies. You can go there and trade cryptocurrencies with very small market caps. You might even get the idea that one of these smaller cryptocurrencies could be worth an investment. So you find one some tells you is going to rise and you invest a little.
Then the price jumps. So you buy more.
Then it jumps again, so you investment even more.
The next thing you know, the price is skyrocketing, jumping to the top of the trading board, and you’ve just increased your investment by 500%. This might be the next BTC!
Until the price stagnates, then falls a bit, then falls a lot. You’re not quite ready to sell, but you can see that your earnings are dwindling. After a couple of days, your entire return has vanished and you’re left with a useless cryptocurrency.
This is known as a pump and dump and it happens often. People will get purchase a sizable portion of a cryptocurrency in order to raise the price quickly. Then after other people have invested in it, they sell at the highest point and collect a quick profit.
Even if trading isn’t your thing, you can still get suckered into a bad cryptocurrency through another vehicle: Initial Coin Offerings (or ICOs). ICOs are a way for blockchain companies and non-profits to raise funds for their blockchain ahead of their launch. Considering the lack of regulation and FOMO (Fear of Missing Out) from new investors, Scam artists have taken to conning people out of millions of dollars worth of BTC and ETH through this mechanism.
How to Avoid This Problem
The answer to this problem is more of a mental challenge than a technical one. You cannot be tricked into a scam if you aren’t greedy or desperate.
The reason why so many of these schemes work is because people don’t want to miss out on the next big thing, so they invest in something that is unusually risky.
Instead, focus on what you know and are personally willing to get involved with. I made a rule not to invest in ICO’s, because the chance of me finding a great blockchain early was outweighted 10/1 to finding a dud or worse, a scam. I also do a lot of research on the companies, founders and mission of the blockchains I’m interested in and only invest after I’m completely bought in.
Your rules can and should be different, you have different goals. But ultimately, the Fear of Missing Out should not be your reason for losing your investment.
I also believe strongly in understanding the underlying technology that makes blockchain possible to better evaluate new opportunities. If you sign-up for my newsletter, I will send you a list of the three best books to read to get up to speed on blockchain fast. You can then apply that knowledge to the dizzing array of blockchains that exist out there to find an opportunity worth investing in.