Crypto Decoded

Is It Safe to Invest in Crypto? How to Protect Against Hackers, Scammers

One of the biggest misconceptions is that cryptocurrency transactions are anonymous and untraceable

NBCUniversal Media, LLC

Is it safe to invest in cryptocurrency? That one question leaves many potential crypto investors apprehensive.

Because cryptocurrencies are relatively new and still evolving, hackers and scammers are eagerly waiting for chances to exploit vulnerabilities in blockchains or codes.

Whatever human beings are making, other human beings are making ways to hack them," said Ray Aria, University of Central Florida computer science professor. "So it's an arms race. You build a better solution. There are better hackers coming up with better hacked ways to hack them.”

In 2021, there were more than 20 hacks where at least $10 million in digital assets were stolen from a crypto exchange or project. In at least six of those cases, hackers swiped more than $100 million, according to data compiled by NBC News

In fact, scammers took home more than $14 billion in 2021, a 79 percent increase from 2020, according to Chainalysis, a blockchain analytics firm .

That may seem like an extraordinary rise in crime, but of the $15.8 trillion in total crypto trading volume in 2021, transactions involving crime represented about 0.15 percent.

Is it safe to invest in cryptocurrency?

One of the biggest misconceptions is that cryptocurrency transactions are anonymous and untraceable.

“What cryptocurrency allows for is a really strong recourse in the case that you are a victim of a crime because of the fact that all the transactions that have ever taken place are publicly available forever on the blockchain,” Kim Grauer, Director of Research at Chainalysis said. “So if you're a victim of a scam, you'll be able to see where your funds went.”

Cryptocurrency can be vulnerable at three different levels – the blockchain or network levels, exchange levels, and individual levels. 

“Right now, there are only two ways to break the crypto network,” Aria said. “Either you have to break the protocol or you have to hack 50 percent of the computers on the network plus one. Both of them seem to be very difficult to do.”

Exchanges that work on those blockchains are more vulnerable because the code they use to program their exchanges are usually open source and hackers can exploit any vulnerabilities.

In one of the largest and latest hacks, crypto trading platform Bitmart announced hackers stole almost $200 million last December. As a result, the company froze all customer transactions for three days before it re-opened trading on its platform.

To help crackdown on these types of vulnerabilities, there are third-party firms that perform code audits for exchanges and publicly designate which protocols are secure.

“It's like reading the terms of service for a business that you're signing up for,” Grauer said. “So having these third party, kind of trusted services perform this is meant to give you a sense of okay someone else has looked at this. I can potentially trust this third-party actor.”

While these actions can help customers feel more confident looking for platforms to buy or sell crypto from, they are not infallible.

“Something like close to half of all exploits that had undergone a code audit had experienced some sort of code vulnerability, Grauer said. "So, basically the bottom line is that it's not a foolproof method."

Regular code audits from trusted firms and having code changes publicly available are some of the ways platforms are working to strengthen themselves against such attacks.

What are the most common crypto scams?

Individuals are the most vulnerable of all against hacks and scams. Losses from scams alone totaled $7.8 billion in 2021.

There are many ways people have been scammed out of their cryptocurrencies,  including phishing, romance scams, social engineering, SIM swapping, ransomware, cryptojacking, and more.

“It's actually creativity on display here,” Grauer said.

The most common way individuals have their crypto stolen are through investment and business opportunity scams, especially through social media.  However, there are ways to spot them so you do not become a victim.

“It's all about looking at the claims,” Cristina Miranda, a consumer information specialist with the U.S Federal Trade Commission said. “Are they using celebrities to sell it or are they claiming that you're going to make a big profit or a big return in a short amount of time? Is there something guaranteed? Are there promises of free money? Are there lots of big claims, but they don't drill down into what those details and explanations are? Those are all signs of a scam, no matter how you present it.”

How to protect crypto against hacks and scams

The best way to protect yourself and your wallet against hackers is to make sure you are using strong passwords, two-factor authentication, and always keep your operating system updated to the latest version.

Always have firewalls up and running,” Aria said. "Always have IDS or Intrusion Detection Systems on your system to make sure that you are safe and secure personally.”

Because of the novelty of crypto and the amount of assets being stolen, crypto hacks are on the news a lot but that does not mean that these types of hacks are not occurring in the centralized banking system, sometimes referred to as fiat money.

“Everyone's bank is constantly under threat from bad actors,” Grauer said. “Your bank accounts, financial services, any place where you have a username and password is under threat and it really underlines the importance of good cybersecurity hygiene by all actors, in all circumstances. Period.”

What can I do if I am hacked or scammed?

It may feel hopeless if you have been the victim of a scam or hack but it’s important to file a claim. 

A lot of government agencies have ramped up their crypto crime enforcement teams because of the sheer volume of growth in the sector, including local police, and several federal government agencies including, the Federal Bureau of Investigation's Internet Crime Complaint Center(IC3), the U.S Federal Trade Commission, the Internal Revenue Service and the newly formed National Cryptocurrency Enforcement Team (NCET) at the Department of Justice. 

Recently, the DOJ arrested two people for alleged conspiracy to launder $4.5 billion after a 2016 hack of the Bitfinex exchange. The DOJ seized $3.6 billion in stolen cryptocurrency.

“Every single kind of type of criminal activity has had a major law enforcement win,” Grauer said. “But you need to move beyond just the one person in the basement studying cryptocurrency.”

Most of those agencies admit they may not reach out to all individuals about their complaints, but do investigate the cases.

“While we do not respond directly to each and every scam report,” Miranda said. "We do have investigators and law enforcement behind the scenes reading these reports so that they can discover patterns of companies or individuals and build a case from there so that we can go after them and maybe get back some money if we're lucky.” 

Contact Us