Cryptocurrency is new to many and every year a lot of people lose their crypto funds due to hacks or scams. The global loss is in Billions. So in this post I will try to outline how these funds are usually lost and what users can do to protect their funds.
Generally people try to classify loss of funds as hacks, but hacks and scams are two different things.
There are various ways people lose their funds, let’s understand what these are.
- User provides his/her seed phrase to unknown people
- User provides his/her private key to unknown people
- User interacts with a malicious smart contract
- User forgets/loses the seed phrase and private key
- User connects his wallet to a “Wallet Verification” service
- The smart contract gets compromised
- You lose your device
- Malware hits you and gets access to your seedphrase
- User downloads and uses fake wallet or other apps
- User actually gets hacked
|Fund Loss Process||What happens|
|1. User provides his/her seed phrase to unknown people||Seed phrase is like a password to your fund. People should never share their seed phrase. Anyone having the seed phrase has full control to your fund. They can use those seedphrase and transfer the fund from your wallet to some other wallets. |
For example, if you shared your seedphrase with your friends, families or online (via telegram chats, discords etc.) to anyone, consider your wallet could be compromised.
If you think you provided your seedphrase to someone but your funds are not moved yet, I suggest, you immediately create a new wallet and transfer the funds yourself before the other person does.
Many time on the social platform, there will be scammers waiting to scam people, they will send random messages, asking you to verify your wallet, or send your seedphrase etc.
NEVER SHARE YOUR SEEDPHRASE WITH ANYONE
|2. User provides his/her private key to unknown people||A blockchain address has two keys, a public key and a private key. Public keys, by their name are public and is used for transaction validation.|
However, private key has to be protected. Private keys are different from seed phrases, but private key also enable full access to your wallet address.
NEVER SHARE YOUR PRIVATE KEYS WITH ANYONE
|3. User interacts with a malicious smart contract||This is one of the most common form of losing a fund. If you connect to a website, and let’s say purchased a token, the smart contract might have a malicious code, which might end up transferring your funds out of your wallet programmatically.|
Here are few things you could do:
– Always double check the website address you are interacting with. There are many fake versions out there.
– Always understand what kind of permissions and access these websites are asking for. Sometimes they just ask to see your public address, other times, they might want access to your fund. Always keep an eye on that. For example, if you are trying to buy Token A, and a confirmation dialog comes up asking you to approve access to Token B, or both Token A and Token B, it might be a red flag, specially with a common sense, you know that Token B has no role to play in the purchase.
– Never try to cash out any unknown tokens airdropped in your wallet. They could be scams.
– Always make sure to revoke access when it is no longer needed. BSCScan, EtherScan and other blockchain explorers allow you to review and revoke access to smart contracts.
NEVER INTERACT WITH SUSPICIOUS WEBSITES, OR SMART CONTRACTS
|4. User forgets/loses the seed phrase and private key||This is also another common way of losing the fund. Just like if you lost the key, you can’t get into your house, losing a seed phrase or private key will stop you from accessing your fund. You fund might be there on the blockchain, but you can’t access it and unless you some how find your seed phrase or private key, they fund is gone forever. |
Millions of dollars are lost each year due to this.
So what can you do?
– Always write your seed phrase down somewhere in a safe place. Always remember if someone finds your seedphrase, they can access your funds.
– Always keep your seed at multiple places. What if your seedphrase was in a shoe box underneath your bed and your house caught fire? Accidents can happen without warning and always think from the perspective of how would you recover your fund if there was a disaster. Maybe give half seed phrase to your mom and another half to a friend your mom doesn’t know.
NEVER LOSE YOUR SEED PHRASE OR PRIVATE KEY
|5. User connects his wallet to a “Wallet Verification” service||This is another poplar way that scammers use to trap newbies and lure them to give out their seed phrase. They will set up fake websites, where they will ask you to connect for verification purposes. They will lure you into providing your seedphrase or private key into their website. And then your fund is gone. |
There is no need to verify your wallet for any reason specially if it involves providing a seed phrase or private key.
Always be careful, they will try to catch you off guard. Let’s say you are in a chatroom, such as telegram and discord, and you ask a question saying your recently purchased token is not available on the wallet or you are having issue with the farming etc.
And suddenly, you might get a private chat with name similar to the main chat or by people similar to in the main chat, and they will, in the name of helping you, will lure you to give out the seed phrase or private key and then if you do, your fund is gone.
NEVER INTERACT WITH WALLET VERIFICATION SERVICES, OR RANDOM MESSAGES ON TELEGRAM OR OTHER CHAT ROOMS.
|6. The smart contract gets compromised.||Let’s say you have a token A in your wallet and there were vulnerabilities in it, there is a chance that the token’s smart contract will get compromised and you will lose the fund. This is likely but has smaller scope, than any of the above. In part because, the smart contract may only interact with a few tokens in your wallet. So you might not lose all the funds. But this is still a loss.|
NEVER INTERACT WITH SMART CONTRACTS THAT ARE NOT AUDITED OR HAVE FLAWS IN THEM.
|7. You lose your device||This is another common way to lose your funds. Many people do their crypto trading these days from their cell phones or tablets and it is possible that those devices are lost. If those devices are not secured, and the person who find the device has access to your open wallets, then that person can transfer the funds out of your wallet.|
– Always secure you phone with code, facial recognition or other biometrics as appropriate.
– Always apply 2 factor authentication and other security measures provided by the wallets.
– When not in use, log out of your wallets.
– If you find that your device has been lost, promptly transfer out your funds to another wallet before someone does.
Thinking about where to store your crypto is a good thing. Some people choose cold storage with hardware wallets such as Terzor or Ledger, others choose to use hot wallets like TrustWallet or Metamask. Again in both cases, your tokens are in the blockchain, but it’s where the key is stored is the key.
NEVER USE CRYPTO ON UNSECURE DEVICES.
|8. Malware hits you and gets access to your seedphrase.||Although this is likely, but this is very rare. There have been reported incidents of such loss, but those are limited in scope. For example, some might try to transfer out ETH for example. Many popular wallets put an immediate patch on any such vulnerabilities, but there is a likelihood of losing the money this way, because such attacks are rare.|
Always pay attention to what hot wallets you are using. If the wallets are new, their securities might have flaws and not properly tested.
If you have to use such wallets, use a different account, with a smaller fee.
NEVER USE WALLETS THAT HAVE NOT BE THOROUGHLY TESTED OR ARE VERY NEW.
|9. User downloads and uses fake wallet or other apps.||There are tons of fake wallet and apps out there. They will look similar to the original apps, and when you enter your seed phrase, the get access to your funds.|
NEVER DOWNLOAD OR USE WALLETS WITHOUT VERIFYING THEIR ORIGINAL SOURCE.
|10. User actually gets hacked||There are various ways users could be compromised. |
– Shoulder surfing (someone looking behind your shoulders while you are typing the seed phrase)
– Use of Open WiFi where your network traffic could be analyzed and potentially manipulated
– Some malware that copies the device keyboard, which might contain Seed Phrase, Passwords or Private Key if you used those recently.
– You stored your seedphrase/passkey on unsecured cloud.
– Hackers find your device and analyze the device with advanced tools and techniques.
NEVER USE CRYPTO TRANSACTIONS IN PUBLIC WIFI, OR PUBLIC PLACE, DO NOT DOWNLOAD SHADY APPS THAT MIGHT CONTAIN MALWARES.
The table above is not all encompassing. Please lose money many other ways. For example, if they put their crypto in Centralized Exchanges, and the exchange or it’s wallet gets hacked, user could lose money. Although in such cases, exchanges may refund fully or partially.
Lost hard wallets, if found by someone can also be hacked. Watch this video for how a hacker recently helped a guy recover $2m worth of tokens from a hardware wallet with lost seed phrase.