How Not to Lose Your Cryptoassets
By John Berry
July 16, 2018
These are the top traps to avoid:
Fake ICO token sales websites
Send funds to a phony ICO phishing site and you are 100% guaranteed to never see them again.
· Fake ICO phishing websites are a major source of loss to unwary crypto investors. Almost every time a high profile ICO is announced, cyber criminals pop up with fake phishing sites that resemble the original.
o To avoid, be extra cautious. Check and double across forums and channels that an address is the actual official token sale website before sending any funds.
o Search for the ICO on a trusted ICO listing site such as ICOAlert or Coinshedule.
o It is estimated are that 10% of funds intended for ICO’s end up with hackers. The approximate amount lost to fake ICO phishing websites in 2017 was $225 Million.
Fraudulent & Failed ICO’s
DeadCoins lists 868 crypto tokens with no value. These useless crypto projects can be divided between fraudulent and failed ICO’s.
· There have been numerous scam ICO’s where cyber criminals have taken advantage of retail investors. Fraudulent ICO’s are set up to with no developers or any real team at all. Even with greater regulations, there are still many scammers promoting ICO’s that aren’t worth anything. Its vital for investors to do better due diligence and not just rely on some guy on YouTube or Reddit touting an ICO.
· It’s common now for most ICO’s to meet KYC and AML requirements prior to participation. If an ICO doesn’t have these, that’s a red flag it could a scam.
o According to the WSJ the approximate amount lost to fraudulent ICO’s since the crypto market began exceeds $1 Billion.
· Estimates are all over the map regarding the percentage of ICO projects that have failed. It’s probably safe to say in excess of fifty percent of all ICO’s will not succeed. Failed ICO’s are projects that were legitimate but for one reason or another have been abandoned and are especially worthless. Some had no hope to begin, so should never have been launched. Others just didn’t make it as a business. To be fair, failed ICO’s can happen for a variety of reasons, just like any start-up business, and not all are scams. Investors do, however, need to do a better job of due diligence. Too many treat ICO’s as if they were slots in a casino. If that’s your investment strategy, then you will get the same odds as you do in Vegas.
o Estimated amount lost from investing in failed ICO’s: $2 Billion.
Phishing & Fake wallet websites
If you get fooled by a fake or phishing wallet website you are 100% guaranteed to lose your cryptoassets
· Software wallets will always be a phishing target such as the recent fake Trezor wallet website which asked users to enter their wallet recovery seed. https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced
· To avoid losses, always double check the URL address of your web wallet to see it’s not a closely misspelled fake. Also ensure the wallet has a valid SSL certificate and not an http address. All legitimate website wallets will use SLL / https.
· Cybercriminals will use Google ads and market fake wallet websites to lure users. For instance MyEtherWallet.com (the real site) has suffered from several fake copies such as MyEtherWallet.net (fake) and other similar fakes with different URL extensions. That’s a favorite way for criminals to fool users. If in doubt Google (or DuckDuckGo) the name of the wallet or check on Reddit to ensure you have the correct site.
o Note: Smart crooks also use Slack, Reddit and other social media forums to spread their messages, so always double check before using a new wallet.
· If you really need to use a web wallet, bookmark the real wallet’s URL and always use the bookmark to get to the site.
· Going with a hardware wallet is an easy option. Trezor, Ledger, and KeepKey all work well. Just make sure you purchase from the official manufacturer’s website, or a large, well-known retailer like Amazon or the equivalent.
o Approximate amount lost to fake phishing websites: Unknown
Losing your private keys and crypto wallet recovery seed
Your private keys are literally the key to keeping your crypto assets secure. It’s really simple: Lose your private leys and you lose access to your cryptoassets.
At the end of 2017, Chainalysis estimated that nearly 4 million Bitcoins had been lost forever due to their owners either losing their private keys or accidentally losing the computer hard drives or USB sticks that contained their keys.
· James Howells from Wales is well known for having thrown away a hard drive containing 7,500 Bitcoins he had mined. That hurts to even think about!
· To avoid losing your private keys and your recovery seed, back them up. Write out your seed phrase and store it safely. Yes, I know this sounds like it’s 1970, but it is really important to have a backup. There are several groups working on better solutions, such as KeySplit, which splits your recovery seed into “shards” and shares them among several contacts. If that works for you, great. Whatever you do, make sure you have a backup.
o Approximate amount lost from users losing their private keys and /or recovery seeds: Unknown
Leaving your crypto on an exchange
No crypto exchange is 100% safe, and never will be.
There are two risks involved with leaving your cryptoassets on an exchange. First, crypto exchanges are big, juicy targets for hackers looking to break in and steal digital tokens. The second is the exchange going out of business.
Any time you open an account with an exchange you create a wallet. The exchange stores your private keys for your exchange wallet. If the exchange is hacked and your private keys are stolen, you lose your funds stored there. If the exchange stops trading, you could also lose your keys. Either way, exchanges have been and will continue to be risky places to store your crypto assets.
· Protect your tokens in your own wallets. Only hold tokens you want to either spend or trade in a hot, online wallet. Those you intend to hold longer term (hodl), store those in an offline, hardware wallet.
· Trade via a decentralized exchange (DEX) that matches counterparties and doesn’t store tokens at all.
o Approximate amount lost from hacked crypto exchanges in 2017: $250 Million. 2018 YTD: Over $750million.
Dying and taking your cryptoassets with you
If you pass away suddenly without leaving clear instructions detailing where and how to access your cryptoassets, your loved ones will probably not inherit them.
Several high profile cases have illustrated the extent of this problem. Mathew Mellon died suddenly with approximately $500 Million in Ripple (XRP) hidden. It is believed he had them in numerous cold storage accounts under anonymous names. His is just one case among many.
· People die, crypto doesn’t. Passing without letting your beneficiaries know where and how to assess your cryptoassets is a 100% guaranteed way to lose your cryptocurrency and tokens.
· To avoid this scenario, leave clear written instructions detailing all cryptoassets you own, where they are located, and how to access them. Additionally be sure this information is only released on your passing to ensure no unintended pre-emptive inheritance (or theft if your heirs are less than patient).
o Yes, this is a bit of a product plug, but OneSecurePlan accounts allow you to do all of the above in a safe, secure and easy manner, protecting your information until you want it released.
o There are several smart-contract crypto asset based inheritance services entering this space. Most seem to offer little in the way of explaining how they work with existing inheritance laws. It’s debatable how these contracts will stand up if challenged in US probate courts, and uncertain how they intend to handle estate and inheritance taxes. (Most seem to avoid the issue of taxes, leaving the beneficiaries to sort it out.) Do your homework, especially looking at their legal and tax advisors and expertise (and where they are licensed to practice) before trusting something as important as the inheritance of your cryptoassets to any inheritance or estate planning smart contract. The technology is currently ahead of the legislation needed to support them.
o If your heirs are not crypto savvy, it’s advisable to list people who could help them access your crypto funds. At this stage, most estate planning attorneys do not fall into that category.
o The amount lost in by owners taking their cryptoassets to the grave is unknown, but unfortunately growing.
Transferring crypto tokens to the wrong address
Crypto transactions are irreversible. Sending cryptoassets to the wrong address is a guaranteed way to lose them. It can be difficult to find out who owns an address. Even if you could find the owner you sent the funds to, they would have to agree to refund them. However, if an exchange owns the address you might be in luck.
· To avoid mistyping, always use copy and paste with any address you want to transfer funds to. Then double-check each letter of the destination address before hitting transfer. Typing in a valid address that is not the one you meant to transfer to will result in the loss of your funds. Fortunately, if you type an invalid address, your transaction will be rejected and your funds won’t transfer.
o Approximate amount lost by sending to the wrong address: Unknown
NOTE: If you have more accurate or better statistics for any of these categories, or any additional thoughts to add, please message me. I plan to include this information in a book I’m currently writing on Digital and Crypto asset estate planning. Big Thanks.
Disclaimer: This is not legal, financial or tax advice. All information is given for informational purposes only.
John is an author and speaker. As a software technology executive John spent 30 years working in the IT software market. He has an in-depth knowledge of IT security, networking infrastructure, enterprise software applications and internet technologies. John has lived and worked in South Africa, the Middle East, the United Kingdom and the USA. His new book “Tracking you” will be available in 2014. It details how we are all under surveillance; by whom; and what you can do about it. He currently resides in Jupiter, Florida.