Just a week ago, Google removed 49 Chrome extensions imitating MEW, Ledger, Trezor, and other popular cryptocurrency wallets. Phishing attempts are on the rise, and in this stressful time, it’s also easy to make an irreversible mistake losing your crypto whether you’re new to crypto or an experienced hodler.
Whether you're moving funds to pay rent or panic buying BTC and ETH to hedge the markets, the last thing you need during a financial crisis is to lose your crypto. Since 2017, our support team has talked to thousands of crypto holders.
Here are some of the most common ways crypto is lost or stolen and how you can avoid it.
With crypto freedom, comes crypto responsibility.
When you own crypto—you become your own bank. While this is empowering because you have complete control and sole anonymous access to your assets, it’s also a heavy responsibility because, if you lose your crypto, there’s no way to recover your funds. You might be asking yourself,
If a hacker gets my funds, why can’t you just get my crypto back?
Blockchain is maintained in a decentralized fashion so that each user has complete control and sole anonymous access to their assets. There is no way to reverse or refund transactions, nor can MEW, or any wallet you might use, trace the IP address of a phisher or determine ownership of any wallet address.
So what does this mean for you? It means you need to be careful any time you access or move your funds. Do it when you can concentrate, and avoid doing it during an emotional or stressful time like this Reddit user who lost their XRP to a Chrome phishing extension that asked for her hardware wallet seed phrase.
99% of the mistakes that will lose your funds are preventable with “good hygiene”. Just like the safety steps we’re all taking for COVID-19, you can protect yourself from the biggest mistakes and scams in crypto. Nearly all cases of lost crypto that we've seen through hundreds of support interactions could have been prevented through more awareness of good security practices.Here’s what you need to know to avoid these pitfalls.
#1: Never share your private key.
Giving a hacker access to your private key is like turning over all your banking information to a criminal, except it’s irreversible, harder to trace back, and doesn’t come with FDIC insurance. Though you would never knowingly hand over personal data, never ever give your private key, mnemonic phrase (also known as recovery or seed phrase), or Keystore files.
This means don’t enter them directly into a website or give them to a fake ‘support’ representative via messages, emails, and phone calls. Where there is money, there will always be people looking to steal it, and crypto is no exception. The support teams at reputable crypto companies will never ask you for your key, even while helping you resolve issues.
#2: Be wary of Chrome Extensions, Plugins, Giveaways, and “helpers” offering to help you swap other coins to ETH or BTC.
These types of hacks have been on the rise since the economic uncertainty around COVID began. Additional traps to look out for: Giveaways that sound too good to be true, often on Twitter. Any statement like “send us ETH and get double ETH back” or the “give us your private key to get free tokens dropped to your address” is targeted at newcomers, don’t fall for it.
Additionally, watch out for scammers in your DMs on sites like Twitter, Instagram, and Telegram. Common scams include impersonating a famous crypto personality to get your private information or offering to help you unload tokens into Bitcoin.
Here are some ways to check if an account is legit, more resources here.
#3 Don’t accidentally send your crypto to the wrong wallet.
There is no way to reverse or refund transactions if you make a mistake. So be super careful, even send a really small test amount first if you’re nervous because once it’s gone, it’s gone. This is an easy mistake to make, as each Ethereum address is 42 characters long and just one wrong letter results in a completely different wallet.
Bottom line: Take your time being very careful with address entry, use a trusted QR code, or assign a blockchain domain name like .crypto or .eth to your wallet to avoid panic sends to the wrong address.
#4: Use a hardware wallet as well.
While mobile and browser-based wallets offer convenience and in MEW’s case, access to DApps, DeFi lending, and the Ethereum ecosystem, hardware wallets like Ledger and Trezor are a great option for larger amounts and long-term storage.
New smartphone-based secure enclave wallets keep your information secure within the smartphone's local storage function similarly to a hardware wallet.
Pandemic or not, phishing tactics are rampant and constantly evolving. While it’s hard to keep track of all the different ways hackers are out there trying to steal your funds, your vigilance and knowledge on key safety and security will keep you safer out there.