How To Avoid Losing Your Crypto
Level 1 - NGMI
Welcome Avatar!
If this is your first crypto cycle, this post is for you.
We’ve noticed over the last two cycles that most people who make a lot of money in crypto don’t keep it.
What are the most common reasons people give back all of their profits, and more?
They Don’t Sell - this one is obvious, people add risk mid to late cycle, miss the top, and eventually take a loss.
Poor Understanding of the Products - especially those with hidden risks e.g. Luna / UST stablecoin, derivatives and leverage.
Hacks and Scams - last cycle saw a whopping $7.7 billion dollars lost in hacks.
Tax - get an airdrop → forget to sell → it goes down 99% → you owe tax on the initial value. Swap some Bitcoin for altcons coins late in the cycle → market crashes → you owe tax on the Bitcoin you sold at a gain. Many such cases.
How to avoid tax problems and claim your discount on the best tax software at BowTiedBull
So you’ve done your homework, have a plan to take profit, and can handle taxes. But. Are you ahead of the 1001 creative ways hackers and scammers can steal your coins?
We have plenty of in depth and technical content covering the why and the how for paid subscribers, so this post will be a security overview/checklist at a high level.
By the end of this post, you’ll how how your security knowledge and behaviors stack up, and which weaknesses you need to address.
But first…
Who Wants To Steal Your Crypto?
Run of the mill criminals, drug traffickers, extortionists.
Intelligence agencies creating black budgets for illegal projects.
International terrorists. Rogue states. North Korea.
Project founders. Exchange CEOs.
Yes really, if you’re not familiar look it up.
Your envious neighbor or relative?
Computer hackers will have been interested in and dabbled in cryptocurrencies long before they were popular with the public.
Did you know that one of the best performing crypto investments in the last year — Celestia (TIA), a billion dollar modular blockchain — is founded by a real life hacker?
Would knowing this have affected your decision to invest in the token?
Why, or why not?
The founder of notorious hacking group Luzsec Mustafa Al-Bassam, 18, of Peckham in south London, received a 20-month jail sentence (suspended for two years), and was ordered to perform 300 hours of community service.
LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. LulzSec intervened in the affairs of organizations such as News Corporation, Stratfor, UK and American law enforcement and Irish political party Fine Gael.
Mr Al-Bassam is now a legitimate businessman and we think having an experienced hacker at the helm can be a clear positive for a crypto project, if they remain ethical. Some of crypto’s biggest rogues ranked by dollars lost had no known criminal history.
Find Out How You Score On Security
Security is a mindset.
Good security requires attentive and accurate observation, curiosity, and discipline. An effective holistic approach can’t rely on checklists or rules of thumb alone.
And you’ll need a good level of self awareness to know your weaknesses.
Remember: criminals are getting smarter, the incentives are bigger than ever, and you can even be hacked by foreign nations e.g North Korea’s elite hacking teams.
Unless you’re very rich, it likely won’t be you targeted for a hack. It will be the computer you use, the DeFi wallet you trust, a protocol with a smart contract vulnerability, etc. Or more likely: a social media account or website which you relied on without checking. If you’re hacked, it’s likely hundreds or thousands of other people were affected. There is almost no chance of recovering anything.
To help you discover how potentially vulnerable you might be - and therefore how much time you need to spend reading the DeFi Ed archives for the solutions - we’ve put together a rough guide to crypto security grouped into levels.
Level 0 is the least secure and Level 3 represents high security. These are intentional extremes. Most people won’t fall into levels 0 or 3, but 3 is achievable and should be an aspiration for anyone with significant money in crypto.
Whether you are hacked/scammed depends on the effort made to transition from level 1 to level 2 across all sections. A chain is only as strong as its weakest link.
Read through each section and choose the level closest to you.
Levels are additive - Level 2 would incorporate all of the security measures from Level 1. If you do all of Level 1 but only some (or none) of Level 2 then you’re at Level 1. If you’re not sure exactly which applies, choose the lower level.
Wallet
Level 0: You installed an app on your phone. Or Metamask on your PC. Only a matter of time before you lose all of those funds. (Hot Wallet)
Level 1: You bought a Trezor and wrote down your recovery phrase. You keep them together in a drawer next to your computer. You come home after work to find your place has been burgled or caught fire. Now you’ve lost your internet money as well.
Level 2: You’re keeping a backup of your seed phrase / private key in an offsite location to be able to recover your funds if your main wallet is lost or damaged.
Level 3: Your cold storage wallet uses multi signature technology. A person you trust can help you recover access to your funds in some circumstances. Arrangements are in place to pass your crypto to your heirs if you die.
Accounts
Level 0: You have one account with all your crypto. If you make one mistake you lose everything.
Level 1: You have a couple of different accounts secured by the same seed phrase.
Level 2: You keep a small amount of funds in a dedicated “hot wallet” which is used for risky / untrusted sites. And you have a cold wallet for your main funds.
Level 3: Like level 2, but your cold wallet is a multisig which never interacts with smart contracts, it only sends/receives funds to accounts which do. You have different accounts, secured by different seed phrases, separated according to purpose (DeFi, NFTs, hot wallet, cold storage).
Transactions
Level 0: You blind sign and don’t know it. Guaranteed to get rugged by a frontend attack if you’re in crypto long enough.
Level 1: You know how to read a transaction, look up the smart contract address on the block explorer to check the address is legitimate. You don’t always take the time.
Level 2: You’ve the discipline to check every transaction.
Level 3: You sometimes use advanced tooling to preview/simulate the effect of your blockchain transaction before confirming it.
Computer Security
Level 0: You your crypto transactions on a phone or the computer you use for everything else. You’re one rogue email attachment/virus away from losing it all.
Level 1: You do your crypto on your main computer but you’ve installed an antivirus, VPN, keep your software up to date, have your wallet installed in a separate browser which you only use for crypto, and you use a hardware wallet. If you’re not paying attention you’ll lose money the next time you “copy and paste” a wallet address.
Level 2: You have a separate computer which you use only to connect your hardware wallet and sign crypto transactions. You only browse to trusted crypto websites. No general searching. No connecting your main wallet to new “hot NFT mints” (that’s for your degen wallet)
Level 3: You have a separate computer with custom security software which helps you manage multiple wallets, DeFi apps, and identities (KYC and no KYC platforms) easily.
Phishing Education
Level 0: You’re skeptical of people who wired money to a Nigerian Prince. It could never happen to you. Vitamin Butane needs to borrow 1 ETH and will pay you back.
Level 1: When a project releases details of its airdrop, you know their socials were hacked. You bookmark all the crypto websites you use, and you cross reference socials, Google, and the DeFi Llama directory to find the site. Bots don’t DM you.
Level 2: You’re immune from taking hasty actions even if threatened with immediate loss. You know how approvals work and won’t click on a scam site to “rescue” or revoke access to your tokens. You’ve enough experience to rely on a gut check and a network to lean on for a second opinion or analysis if something weird happens.
Level 3: An AI which sounds almost exactly like your eldest who just went to college in another state calls you to say she’s in trouble and needs you to send money. You already know three questions you could ask that only she would know the right answer to, could remember in a crisis, and aren’t in public records (e.g. place of birth).
Diversification
Level 0: All in. When you like a crypto product, you keep all your funds there. All your Bitcoin is in BadgerDAO, all your ETH is staked in Lido, all your stablecoins are in UST/Anchor, and your trading account is at Mango Markets. You max-loop-borrow to farm Ethena and would have retired from OHM last cycle.
Level 1: You understand smart contract risk. Your cap how much of your portfolio you invest in a single app. You know to place higher trust in apps which have been around for longer, and have a well funded team and high TVL.
Level 2: You understand the risks of using L2s and what could go wrong with Ethereum staking. If something seems risky but you need to use it anyway you might consider insurance. You know at least two apps for every purpose and either split up your funds across both or use one as a backup for the other.
Level 3: You do your own staking with a minority client. The funds you don’t access regularly are on mainnet. Your active portfolio is diversified across farms and L2s. You can interpret a protocol audit and risk-assess pegged assets. Half the industry could collapse but as long as blocks are being produced on Ethereum you’re solvent.
How to Improve
How did you score?
If you’re at Level 1 (or below!) on any section, you could be doing better. Frankly, there’s a high chance you lose some of your crypto to cybercrime unless you improve.
Focus on the weak points until you are Level 2 or better across the board.
Don’t forget to subscribe to access our detailed security tutorials and get advice tailored to your needs in our Q&A every other Saturday. Most of our readers have been with us since we launched last cycle, so these sessions are also opportunity to learn from people who have succeeded and who made some mistakes along the way.
Disclaimer: None of this is to be deemed legal or financial advice of any kind. These are opinions from an anonymous group of cartoon animals with Wall Street and Software backgrounds.
We now have a full course on crypto that will get you up to speed (Click Here)
Security: Our official views on how to store Crypto correctly (Click Here)
This!
I made the big mistake of not derisking anything last cycle #hodl
I’ve been putting every extra penny I make into crypto since 2016 and saw my NW go from 60 to 600, then back down to 200
I figured 600 wasn’t really enough to retire on, yet I’d I had sold anywhere near there top I could have certainly hit financial independence by now.
DONT GET GREEDY AND DONT LISTEN TO THE AUTISM. If you are actually on the spectrum it’s easy to fall into rules like hodl forever. It’s easy to take most things very literally.
Could give some advice on how we do these items in the article under the transactions?
Transactions
Level 1: You know how to read a transaction, look up the smart contract address on the block explorer to check the address is legitimate. You don’t always take the time.
Level 2: You’ve the discipline to check every transaction.
Level 3: You sometimes use advanced tooling to preview/simulate the effect of your blockchain transaction before confirming it.