This guide attempts to cover the breadth of risks, scams and pitfalls new and advanced cryptocurrency users typically fall prey to. Topics are weakly sorted according to their risk level in descending order (most common/high risk first). Each topic comes with a number of clickable links to articles elaborating on the subject.
To help your odds of surviving this space, please do your due diligence. Keep your coins in cold storage. If you can, use a hardware wallet. Don’t manually type private keys or destination addresses. Store your wallet and backup information safely.
If it’s too good to be true, it probably is.
Not your keys, not your coins.
Don’t hesitate to reach out if you have any questions.
Disclaimer: I’m not a security expert and none of this is investment advice.
Amateur Buying and Transacting — Security Basics
- Centralized exchange hack - 1, 2, 3, 4, 5
Not your keys, not your coins — Exchanges regularly get hacked and lose costumer funds. Do NOT keep your funds on exchanges.
- Loss of wallet keys/passwords - 1
- Fake wallet app - 1
- Incorrect destination address - 1
- Coins sent directly to smart-contract address - 1
- Ponzi/pyramid schemes - 1, 2
- Keyloggers, Clipboard hijacks and other computer malware - 1, 2
- Sim-swapping - 1
- Exchange KYC/AML data leak - 1, 2
Consider reading through the 7 common scams listed here.
- Impersonation and fake giveaways - 1, 2, 3, 4
Send 1 BTC, receive 2 BTC scams have been prevalent lately, sometimes coming from verified accounts (fake verification, hacked social media account).
- Targeted social media scams - 1, 2
- Phishing Emails/Websites - 1
Note that some tokens are subject to design-specific risks; MakerDAO and DAI’s collateral default risks or oracle failures, for instance. These aren’t considered here.
- Smart-contract bug - 1, 2, 3
See this for dev-oriented folks
- Centralized admin keys - 1, 2
Certain centralized stablecoins have already started freezing addresses
- Ghost chains and abandoned projects - 1, 2
- Composability risks - 1, 2
- Game theoretic risk and misaligned economic incentives - 1
- Cryptocurrency holding, trading, mining and staking regulation - 1
- Securities laws/ICOs - 1, 2
Most ICOs are illegal for retail investors the US.
- Changes in taxation laws/asset classification - 1
Pay your taxes
Blockchain Consensus and L1 Failures
- Hard-forks - 1, 2
- Consensus attacks - 1, 2, 3
Including, but not limited to: 51%, selfish-mining, short range, coin age accumulation, DOS, Sybil, pre-computing, etc.
- Slashing - 1
- Margin-trading (CEX or DEX) - 1
This one isn’t exclusive to cryptocurrencies, but is remarkably riskier in the space. Market manipulation is pervasive and flash crashes are are regular occurrence. The risk here can’t be stressed enough.