Cryptocurrency exchanges and theft have been regular news since Bitcoin went big, but that hasn't deterred investors: The number of digital cryptocurrency wallets in existence by the end of 2017 was 21.5 million. That's a huge increase from 2015, when only 5.4 million wallets were around.
Along with the new popularity of cryptocurrency has come a new breed of cryptocurrency criminals. In 2016 $95 million worth of Bitcoin was stolen, and in 2017 the amount stolen exploded: $115 million was lost to phishing, $103 million to exploitation of software and storage, $7.4 million to hacks, and $4,000 to Ponzi schemes.
That's a lot of lost cryptocurrency—so how are criminals doing it?
Five ways cryptocurrency gets stolen
There are five popular ways that cryptocurrency criminals get their hands on your virtual coins:
- Brute forcing, in which an attacker simply tries again and again to guess a password until they finally get in.
- Phone porting, in which criminals call cellular customer service, have a number transferred to their phone, and use the number to reset a crypto account password.
- Phishing, which installs malware that looks for, and steals, digital wallet addresses.
- Ponzi schemes, in which investors are paid returns that are actually just the money new investors put in (see BitConnect).
- Mining malware, which uses a victim's computer to do the mining for the hacker.
So, risks come from all angles: anonymous hackers on the internet, fake exchanges that run away with your money, or even malware that makes you do the work for someone else's gain.
That doesn't mean safe investment isn't possible.
How to safely invest in cryptocurrency
Cryptocurrency brokerage CryptoGo has some tips for investing in cryptocurrency without placing yourself in harm's way.
- Encrypt and back up safely so that you always have a record of your wallet. Use a mnemonic phrase to ensure you can recover a lost wallet.
- Use an antivirus product that was built with cryptocurrency in mind, such as Spybot Anti-Beacon or Comodo.
- Only use "hot wallets," those that are connected to the internet, for small transactions. If you're going to store large amounts of cryptocurrency for long-term investment keep them in a secure, offline wallet.
- Use multifactor authentication, either through a hardware token or an app, to secure cryptocurrency-related accounts.
- Don't use SMS authentication—phone numbers can be stolen via phone porting.
- Diversify your holding through different exchanges and use different passwords and recovery methods for each one.
Brandon Vigliarolo has nothing to disclose. He does not hold investments in the technology companies he covers.
Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.