What do you know about the risks of trading cryptocurrencies? As numerous cryptocurrency projects thrive, there are more and more risks to consider, including common scams, hacks, and regulatory risks.
Perhaps you have heard that crypto has higher risks compared to traditional finance. There are different ways of handling and responding to each type of risk. This article will discuss various risks that may lead to losses when trading crypto and propose risk management measures.
System risk is the inherent risk of the entire crypto industry, generally referring to the market price turbulence caused by internal or external influences.
For example, the Federal Reserve has been raising interest rates since March 2022 and then started shrinking its balance sheet in June, gradually reducing capital injections from its previous investment in bonds, causing market funds to flow back into the banking system, making investment markets suffer. In addition, the Russia-Ukraine war and the pandemic have caused the supply chain crisis, high unemployment rates, and hyperinflation, which forces the Fed to further raise interest rates, leading to a vicious circle.
How to manage system risks? Change your mindset and optimize your asset allocation. Do not panic sell and wait patiently for the next bull market.
Crypto markets are open 24/7. There is no price fluctuation limit , so liquidation risks caused by dramatic price changes must be taken into account.
Large-scale institutional liquidation in the crypto market in 2022: Celsius, a crypto lending platform implicated in the bankruptcy of Three Arrows Capital, made repayments to various lending protocols to reduce the liquidation price after suspending user withdrawals on June 13. Celsius still filed for bankruptcy on July 14, with up to 5.5 billion US dollars in debt. They are also suspected to have covered a loss of 40,000 ETH. On July 8, Tether liquidated an overcollateralized BTC loan of Celsius, which made Celsius lose nearly $100 million.
One of the repayments performed by Celsius was to move about 24,462 WBTC (worth as much as $530 million) to FTX. Although there is no official statement for why they made this decision, the community speculates that Celsius might intend to sell assets in exchange for liquidity to repay debts. But the sell-off led to strong selling in the market, which undoubtedly made the market price fall more drastically.
Following on Celsius’ suspension of user withdrawals on June 13, which caused panic in their community, Babel Finance, another cryptocurrency lending protocol also announced the suspension of redemption and withdrawal services. Babel Finance stated on its official website on June 20 that given the current context of high market volatility, Babel Finance is faced with a severe challenge on liquidity.
How to manage liquidity risks? When confronted with price fluctuations, liquidation risks, and others, you must make sure that you do your due diligence before investing in any projects and that the price of the asset is in line with its actual value. Optimize asset allocation to reduce the risk of running and price collapse.
The withdrawal suspension and trading halt on Celsius mentioned above fall into the category of exchange risk. Unlike traditional banks that can get short-term loans from other banks or the central bank, the DeFi system as an emerging industry has not developed an “interbank” lending model. Due to the liquidity dilemma of DeFi, if there is no economic model behind generating cash flow, with the high-interest rates, it is not possible to borrow from other protocols. Then the project will have to use the assets invested by new users to pay older users. Once there is no continuous capital injection, the project will face insolvency. Then withdrawal suspension will only lead to panic, deteriorate the situation further, and eventually force the company to file for bankruptcy.
Funds lost in transfers
When transferring, depositing and withdrawing cryptocurrencies, users are required to select the blockchain and input recipient address. If you select the wrong blockchain or input the wrong address, it can be very difficult to retrieve the lost funds. Please be extra-careful.
Lost private key
Each crypto wallet has a unique private key, which is composed of a 32-bit random number and 64 hexadecimal characters generated by an encryption algorithm. It is generally not possible to memorize the private key. Instead, people usually write them down or take a photo.
In traditional finance, if a user forgets his/her password, the bank can help retrieve or reset it. In crypto, due to its anonymity and decentralization, the ownership of the assets in the wallet can only be proved by the private key. You are the only person who knows your private key. If you lose it, no one can recover it and all the assets in the wallet are lost forever.
As of 2021, about 4 million bitcoins have been lost due to losing private keys. One of the most well-known cases - former Ripple CTO Stefan Thomas, has 7,002 BTC in his IronKey cold wallet, but he has forgotten the private key and cannot do anything with this huge sum. What’s even more tragic is that IronKey has a limit of 10 incorrect login attempts. After reaching 10 failures, the account will be locked forever. Now, Thomas has only 2 chances left.
How to control operational risks? Always pay attention to the news of centralized and decentralized exchanges. Stay rational when it comes to investment opportunities with crazily high annualized returns. Care should also be taken when funds are traded or transferred. And never lose your private keys!
The U.S. Federal Trade Commission (FTC) pointed out that from October 2020 to March 2021, up to 7,000 people lost digital assets to scams, amounting to approximately $80 million USD. Compared with the $7.5 million USD loss from 570 crypto scam cases in the previous year, the total loss has increased by more than 10 times, which means that crypto scammers work really.
Forms of cryptocurrency scams:
a. Hacker attacks
b. Phishing
c. Giveaway scams
d. Fake job offers
e. Refund scams
f. Fake IC0
g. Fake crypto wallets
h. SIM card scams
i. Malwares
Next, we will briefly explain the common forms of scams and how to deal with them.
Data from the crypto security firm CipherTrace shows that hacker attacks on DeFi in 2021 make up more than 60% of all hacker attacks in this year. In 2020, this proportion was only 20%. The stolen amount in the first half of 2021 is worth about 156 million USD, which is already higher than the total of 129 million USD stolen in 2020.
A. The biggest crypto theft to date
On March 30, 2022, Sky Mavis, the developer of Axie Infinity, claimed to have discovered that hackers stole private keys to falsify transactions and obtain other cryptocurrencies. The hacker stole funds from the Ronin bridge that Axie Infinity uses.
The total value of the loss is estimated to be around $625 million, including 173,600 ETH or WETH (about 597 million) and 25.5 million USDC, making it the biggest theft in the history of crypto.
Three months after the hack, the bridge connecting Ronin to the Ethereum mainnet was rebuilt and withdrawal services were restored.
Source: Ronin Twitter
B. Top 10 biggest crypto thefts as of June 2022
Source: Statista/Bloomberg, Business Insider, TechCrunch, CNBC, Ronin Network, Vice.
The victim of the biggest ever crypto theft is the above-mentioned Ronin Network with a stolen amount of up to $625 million. In the second place is Poly Network with a total loss of $611 million. Poly Network is a cross-chain protocol, where users can use the same assets to profit from different fund pools. In this case, the hacker exploited the loopholes between different smart contracts to steal funds.
Both of the top two cases are related to DeFi. As this thriving sector is growing day by day, it has also become the preferred target for hackers.
According to the analysis of CertiK, a blockchain security firm, the hacker used malicious JavaScript code to hack into Premint and set up a pop-up window on the website, suggesting users verify their wallets here. It appeared to be something that can improve security, but in fact, it was a theft.
Popular NFT projects that had been stolen by that time include Bored Ape Yacht Club, Otherside, Moonbirds Oddities, and Goblintown. Hackers got about 280 ETH by selling the stolen NFTs on Opensea and other platforms. Since some skeptical users actively appealed to the community to be careful, the rapid spread of the news prevented hackers from selling more stolen NFTs.
After the hack, Premint issued an official statement to remind users that Premint will not require access to any transactions and that users should always stay cautious.
B. Fraudulent giveaways
Bored Ape Yacht Club (BAYC), one of the biggest NFT projects and liked by many public figures, has suffered 3 hacker attacks as of 2022.
On April 25, 2022, hackers gained control of BAYC’s Instagram account and posted fake airdrop information. Hackers stole 134 high-priced Boring Ape NFTs with a total value of about $3 million through the phishing link attached to the post.
In early June 2022, hackers posted malicious links on BAYC’s Discord server, claiming to give away free NFTs. Some users fell for the scam and had their assets stolen. According to PeckShield, one BAYC and two Mutant Apes tokens (worth approximately $350,000 in total) were stolen.
Source: OKHotshot Twitter
Tips for investors: Only invest in projects that have passed security audits. Cancel allowances that are currently not used. The following briefly describes how to revoke smart contracts allowances.
Revoking an approval/allowance of a smart contract means that the Dapp can no longer access the wallet or move the assets. Disconnecting your wallet means that this Dapp can no longer confirm authorizations, initiate transactions, or check past records. However, disconnecting from the Dapp does not mean that the wallet is also disconnected from the smart contract. The smart contract might still be able to move assets in the wallet.
Therefore, it is recommended to disconnect your wallet and Dapps, and also to revoke smart contract allowances at the same time, so as to prevent malicious smart contracts from secretly stealing your assets.
Tips for ensuring wallet security:
Although cryptocurrencies are outside of the regulations of most governments, traditional finance and the crypto industry are still interconnected. Crypto markets then are subject to regulatory uncertainties.
On September 4, 2017, the People’s Bank of China stated that it would restrict IC0s, and required the registration of new users to stop in 10 days and all related services to be terminated at the end of the month. After the release of these new policies, panic arose in the crypto community, and people rushed to sell their digital assets, causing a free fall of markets. But then the markets became bullish again, and at the end of that year, the bitcoin price embraced its first peak.
In order to curb the highest inflation rate of 8.3% since 1981, the originally dovish Fed abandoned its conservative monetary policy which lasted for more than a decade, raised interest rates in early 2022, and reduced its balance sheet in June, in an effort to withdraw market funds back to the banking system and reduce inflation.
However, this move also destroyed financial markets’ morale. As a result, U.S. stocks and cryptocurrencies kept falling for 9 consecutive weeks from the end of March. However, the Fed raising interest rates did not help the rocketing inflation rate much. Inflation rose to 9.1% in June 2022, another 40-year high. Today’s monetary policies along with the market depression bring only more disappointments to investors.
Although some of the above-mentioned risks are almost unpredictable and unavoidable when trading cryptocurrencies, good knowledge of risk management can still be very helpful.
According to the well-known Pareto principle, 80% of the assets should be stored in relatively safe cold wallets, making it impossible for hackers to steal. The remaining 20% can be placed in different “baskets”. Wise investors tend to diversify risks instead of avoiding them, thereby reducing the proportion of affected assets when risks become an actual danger.
Having a good understanding of risks and good habits is important. As demonstrated above, do not easily grant permissions to anyone or anything. You also need to be familiar with common scams. Remember that things that claim to be free always have hidden costs.
Due to its anonymous nature, crypto requires investors to keep all data and assets by themselves. Special care and caution are a must when it comes to managing private keys and transferring digital assets. Always be aware of the existence of DeFi hackers and revoke unused smart contract allowances.
Doing your own diligence and maintaining good trading habits work wonders in reducing risks and making your trading experience better.
What do you know about the risks of trading cryptocurrencies? As numerous cryptocurrency projects thrive, there are more and more risks to consider, including common scams, hacks, and regulatory risks.
Perhaps you have heard that crypto has higher risks compared to traditional finance. There are different ways of handling and responding to each type of risk. This article will discuss various risks that may lead to losses when trading crypto and propose risk management measures.
System risk is the inherent risk of the entire crypto industry, generally referring to the market price turbulence caused by internal or external influences.
For example, the Federal Reserve has been raising interest rates since March 2022 and then started shrinking its balance sheet in June, gradually reducing capital injections from its previous investment in bonds, causing market funds to flow back into the banking system, making investment markets suffer. In addition, the Russia-Ukraine war and the pandemic have caused the supply chain crisis, high unemployment rates, and hyperinflation, which forces the Fed to further raise interest rates, leading to a vicious circle.
How to manage system risks? Change your mindset and optimize your asset allocation. Do not panic sell and wait patiently for the next bull market.
Crypto markets are open 24/7. There is no price fluctuation limit , so liquidation risks caused by dramatic price changes must be taken into account.
Large-scale institutional liquidation in the crypto market in 2022: Celsius, a crypto lending platform implicated in the bankruptcy of Three Arrows Capital, made repayments to various lending protocols to reduce the liquidation price after suspending user withdrawals on June 13. Celsius still filed for bankruptcy on July 14, with up to 5.5 billion US dollars in debt. They are also suspected to have covered a loss of 40,000 ETH. On July 8, Tether liquidated an overcollateralized BTC loan of Celsius, which made Celsius lose nearly $100 million.
One of the repayments performed by Celsius was to move about 24,462 WBTC (worth as much as $530 million) to FTX. Although there is no official statement for why they made this decision, the community speculates that Celsius might intend to sell assets in exchange for liquidity to repay debts. But the sell-off led to strong selling in the market, which undoubtedly made the market price fall more drastically.
Following on Celsius’ suspension of user withdrawals on June 13, which caused panic in their community, Babel Finance, another cryptocurrency lending protocol also announced the suspension of redemption and withdrawal services. Babel Finance stated on its official website on June 20 that given the current context of high market volatility, Babel Finance is faced with a severe challenge on liquidity.
How to manage liquidity risks? When confronted with price fluctuations, liquidation risks, and others, you must make sure that you do your due diligence before investing in any projects and that the price of the asset is in line with its actual value. Optimize asset allocation to reduce the risk of running and price collapse.
The withdrawal suspension and trading halt on Celsius mentioned above fall into the category of exchange risk. Unlike traditional banks that can get short-term loans from other banks or the central bank, the DeFi system as an emerging industry has not developed an “interbank” lending model. Due to the liquidity dilemma of DeFi, if there is no economic model behind generating cash flow, with the high-interest rates, it is not possible to borrow from other protocols. Then the project will have to use the assets invested by new users to pay older users. Once there is no continuous capital injection, the project will face insolvency. Then withdrawal suspension will only lead to panic, deteriorate the situation further, and eventually force the company to file for bankruptcy.
Funds lost in transfers
When transferring, depositing and withdrawing cryptocurrencies, users are required to select the blockchain and input recipient address. If you select the wrong blockchain or input the wrong address, it can be very difficult to retrieve the lost funds. Please be extra-careful.
Lost private key
Each crypto wallet has a unique private key, which is composed of a 32-bit random number and 64 hexadecimal characters generated by an encryption algorithm. It is generally not possible to memorize the private key. Instead, people usually write them down or take a photo.
In traditional finance, if a user forgets his/her password, the bank can help retrieve or reset it. In crypto, due to its anonymity and decentralization, the ownership of the assets in the wallet can only be proved by the private key. You are the only person who knows your private key. If you lose it, no one can recover it and all the assets in the wallet are lost forever.
As of 2021, about 4 million bitcoins have been lost due to losing private keys. One of the most well-known cases - former Ripple CTO Stefan Thomas, has 7,002 BTC in his IronKey cold wallet, but he has forgotten the private key and cannot do anything with this huge sum. What’s even more tragic is that IronKey has a limit of 10 incorrect login attempts. After reaching 10 failures, the account will be locked forever. Now, Thomas has only 2 chances left.
How to control operational risks? Always pay attention to the news of centralized and decentralized exchanges. Stay rational when it comes to investment opportunities with crazily high annualized returns. Care should also be taken when funds are traded or transferred. And never lose your private keys!
The U.S. Federal Trade Commission (FTC) pointed out that from October 2020 to March 2021, up to 7,000 people lost digital assets to scams, amounting to approximately $80 million USD. Compared with the $7.5 million USD loss from 570 crypto scam cases in the previous year, the total loss has increased by more than 10 times, which means that crypto scammers work really.
Forms of cryptocurrency scams:
a. Hacker attacks
b. Phishing
c. Giveaway scams
d. Fake job offers
e. Refund scams
f. Fake IC0
g. Fake crypto wallets
h. SIM card scams
i. Malwares
Next, we will briefly explain the common forms of scams and how to deal with them.
Data from the crypto security firm CipherTrace shows that hacker attacks on DeFi in 2021 make up more than 60% of all hacker attacks in this year. In 2020, this proportion was only 20%. The stolen amount in the first half of 2021 is worth about 156 million USD, which is already higher than the total of 129 million USD stolen in 2020.
A. The biggest crypto theft to date
On March 30, 2022, Sky Mavis, the developer of Axie Infinity, claimed to have discovered that hackers stole private keys to falsify transactions and obtain other cryptocurrencies. The hacker stole funds from the Ronin bridge that Axie Infinity uses.
The total value of the loss is estimated to be around $625 million, including 173,600 ETH or WETH (about 597 million) and 25.5 million USDC, making it the biggest theft in the history of crypto.
Three months after the hack, the bridge connecting Ronin to the Ethereum mainnet was rebuilt and withdrawal services were restored.
Source: Ronin Twitter
B. Top 10 biggest crypto thefts as of June 2022
Source: Statista/Bloomberg, Business Insider, TechCrunch, CNBC, Ronin Network, Vice.
The victim of the biggest ever crypto theft is the above-mentioned Ronin Network with a stolen amount of up to $625 million. In the second place is Poly Network with a total loss of $611 million. Poly Network is a cross-chain protocol, where users can use the same assets to profit from different fund pools. In this case, the hacker exploited the loopholes between different smart contracts to steal funds.
Both of the top two cases are related to DeFi. As this thriving sector is growing day by day, it has also become the preferred target for hackers.
According to the analysis of CertiK, a blockchain security firm, the hacker used malicious JavaScript code to hack into Premint and set up a pop-up window on the website, suggesting users verify their wallets here. It appeared to be something that can improve security, but in fact, it was a theft.
Popular NFT projects that had been stolen by that time include Bored Ape Yacht Club, Otherside, Moonbirds Oddities, and Goblintown. Hackers got about 280 ETH by selling the stolen NFTs on Opensea and other platforms. Since some skeptical users actively appealed to the community to be careful, the rapid spread of the news prevented hackers from selling more stolen NFTs.
After the hack, Premint issued an official statement to remind users that Premint will not require access to any transactions and that users should always stay cautious.
B. Fraudulent giveaways
Bored Ape Yacht Club (BAYC), one of the biggest NFT projects and liked by many public figures, has suffered 3 hacker attacks as of 2022.
On April 25, 2022, hackers gained control of BAYC’s Instagram account and posted fake airdrop information. Hackers stole 134 high-priced Boring Ape NFTs with a total value of about $3 million through the phishing link attached to the post.
In early June 2022, hackers posted malicious links on BAYC’s Discord server, claiming to give away free NFTs. Some users fell for the scam and had their assets stolen. According to PeckShield, one BAYC and two Mutant Apes tokens (worth approximately $350,000 in total) were stolen.
Source: OKHotshot Twitter
Tips for investors: Only invest in projects that have passed security audits. Cancel allowances that are currently not used. The following briefly describes how to revoke smart contracts allowances.
Revoking an approval/allowance of a smart contract means that the Dapp can no longer access the wallet or move the assets. Disconnecting your wallet means that this Dapp can no longer confirm authorizations, initiate transactions, or check past records. However, disconnecting from the Dapp does not mean that the wallet is also disconnected from the smart contract. The smart contract might still be able to move assets in the wallet.
Therefore, it is recommended to disconnect your wallet and Dapps, and also to revoke smart contract allowances at the same time, so as to prevent malicious smart contracts from secretly stealing your assets.
Tips for ensuring wallet security:
Although cryptocurrencies are outside of the regulations of most governments, traditional finance and the crypto industry are still interconnected. Crypto markets then are subject to regulatory uncertainties.
On September 4, 2017, the People’s Bank of China stated that it would restrict IC0s, and required the registration of new users to stop in 10 days and all related services to be terminated at the end of the month. After the release of these new policies, panic arose in the crypto community, and people rushed to sell their digital assets, causing a free fall of markets. But then the markets became bullish again, and at the end of that year, the bitcoin price embraced its first peak.
In order to curb the highest inflation rate of 8.3% since 1981, the originally dovish Fed abandoned its conservative monetary policy which lasted for more than a decade, raised interest rates in early 2022, and reduced its balance sheet in June, in an effort to withdraw market funds back to the banking system and reduce inflation.
However, this move also destroyed financial markets’ morale. As a result, U.S. stocks and cryptocurrencies kept falling for 9 consecutive weeks from the end of March. However, the Fed raising interest rates did not help the rocketing inflation rate much. Inflation rose to 9.1% in June 2022, another 40-year high. Today’s monetary policies along with the market depression bring only more disappointments to investors.
Although some of the above-mentioned risks are almost unpredictable and unavoidable when trading cryptocurrencies, good knowledge of risk management can still be very helpful.
According to the well-known Pareto principle, 80% of the assets should be stored in relatively safe cold wallets, making it impossible for hackers to steal. The remaining 20% can be placed in different “baskets”. Wise investors tend to diversify risks instead of avoiding them, thereby reducing the proportion of affected assets when risks become an actual danger.
Having a good understanding of risks and good habits is important. As demonstrated above, do not easily grant permissions to anyone or anything. You also need to be familiar with common scams. Remember that things that claim to be free always have hidden costs.
Due to its anonymous nature, crypto requires investors to keep all data and assets by themselves. Special care and caution are a must when it comes to managing private keys and transferring digital assets. Always be aware of the existence of DeFi hackers and revoke unused smart contract allowances.
Doing your own diligence and maintaining good trading habits work wonders in reducing risks and making your trading experience better.