Before you begin
One of the most overlooked pieces of advice when dealing with cryptocurrency is to register a separate email and use it exclusively for cryptocurrency-related transactions. If you have a second phone number, even better. The less your everyday email overlaps with the one used for cryptocurrency services, the safer you'll be.
Buying cryptocurrency and the risks involved
The easiest and most convenient way to buy cryptocurrency is through exchange platforms. Typically, they offer all the popular tokens within the top 20 by market capitalization, as well as other cryptocurrencies with smaller market capitalization popular among the audience.
First risk: incorrect wallet address
When purchasing cryptocurrency through exchangers, you need to provide the wallet address where the tokens will be sent. Usually, this is either a pre-created wallet on the exchange or an non-custodial wallet (on a mobile phone or in a browser). If you make a mistake when entering the wallet address, you will lose the entire amount without the possibility of recovery.
Second risk: scammers
When buying cryptocurrencies through exchangers, there is a risk of encountering fraudulent websites. Therefore, when searching for a service, it is essential to carefully examine its reputation before making any transactions. Check the domain's age, contact information, license details (if applicable), and reviews online. All this can be verified through aggregators. The most popular one is BestChange.
Third risk: linking with the crypto exchange in bank statements
Exchangers are often used to deposit and withdraw cryptocurrencies from crypto exchanges in order to buy rare tokens or actively participate in trading. However, it is also possible to buy cryptocurrencies directly on the exchanges using Russian rubles. At first glance, this may seem more convenient and secure, but in practice, if the bank detects a direct transaction associated with a crypto exchange, the security department may have a lot of questions.
Fourth risk: dirty money
Many exchanges today have built-in peer-to-peer (P2P) platforms that allow users to trade directly with each other without intermediaries. Despite having a more limited selection of exchange directions compared to exchangers, these P2P platforms often offer the most favorable exchange rates.
However, what exchanges don't tell you is that they don't verify the origin of the money being sent to you. On the other side, there could be a scammer or a drug dealer who transfers stolen or illicit funds to you. Although the likelihood of this is low, in such a scenario, at best, you could become a witness in a criminal case.
By the way, there is also a risk of receiving "dirty" cryptocurrencies if the platform does not have internal integration with a reputable crypto exchange that holds clients' tokens in its accounts.
It is worth noting that the need to make a money transfer to an unfamiliar person's card also carries its risks, especially if that person is involved in illegal activities. It would be difficult to prove that you were simply buying cryptocurrency and not financing their unlawful activities.
Fifth risk: large transfers
Even with small transfers, the freezing of accounts can never be completely ruled out, but it mostly depends on the transfer amount and the account's previous activity.
Specific amounts rarely interest the bank's security department. However, banks often analyze not specific transfers but rather the overall volume within a day, week, or month.
The more common a transfer seems, the fewer questions the bank will have. Try to maintain activity on your account within a reasonable range and avoid frequent large transfers, even if done in multiple transactions.
Sixth risk: wrong website
There have been numerous cases where scammers managed to launch fake advertising campaigns through search engine ad accounts, leading to theft of payment information or mistakenly sent funds.
To avoid this, it is important to save the service's address in bookmarks or manually enter it in the browser's address bar (just make sure not to make any typos).
Seventh risk: investing in risky assets
As a rule of thumb, the highest profits can be expected from participating in the youngest and most promising projects, NFT platforms, and DeFi services.. However, it's important to remember that the newer the technology, the less tested its security measures are, and the more vulnerable users' funds become. History has seen numerous hacks of young decentralized protocols, resulting in the devaluation of their tokens. Therefore, never invest all your funds solely in young projects.
Storage of cryptocurrency and associated risks
From the risks of buying, we smoothly transition to the risks associated with storing cryptocurrency.
Eighth risk: bankruptcy, hacking, and exchange closures
Centralized exchanges are subject to changes in the legal framework of their jurisdictions and may receive instructions from authorities of other countries regarding users residing in those countries. The availability of trading certain tokens can change even within a day. Additionally, funds can be frozen by court orders or prosecutorial requests. The functionality of the exchange can be restricted, including the ability to deposit/withdraw funds and engage in peer-to-peer trading.
Furthermore, hackers have stolen billions of dollars in cryptocurrency having conducted over two hundred hacks of major exchanges, online crypto wallets, and decentralized applications.
The recent incident of the rapid bankruptcy of one of the largest cryptocurrency exchanges at that time, FTX, indicates that no one is completely safe if their funds are stored in intermediary accounts.
Ninth risk: loss of secret key (or seed phrase)
An alternative to centralized storage with intermediaries is storing funds in non-custodial wallets. To simplify, these are services and applications that provide you with 12/24 secret words when creating a wallet.
Having these words in the correct order allows you to access your funds using any non-custodial application; they are fully interchangeable, even if some services cease to function. However, the opposite is also true - without this phrase, you will never see your funds again.
If you store the seed phrase on your computer or a flash drive, you should consider the potential risk of losing access to such a device or it becoming inoperable. The solution to this problem is duplicating the information on a second secure device or on paper (just remember to update the backup devices).
Using Cryptocurrency and Risks
Once the buying and storing process becomes clear, it's worth considering the risks associated with using cryptocurrencies.
Tenth risk: error in transaction details
Unfortunately, the most common mistake that leads to fund losses is sending a transaction to the wrong address. Blockchain systems are designed in a way that once an erroneous transaction is sent, it cannot be reversed, so the sent amount cannot be returned.
Even if no one owns the wallet to which the were mistakenly sent, the funds will still go to that wallet. The error can only be found if the number of characters differs from the required amount; if the error is in an incorrect character, the wallet will be considered correct.
Another common problem with transaction details is the absence of additional information in fields like Memo, Destination Tag, Message, or Payment ID. Some cryptocurrencies have such features where an exchange may have one wallet for hundreds or thousands of different clients. In such cases, to differentiate them, you need to specify the "account number" in the corresponding field; without it, the funds will be sent to the recipient's wallet but not to a specific account, going to the exchange without specifying the recipient.
In rare cases, it is possible to prove ownership of the transfer, but it is very laborious and time-consuming. Therefore, never ignore additional fields.
Eleventh risk: wallet substitution
Some viruses are capable of substituting cryptocurrency wallet addresses. Sometimes it is possible to detect substitution if it occurs in the clipboard (during copying). Simply compare the copied and pasted addresses. However, browser extensions from untrustworthy publishers can perform substitution directly on the opened websites. In this case, you won't even know that you sent funds to the wrong recipient.
Make sure to install antivirus software with up-to-date virus databases and disable all extensions, including ad blockers, while performing transactions. Minimize the potential influence of third-party applications and add-ons on the content of websites during cryptocurrency transfers.
Twelfth risk: using TOR
Using the TOR browser may seem beneficial as it adds anonymity but carries additional risks. Many exchange platforms and cryptocurrency exchanges explicitly prohibit access to users with TOR exit node IP addresses.
There have also been cases of infected nodes in the network. Those few gateways that belong to malicious actors, like viruses, are capable of substituting wallet addresses on exchange and trading platforms' websites.
Thirteenth risk: insecure web3 authentication
Web3 is considered to be the future of the Internet, providing an anonymous way of authentication and payment. However, along with its new benefits, this technology also carries risks.
By logging into a website that promises you free NFTs or a profitable token sale that someone "accidentally" sent to you, you are granting almost full unrestricted access to manage your wallet. Despite the efforts of many services to ensure maximum security for their users, there are still numerous ways to bypass this protection.
The solution to this problem lies in carefully evaluating the relevance and security of the project through which authentication is taking place using a crypto wallet.
Fourteenth risk: freezing of transfers
Although transactions in decentralized networks cannot be blocked or canceled, the use of any centralized services at any stage of a transaction reintroduces these risks in full.
For example, despite the decentralized nature of the Ethereum blockchain, stablecoins like USDT and USDC can be frozen by the issuer of these tokens. In such cases, the fund transfer simply won't be registered in the smart contract, and the recipient will not receive the funds.
Similarly, any wallet, exchange, or cryptocurrency trading platform can freeze the process of exchange or fund crediting. In other words, they will receive the transaction, but the specific service has the ability to do whatever they want with that transfer (within the laws of the country where the service is registered).
One should also not forget about AML (Anti-Money Laundering) risks, where the recipient demands identity verification and confirmation of the origin of funds that may be involved in criminal activities. For example, any transfers from the cryptocurrency exchange Garantex or the crypto service Bitzlato can be frozen by services around the civilized world due to their connection to sanctions imposed by the United States (due to possible money laundering associated with drug trade).
Always carefully check the legitimacy of the cryptocurrency before making a transfer to any centralized service (store, exchange, exchanger, online wallet, etc.). You can learn more about this in a separate article: Bitcoin anonymity is a myth.