FB Pixel no script2021 was a year of crypto hacks, here are some tips for staying safe in the future | KrASIA Year in Review | KrASIA

2021 was a year of crypto hacks, here are some tips for staying safe in the future | KrASIA Year in Review

Written by Stephanie Pearl Li Published on   6 mins read

KrASIA spoke with experts who shared key advice for investors.

With the crypto market hitting a value of over USD 2.2 trillion as of December 21, digital asset trading has become a red-hot space. Asia, in particular, is leading crypto adoption around the world, with Vietnam making the most progress in transaction volume, followed by India and Pakistan, according to a report by blockchain data firm Chainalysis.

Although it has been extremely lucrative for some, crypto is an extremely volatile asset. What’s more, as this space becomes increasingly popular, an array of dishonest actors have proliferated with different schemes and strategies to trick investors.

“When it comes to crypto, there’s so much hype around it. Unfortunately, some news headlines or social media chatter are [mostly] about returns. There’s an atmosphere of not wanting to miss out,” Sherry Goh, country manager of Singapore at crypto trading platform Luno, told KrASIA.

“Some investors jump into crypto because their friends are doing it, but they lack a proper understanding of how crypto works and what it is,” she said. Goh added that novice investors who have a limited understanding of crypto investments are in a fragile position.

Stronger knowledge of how the crypto world works and some key preventive measures can help investors avoid scams. KrASIA spoke with several experts who shared their advice for investing in crypto in a safe manner.

Skip DeFi platforms that promise ‘too good to be true’ returns

Scams have taken over USD 7.7 billion worth of crypto away from victims this year, making it the largest form of crypto-based crime by transaction volume, up 81% compared to 2020, according to another report by Chainalysis.

Rug pulls have emerged as the “go-to scam” in decentralized finance (DeFi). A rug pull is a scheme where developers abscond with investors’ money after tricking them into a seemingly legitimate crypto project. This method accounted for 37% of total crypto scam volume in 2021, compared to only 1% in 2020, according to Chainalysis.

In a rug pull, developers create what appears to be a new and promising token and list it on decentralized exchanges. Investors buy the token, hoping to be among the first to gain high returns, while developers also secure liquidity to fund the project. However, after securing a certain amount of liquidity, developers drain all funds from the liquidity pool, with the investors left with digital tokens that have no value.

Rug pulls have become a huge part of crypto scams. SQUID was one recent case that rode on the back of the popular Netflix series, Squid Game. Photo by Jonas Augustin from Unsplash.

A recent example occurred in October, when a cryptocurrency called SQUID, inspired by the popular Netflix series Squid Game—but without any affiliation with the TV show—began trading on decentralized exchanges such as PancakeSwap, CoinW, and BKEX.

The coin’s price quickly surged from less than USD 0.10 on October 26 to over USD 523 on November 1, when it reached a valuation of nearly USD 5 million, according to data from CoinMarketCap. That same day, the project’s founders drained the liquidity pool in a matter of minutes, taking at least USD 3.2 million, according to data from BscScan.

According to experts, the rise of rug pulls could be attributed to the low entry barrier of starting a token project. It is “relatively easy” to create a new token on decentralized and open source blockchains like Ethereum or the Binance Smart Chain. Changpeng Zhao, CEO of Binance, recommends novice investors use centralized platforms (CeFi) for their investments, as these platforms offer better protection and there are “more opportunities for remediation” in case problems arise, according to a recent post published on the Binance blog.

“We’re entering a period of peak speculation—people are looking for the next get-rich-quick scheme or 100x opportunity. The truth is, those 100x don’t come along often. And when they do, they usually come with a ton of risk, sometimes so much so that the lines get blurred between investing and gambling,” Zhao wrote.

Goh agrees with Zhao, adding that one universal tip is to avoid projects that offer promises of unrealistic returns. “I always tell people that if something sounds too good to be true, it probably is.”

If investors still want to use DeFi exchanges, a way to scrutinize their validity is by checking whether the project is audited via established crypto platforms like CoinMarketCap, a spokesperson at blockchain security firm SlowMist told KrASIA. However, he added that investors should be aware of the higher risks associated with DeFi platforms.

Beware of fake platforms and phishing attempts

Scammers are also using phishing methods, such as creating fake websites, to scoop up victims’ personal and financial information, Goh said.

In early November, NFT pet breeding game Axie Infinity said on Twitter that a scammer tricked a member of its support staff into sharing his account information, which allowed the scammer to directly access the staff member’s Discord account, bypassing a two-factor authentication system.

The hacked account enabled the cybercriminal (or cybercriminals) to spam fake Axie Infinity websites that claimed to offer exclusive sales. The URLs were propagated by a Discord bot and sent via the play-to-earn game’s announcement channels so that they appeared to be legitimate. Over 155 Axie players clicked the links and lost over PHP 5 million (USD 98,600), according to the Manila Bulletin.

Discord servers of Axie Infinity and Phantom Galaxies were the latest victims of hacks. Picture by Alexander Shatov from Unsplash.

Almost two weeks after the incident, on November 19, Phantom Galaxies, an NFT game developed by Blowfish Studios, a subsidiary of Hong Kong blockchain unicorn Animoca Brands, saw its Discord server hijacked by unknown hackers. Hackers were able to siphon a total of USD 1.1 million after tricking users into paying a “mining fee” of ETH 0.1 for a new NFT minting event that never happened, according to a later investigation by the Animoca team.

“Hackers are getting smarter in their techniques, and they are capable of creating websites that look similar to the official ones,” the SlowMist spokesperson told KrASIA. He said investors should always check URLs to ensure they lead to official websites.

“Whenever you search for a project online, never click on the sponsored ads [which scammers often purchase to promote fake products]. When claiming an airdrop, or transferring new coins into a wallet, create a new wallet to interact with these sites instead of using your original wallets,” he added.

Use cold crypto wallets

Investors should save their crypto assets in cold wallets, a more secure crypto storage method than hot wallets, as they are not connected to the internet, Hong Qi Yu, founder of crypto trading platform Tokenize Xchange, told KrASIA.

Hot wallets are crypto wallets usually provided by exchanges, which are more vulnerable to attacks as they are connected online. “A lot of hacking you see in the news happens because the exchanges do not have all the [security] structure in place,” Hong said.

In early December, hackers stole USD 196 million in digital assets from centralized crypto exchange BitMart. Poly Network, a DeFi platform that allows users to move tokens across blockchains, also suffered a historic breach that drained USD 613 million from its coffers in August, although the hacker later returned nearly all the stolen assets, according to the firm.

Experts also recommend never sharing the seed phrase, a unique set of 12 to 24 words that provides access to a user’s crypto wallet. “It doesn’t matter who is asking for it. You never give out your seed phrase because that’s like giving somebody access to your house keys,” the SlowMist spokesperson said.

Consumers and investors should never share their passwords, banking details, two-factor authentication codes, or one-time passwords with anyone, Goh added.

Despite all the security measures, experts agree that investors should always undertake thorough due diligence and risk management before investing. “The key point is to do risk management. Don’t put all your wealth into a high-risk investment,” Hong said.


Auto loading next article...