Is Cryptocurrency Safe To Invest?
This article has been written by Mark Silverman, you can learn more about him in his bio at the bottom.
That’s probably the number one question on most peoples’ minds when they consider getting started speculating in crypto assets.
There are a couple of layers to this question. The first has to do with market volatility: Are crypto assets low-risk or no-risk investments? In general, the answer is decidedly no. Most of the major household name cryptocurrencies and tokens -like Bitcoin, Bitcoin Cash, Litecoin and others – have a long track record of market volatility that would make an average day trader blanche.
Some few cryptocurrencies have been developed to mirror the performance of individual securities. But early attempts have not been reassuring. Tether, a cryptocurrency designed to mirror the U.S. dollar, ran into trouble recently when the investment community questioned whether it truly held the dollars required to completely back its crypto. And CoinoUSD proved to be a total flameout.
You’d think creating a crypto asset backed entirely by actual cash reserves in the appropriate currency would be simple enough, but success has proved elusive thus far. So even cryptocurrencies designed to be liquid safe havens (to the extent the dollar itself is safe) have proven to be very treacherous, thus far.
So if it’s low volatility you’re looking for, crypto is not the place for you.
That could change in the future, as the market and supporting technologies mature. But at present, anyone even thinking of dabbling in crypto assets should be prepared to bear significant to extreme risk.
The other layer to this question goes to the matter of security. Market volatility aside, is crypto secure? Can you expect your holdings to be safe from theft, loss or corruption? Is crytocurrency trading secure and confidential?
And on this score, the answer is more complex.
The crypto economy has many layers. At the root of it are the various blockchains themselves. Blockchain refers to the digital coding that verifies and records every transaction, distributing the information across a diverse network of potentially tens of thousands of computers (or more) each serving to verify and back up the information. The system “knows” which accounts own which coin at all times, and everyone who owned each individual coin or token before.
This base layer of the crypto economy has proven very secure, and nearly impossible to hack. For those cryptocurrencies in common usage today, the problem has not, by and large, been vulnerability at the blockchain layer.
But there are chinks in the armor, and these chinks can be and have been exploited by thieves and criminals who have stolen billions of dollars in value over the years.
The vulnerabilities these criminals target are in transactions, transmissions of passwords and password management, and poor data security practices on the part of both individual users and exchanges and other vendors in the crypto economy.
Some of the successful crypto heists have been spectacular:
– Between 2011 and 2014, cyber thieves penetrated the Mt. Gox exchange and stole $350 million worth of Bitcoin.
– Bitstamp saw $5 million in tokens stolen in 2015.
– Just weeks before this writing, thieves penetrated Zaif and stole $60 million in Bitcoin, Bitcoin Cash and Monacoin.
– Earlier this year, hackers penetrated Coincheck NEM and stole more than $400 million in tokens.
In Coincheck’s case, the Japanese parent company vowed to use its own money make its investors whole. Which is an encouraging sign that the market is beginning to mature: At least some of the major exchange participants are sitting on enough capital – or have managed to obtain insurance – that enable them to make good on losses of this magnitude.
Crypto speculators should understand that this market is still almost entirely unregulated. If you’re not happy with an exchange or other vendor, there’s no government agency you can go to with a complaint. There are generally no licenses involved that can be revoked by some regulatory authority if some vendor or exchange is negligent or steals your money, or if you get hacked.
The crypto world is a far cry from dealing with investment companies, brokerages and custodians in developed economies like Canada and the United States. In Canada, if you have money at a bank, and the bank fails, the Canadian Deposit Insurance Corporation will protect you, up to $100,000 per account.
Similarly, if you have money in a Canadian brokerage, and they lose your money, or your securities, or your account gets hacked, or some insider steals your assets, the Canadian Investor Protection Fund (CIPF) will step in and make you whole – up to the limits of CIPF coverage.
The same applies in the United States: The Federal Deposit Insurance Corporation (FDIC) will reimburse depositors of insured accounts in the event of a bank failure. And if you have money in a member brokerage or investment company, the Securities Investor Protection Corporation will step in to replace lost or stolen securities, or cover you in the event of a brokerage failure – up to $500,000, including a limit of $250,000 for cash.
It is routine for investment companies to arrange additional insurance protection – often through Lloyd’s of London – for larger deposits.
But no such insurance or support structures yet exist for crypto exchanges. Even the prominent ones. There are still laws against breach of contract, theft and fraud, and if you can bring a case on those grounds. But much of the crypto world is still shadowy, with a lot of anonymous transactions.
Even if the accounts responsible for thievery can be identified and are within the jurisdiction of a government inclined to take action, it is next to impossible for law enforcement agencies to freeze or seize those assets in order to compensate victims.
If you send crypto to the wrong vendor overseas without being sure of who they are, or if they can steal your password or key information or hack into your exchange account or your digital wallet, it’s pretty much like losing cash. Don’t expect to get it back.
There’s another hazard to be aware of, too: If you have your crypto coin in cold storage on a hard drive or wallet device, and you lose or destroy that device, you may be out of luck.
Ask James Howells, an IT worker in Newport, South Wales in the United Kingdom, who accidentally threw away a hard drive with 7,500 Bitcoin on it – worth $27.7 million at today’s prices. At its peak, the hard drive was worth $130 million.
The hard drive is at the bottom of a landfill outside of town — and James isn’t getting it back.
This isn’t a knock on Bitcoin or cryptocurrency as a concept. The vulnerabilities of cryptocurrency security against thieves and criminals are the same as those of the banking and brokerage systems: Thieves don’t have much luck penetrating the root algorithms, but they can and do exploit human error and weaknesses in password management, transmission security and encryption, and even old-fashioned kidnapping and ransom schemes.
At this point, crypto assets are still vulnerable to legislative and regulatory risk. That is, any given government could decide to crack down on any and all crypto activity within its jurisdiction. This could shut down entire exchanges, or put a severe crimp on the number of vendors who can legally accept crypto for goods and services.
Today, crypto as an asset class is likely too big for any government to stomp out completely. China all but banned crypto trading within its borders last year, and earlier this year directed Chinese banks to cut off transactions with crypto exchanges and other trading platforms dealing in tokens and cryptocurrencies – an effort that failed dismally, as Chinese crypto activity quickly switched to Hong Kong, which wasn’t covered by the ban.
India is also making noises about some form of crypto ban. But nationwide bans could affect the utility of any given currency for buying goods and services. Most likely this ban would prohibit conversion transactions into and out of the rupee – India’s national currency – but would not ban cryptocurrency possession.
This wouldn’t directly affect crypto holders in Canada and the U.S. but would make it more difficult to do business in India, and potentially take a lot of vendors off of the network. Since currencies depend on network effects for their value, it would theoretically knock down crypto asset prices.
Canadian Banks Banning Crypto Transactions
However, governments don’t have to ban cryptocurrencies directly in order for the heat to come down on crypto users and traders. The Bank of Montreal, a prominent Canadian bank, announced that it was prohibiting its credit and debit card users from using their cards to engage in cryptocurrency transactions. Toronto Dominion (TD) made a similar move last spring, and the Royal Bank of Canada also decided to restrict crypto activity on its networks, though stopped short of an all-out ban.
Canadian crypto enthusiasts are free to continue to trade in Bitcoin on other decentralized platforms, but Canadian regulators thus far appear to be viewing the crypto world with some trepidation.
How to stay secure
If you’re in Bitcoin or any other crypto asset, you should probably buckle up for a wild ride. Hopefully that’s just because of market forces. At least market volatility has an upside. That’s not the case for cyber theft, fraud, ransom software and other forms of crypto-related crime.
Here are some of the fundamentals on how to protect yourself against thieves, hackers and fraudsters:
Keep digital keys backed up. Losing your digital key essentially locks you out of your crypto. Yes, some currencies and some exchanges have ways of recovering that information – but the easier they make it for you to recover a lost digital key, the more vulnerable they have to make it to hackers or insider corruption.
Use anti-virus software and keep it updated. This will help prevent your computer from becoming infected with viruses and trojans that seize data for ransom or outright steal digital keys and other sensitive information.
Use a virtual private network. Hackers have a hard time cracking the blockchain codes. But they have lots of success tapping into unsecure connections. Never engage in crypto activity unencrypted over a public Wi-Fi network, or even one in your apartment where your neighbors could have sniffers engaged and logging your keystrokes.
Practice sound password management. The strongest passwords are entirely randomly-generated characters. Here’s a random password generator you can use: https://passwordsgenerator.net. You can select up to 2048 characters. No one’s going to crack that via brute force anytime soon.
Of course, the more difficult your password is, the more difficult it’s going to be to remember it. Which means you’re going to have to write it down somewhere – which is a security risk in itself. Balance security with real-world usability.
Use “cold storage” techniques. Segregate unneeded crypto into a “cold wallet,” disconnected entirely from the Internet. But be aware that sophisticated criminals are deploying tools that can even crack through an “air gap,” turning the device itself into a transmission device, even if it’s not connected to the Internet via Ethernet or other common internet protocol.
Use 2FA authentication. But not SMS codes, which are easy for determined criminals to intercept. If you must use an SMS 2FA, and your software or mobile app gives you a choice between a TOTP and an HOTP protocol, choose TOTP. It changes the password every 30 seconds and requires synchronization between the 2FA server and your mobile device.
Use a known and trusted escrow service to facilitate transactions.
Before sending any money to any Bitcoin or crypto operation, check the site against this list of known scam sites.
And, as always, read the white paper and all accompanying documents thoroughly.
About the author:
Want More Badass Content Like This?