cryptocurrency

Over $10 Billion Was Stolen in DeFi-Related Theft This Year. Here's How to Protect Yourself From Common Crypto Scams

Zephyr18 | iStock | Getty Images

It's been a big year for digital assets. With growing interest in the space and mainstream acceptance, the value of the cryptocurrency market briefly surpassed $3 trillion in November, and top coins like bitcoin and ether hit all-time highs.

But with the hype, scammers saw opportunity. Between January and July alone, $681 million was exploited in major cryptocurrency thefts, hacks and fraud, according to intelligence firm CipherTrace.

This year overall, many of the most notable hacks involved decentralized finance, or DeFi, projects, with more than $10 billion lost to DeFi theft and fraud, a November report from blockchain analytics firm Elliptic shows.

Though it's impossible to find a sure bet, experts recommend investors fully understand the risks surrounding cryptocurrency, and DeFi especially, before buying in. There are also a few common scams and pitfalls to be aware of when trying to protect your investments.

Here are some tips.

1. Research thoroughly

In June, billionaire investor Mark Cuban lost big when trading a DeFi token that ended up crashing to zero in one day. His major takeaway? "Do your own research," he told CNBC Make It.

DeFi or not, investors should take time to research before buying into any crypto project or token.

While no checklist is foolproof, investors should start by looking into a project or token's website, where it's available to buy, its white paper and its listed developers or founders. Though these attributes aren't the only markers of whether something is sketchy or not, they can be helpful when trying to determine what to invest in and reveal more about a project that wasn't obvious at first glance.

2. Check out the smart contract

Smart contracts, or collections of code that carry out a set of instructions on the blockchain, are essential for most crypto-based projects to run.

Although they can be quite technical, it's worth checking out the smart contract behind a project, or asking someone knowledgeable about the space to do so. That's because if there is an issue with a developer's code, then there could potentially be weaknesses within the project.

When Poly Network, a DeFi platform that connects different blockchains, was hacked in August, experts said that the hacker was able to exploit an issue with the coding of the network. Though the hacker ultimately returned the stolen funds, it was one of the biggest cryptocurrency thefts ever.

That's why it's worth looking for projects that take safety precautions and are well-audited, says John Wu, president of Ava Labs, a team supporting development of DeFi applications on the Avalanche blockchain. An audit aims to uncover if there are issues in a project's development, including if it's possible for a central party to control the network or its funds.

A few "big red flags" when analyzing a project can include "applications that don't share their code or ignore concerns in their forums and social feeds about security," Wu previously said.

And if something feels off, it likely is. "When in doubt, trust your gut or look for more objective members of the community with the technical expertise to thoroughly review the code," Wu said.

Even if a project is audited, it's still possible for a sketchy project to slip through the cracks, so experts are clear: You should only invest as much as you can afford to lose.

3. Understand reputation risk

Reputation risk is the threat that a project may not be in good standing and may potentially have founders without the best intentions, Meltem Demirors, CoinShares chief strategy officer, previously said. It's critical to try and determine if the founders of the project are credible before investing.

"Some of the best projects are led by anonymous or pseudo-anonymous founders who protect their privacy, so I don't write a project off for that, but I do expect transparency on the application," Wu said.

"Pump and dump" and "rug pull" schemes, where developers abandon a project and leave with investors' funds, are frequent in the crypto space. In November, a token named after the popular South Korean Netflix series "Squid Game" plunged near zero after its anonymous founders cashed out.

Many social media influencers, celebrities and even executives have been paid to pump tokens or projects online. But that doesn't mean it's valuable or a good investment. Feeding into social media hype will often result in money lost, experts say.

As the SEC warned in 2017, "it is never a good idea to make an investment decision just because someone famous says a product or service is a good investment."

4. Keep your wallet safe

It's extremely important that your private keys, the string of letters and numbers similar to a password used to unlock access to cryptocurrency, remain undisclosed to the public.

There are many wallet options available to secure your investments and private keys. With a non-custodial, or self-custody, wallet, you are in control of your private keys and you own your cryptocurrency holdings. Though there are still risks, cold wallets, or hardware wallets, are widely considered to be the safest option to store private keys.

You should also be aware of bad actors in the space. Popular scams include sim swapping, where hackers call your phone company and convince them to transfer your phone number to theirs in order to pass the two-factor authentication on your account.

Others try to airdrop fictitious tokens to your wallet to attempt to get victims to approve transactions or lead them to the website of a scam project.

Some attackers buy Google ads that appear when users search for popular crypto wallets. Once the victim clicks on the ad, thinking it is a link to their wallet site, they're directed to a phishing site that looks real. Victims enter their credentials, giving their private keys to scammers.

All in all, it's important to remain skeptical when receiving outside messages regarding your crypto wallet. Be aware of fake accounts claiming to be crypto influencers or celebrities.

"If it's too good to be true, it definitely is," Philip Martin, chief security officer at Coinbase, previously said. "No one on Twitter is going to send you back double what you send to them."

Sign up now: Get smarter about your money and career with our weekly newsletter

Don't miss:

Copyright CNBC
Contact Us