Cryptocurrency has been touted as the future of the economy, but it might be just as vulnerable to hackers as the cash in your wallet is to pickpockets.
Although there’s no official figure available for how many Australians have invested in cryptocurrency, Canstar data shows it was one of the top three investment options for first-time investors in 2021.
But investing in cryptocurrency is like buying a very expensive lottery ticket; there’s no guarantee of a huge payoff.
In fact, there is a constant risk of losing your entire investment.
According to national competition regulator the ACCC, more than $35 million was lost in Australia to cryptocurrency scams by mid-2021.
And once that money is gone, it stays gone, University of Melbourne cyber security lecturer Shaanan Cohney said.
“There is no remedy,” Dr Cohney said.
“In rare circumstances, if you are a corporate holder of cryptocurrency, there are various forms of insurance available. But those tend to be highly limited.
“For your average Australian consumer, once you lose it, it’s gone.”
Why is cryptocurrency vulnerable?
Everyone wants to get in early and make a buck in the online economy, but that is leaving room for error, University of New South Wales senior lecturer Eric Lim said.
Dr Lim compared the current cryptocurrency and blockchain culture to that of Silicon Valley, the American home to technological movers and shakers such as Apple, Google, and Facebook.
He said the Mark Zuckerberg-esque “move fast and break things” culture in the cryptocurrency space could be leading to design and security flaws as developers rush their products to the finish line.
Although developers might not have malicious intent, Dr Lim said the ultimate byproduct of lack of due diligence is that people get hurt and lose their money.
But the responsibility also goes both ways between the developer and the community using the product, he said.
“[A decentralised] ecosystem is owned by the community, and the community actually sets the standard in terms of the level of rigour that is required from such services,” he said.
“So, at this stage, if the community of such ecosystems does not actually demand a high level of rigour and a high level of scrutiny on such products and services that are being pushed into the market, then of course, it increases the probability of such hacks happening.”
Most common type of attacks
Dr Cohney said by far the most common type of hacking attempt is done through phishing attacks.
This is where someone will send you a message, likely through email, pretending to be someone you are familiar with to gain your trust, such as your boss or a company you know, and ask for your details.
If you give your details, either through email or on a website that the message has directed you to, “your funds will be removed very quickly”, Dr Cohney said.
He said malware, a common term for computer viruses, will look through your device to find your cryptocurrency wallet details, and will attempt to drain any wallets that you have of their contents.
“Also, there are just a very large number of scams out there,” he said.
“If something sounds too good to be true, it probably is.”
But not all is lost – there are some steps you can take to save yourself some financial pain.
How to protect your crypto
Sometimes there’s no better protection for modern technology than going old school and keeping things off of the cloud.
If you have cryptocurrency, then you’ll need a private key (typically a string of letters and numbers) to remove funds, and Dr Cohney said you should invest in a hardware wallet to keep it safe.
A hardware wallet is a physical storage device, similar to a USB or hard drive, that acts as a cryptocurrency wallet to store your private keys.
Dr Cohney said if you have given control of your private keys to a third party through a custodial wallet, such as Coinbase, make sure you have enabled basic security measures such as two-factor authentication and a strong password.
If you need to access your cryptocurrency or your custodial wallet, go directly to the official website rather than clicking on links and emails to get there, he said.
To decrease your chances of becoming a victim to hacking, Dr Lim said there is no better thing to do as a user than educate yourself.
He said the onus is on users to ask questions, just as it is for customers when buying a product such as a laptop.
“[If] I want to buy a laptop, it’s up to me to do the due diligence of researching which one is the best laptop out there,” Dr Lim said.
“If you are trying to use these decentralised apps or decentralised financial products, then it’s up to you to actually do all this due diligence yourself.
“Look at the the teams behind these projects, do they have the necessary credentials? Or do they have track records of pushing out good products and services? And what are the methods that these developers use?”
Dr Cohney said if you don’t understand a financial product, don’t use it.