At a virtual blockchain conference earlier last month, a session touched upon the risks and vulnerabilities of cryptocurrency. A panelist made the following statement:

“Crypto is not inherently risky.”

In crypto’s still young life, we’ve seen legendary large scale hacks. And it’s not just the exchanges that are targets. A teenage hacker stole a whopping $24M worth of crypto from BitAngel founder Michael Terpin. (I wonder how he explained that to his wife?)

Closer to home, we recently saw a Hotbit hack, and a CNS airdrop scam.
Some attendees may have gasped at the “not inherently risky” claim, especially coming from a panelist with deep experience in anti-money laundering, fighting financial crime, etc.

The panelist went on to explain that illicit actors will try to exploit any type of money. See his point: there isn’t anything about crypto and the underlying blockchain technology that makes it especially vulnerable. Wheresoe’er thar be gold, thar be pirates, matey!

What is unique about crypto and blockchain is that it is so young. A flood of new investors entered the market this year as bitcoin soared. Many of these investors were driven by FOMO (fear of missing out) and hadn’t done adequate research on how to transact safely. Investing your hard earned money in crypto, only to have it stolen from under your nose—what a shame. (Unless you’re an illicit actor yourself; then it’s called karma!).

Whether you are a long-time Centric investor, or recently joined the network, if you haven’t thought much about protecting your tokens—or if you could use a refresher—this post is for you.

So, how can you lose your tokens? Let us count thy ways.

Mistake #1 > Using Weak-Sauce Passwords

If you are still using password123, it’s time to wake up and smell the crypto, or you won’t have it in your wallet for long. If you’re old enough to be holding crypto, you’re old enough to be a responsible adult and secure your assets.

Solution: Ideally, all your accounts should have a unique password. But at least be sure your crypto-related accounts have unique passwords. Otherwise, you’re just asking for trouble. Familiarize yourself with best practices for password management and get that password up-to-snuff ASAP.

Mistake #2 > Reusing Logins

Maybe you’ve got a pretty killer login already. An email account through an encrypted email provider like ProtonMail. A password that would have left Alan Turning scratching his head. But if you are re-using a username and password combination on more than one site, you’re asking for trouble.

Need a wake-up call? Take a moment and search your email address here to see if your login has been part of any known hacks. You might be surprised.

Solution: Make sure you are using a unique username and password combination for every account—especially accounts related to your crypto.

Mistake #3 > Failing to Protect Your Logins

Even if you have a unique bulletproof username and password unique for every one of your accounts, if you have them in a small notebook labeled “PASSWORDS – KEEP OUT” in your center desk drawer, or worse, if they’re on a list tacked up on the wall of your cubicle, they still aren’t secure.

Solution: Keep your logins under lock and key. Memorize them if you can. There are also several good password manager programs available, such as 1Password.

Mistake #4 > Giving Away Your Private Keys

If you are storing your Centric tokens in the Centric Web Wallet, you don’t have to worry about your private keys. They are stored securely; hidden as a safeguard. If you are using a supported external wallet, however, you do have access to your private keys. It’s critical to keep them safe.

You wouldn’t go out on the street and hand a stranger the keys to your home, or park your car on the street with the key in the ignition. However, if you disclose your private keys to another individual, you are doing something equally irresponsible.

The private keys are just like the name sounds—a unique key (code) that “unlocks” and controls your cryptocurrency stored on a blockchain.

It seems obvious to keep your private keys safe, right? Of course. But what if someone you know and trust tells you they need them in order to help you with a support issue?

Something similar happened recently to a poor chap using one of Centric’s partner sites, Moolah.bet. He posted on the Moolah Telegram about a tech support issue. An imposter sent him a direct message, posing as one of the Telegram admins, and made just that claim. This user felt like he “knew” this admin, who always posted super helpful and encouraging information. So he fell for the trick, and handed over the keys. Poof! Tokens gone. Ouch.

Solution: Go to the chalkboard and write the phrase I PROMISE TO NEVER EVER REVEAL MY PRIVATE KEYS over and over until you are 100% confident you will never ever forget it.

Mistake #5 > Sending The Wrong Tokens

Another Centric investor recently learned a hard lesson when he deposited CNR instead of CNS to an exchange wallet. CNR does not trade on exchange; CNS is the token that trades on exchanges. This user either did not know, forgot to convert CNR to CNS before sending, or simply sent the wrong tokens. He contacted the exchange to ask if they could return his tokens. Unfortunately, the exchange declined the request, stating that they would only allow the user access to the tokens if CNR lists on that exchange. (If you understand Centric’s tokenomics, you know that will never happen).

While it may be easy to accuse the exchange of “stealing” the tokens, the truth is, the user sent them. And in the exchange’s defense, as crypto investors flood the market, exchanges see more and more of these errors. Refunding the tokens is not only time consuming, it exposes them to the risk of human error in issuing the refund, and raises suspicions that the errant token deposit was part of a scam. Some exchanges charge recovery fees, including flat fees which can exceed the amount sent.

Solutions:

 - Check and re-check any time you are sending tokens to make sure you are sending the right tokens to the right address. 

 - Talk through each step, out loud, before and as you complete it. 

 - Avoid mixing alcohol or recreational drugs with your trading.  

 - Take full responsibility for your trading. If you are using an exchange, educate yourself on their policies. Or accept that if you send the wrong tokens to an exchange, you’ll be at their mercy. 

Solution: Whenever you are transferring crypto, copy and paste the address you are sending to. Double check to make sure at least the first and last three characters pasted correctly (which is a pretty good sign that you pasted the entire address). Also, refer to the Solutions above to Mistake #5.

Mistake #7 > Leaving Tokens In An Exchange Account

So you’ve bought your cryptocurrency on a centralized exchange, and now what? All done, right? Wrong. It’s a frequent newbie mistake.

Most experienced cryptocurrency investors (if not all…because there’s always that one guy, right?) will tell you that once you’ve bought your tokens, you want to move them off your exchange account into an account under your own control. We covered this in a previous post, but it’s an important point, and bears repeating. (When investing in Centric, you want to convert your CNS to CNR…but that’s not the point we’re covering in this Mistake).

There are a couple of reasons you want to transfer your tokens off the exchange. First, as covered in the previous post, although you made a purchase on the exchange, the tokens reflected in your exchange account aren’t really your tokens. They are more like an IOU. Here’s a second (and related) point. Let’s start with an analogy.

Have you heard those heartbreaking stories of a bride who goes to the bridal shop to pick up her wedding dress, only to discover locked doors and an “out of business” sign posted on the window? It doesn’t matter if she’s put a deposit on the dress, or even paid in full. She’ll never see it again…nor will any of the other unlucky brides-to-be.

You probably get where we’re going with this, but if you haven’t connected the dots, let’s apply the analogy. What do you think will happen to tokens you have sitting on an exchange account if the exchange goes bankrupt or otherwise shuts down? Do you think you’re getting “your” (their) tokens? Umm, okay. Let us know how you make out with that.

Solution: When buying crypto through a centralized exchange, get in, and get out. Once your trade or purchase completes, and the tokens are available for withdrawal, transfer them to an external wallet under your control. Go on…take the crypto and run!

Mistake #8 > Playing With Unexpected Airdropped Tokens In Your Wallet

If you hold your Centric in the Centric Web Wallet, you don’t have to worry about this one. However, if you hold tokens (crypto or otherwise) in another hot wallet, such as TronLink, SafePal or one of the other supported wallets for CNS, you’ll want to pay attention.

Should you come across tokens that magically appeared (airdropped) in your wallet, chances are, it’s a scam. Unscrupulous scammers will create tokens (either original, or a “knockoff” of an existing token, that looks identical) and deposit small amounts in user wallets, knowing that some percentage of users will try to swap it for another token. However, the button they try to entice you to click on is for a smart contract that transfers tokens out of your wallet, and over to the scammers. Not cool. Centric investor DailyMynt has created videos about such scams.

Solution: Be highly suspicious of tokens airdropped to your wallet. If you don’t know what the token is, or how it got there, your best bet is to ignore it. It’s not worth losing your holdings hoping to gain a few bucks you did nothing to earn anyway.

Mistake #9 > Keeping All Your Crypto On Your Phone

At the start of this post, we referenced Michael Terpin’s loss of $24M worth of crypto, thanks to a phone hack. What’s even more astonishing than the dollar value; Terpin had his phone with him at the time of the hack.

How is this possible? It’s called a SIM swap. While it’s related to the SIM card on the phone, it does not require any physical contact with the phone or the SIM card. It’s a scam that’s done through the cellular carrier. It involves someone convincing the carrier they are you (and therefore the owner of your phone number), and then facilitating the transfer of your phone number to their device.

I’d be willing to bet Terpin wouldn’t have carried around a bag stuffed with $24M. Yet, with all of his crypto stored on a wallet accessible through his phone, he had all $24M stuffed in his pocket.

Solution: Just as you likely would not keep all of your savings in your physical wallet or purse, don’t keep it all in a hot wallet, especially one on your phone. Keep on your phone only what you need for day-to-day transactions. Consider cold storage such as a hardware wallet for the rest. Ledger and Trezor offer popular options.
Important: If you invest in a cold storage wallet, be sure to buy it from the manufacturer. Do not buy a used hardware wallet, or a wallet on a secondary market, such as eBay. If you do, the previous owner could still have the private keys and steal your crypto once you load it.

But Wait…You Forgot To Mention________!

Surely, there are more than 9 ways to lose your tokens.

Neglecting to use 2FA, anyone?

Still using text messaging for your 2FA, instead of an app like Authy or Google Authenticator?

Telling everyone on Telegram how much of a particular token you own?

Yep, we could go on and on. But we’ll cap it at nine for now. It’s great that you read this post. But have you taken action to protect your assets?

If not, why not schedule some time in your calendar to revisit this post within 24-48 hours, and up your crypto-security game?

How About You?

Have you lost tokens through any of these above 9 mistakes? Made other mistakes not listed here?

What mistakes would you suggest avoiding? Solutions you’d recommend?

We’d love to hear from you!

Let’s continue the conversation on Twitter or Telegram.