Investing opportunities in crypto go way beyond bitcoin and ethereum. It is difficult not to get lost in the abundance of DeFi tokens, altcoins, stablecoins, and NFTs. While you might be looking for the biggest gains, security experts warn that fraudsters are just around the corner.
During the first quarter of 2021, cryptocurrency market capitalization broke past $2 trillion. According to CoinGeko, the DeFi (decentralized finance) craze was renewed and currently appears to be consolidating above the $90 billion market cap.
After Beeple sold his art piece for $69 million, the interest in non-fungible tokens (NFT) skyrocketed and has flipped the interest in DeFi. For every search of DeFi, there are four searchers for NFTs.
It illustrates how crypto provides limitless investment opportunities and is a goldmine for fraudsters, capitalizing on the crypto market boom.
According to CoinGeko, in the first quarter alone, a total of $132 million was lost due to DeFi exploits. For example, Alpha Homora lost $37M, and on 19 April, $80M worth of funds were stolen from EasyFi Network, a DeFi project on the Polygon Network.
Globally, crypto criminals ran away with $432 million as of end-April, according to the CipherTrace report. About 56% of that, or $240 million, were DeFi-related, a record peak.
Before you dive into the crypto world, there are a few things to be cautious about.
DeFi is a blockchain-based ecosystem that enables users to borrow and lend money outside the traditional form of banking and does not rely on middlemen, such as banks, brokerages, and exchanges. There are countless DeFi projects and tokens, with Uniswap, ChainLink Token, Wrapped BTC, and Aave Token being the most popular ones judging by the market capitalization.
According to CoinGecko, during the first quarter, DeFi’s market capitalization hit a new all-time high (ATH) at $95.7 billion. It is a 382% increase from $19.83 billion on 1st January 2021.
“This is likely because Bitcoin surpassed $60,000, while its dominance dropped in the same quarter, suggesting that capital is flowing from Bitcoin to DeFi assets,” CoinGeco explains.
While this also means countless opportunities to invest, experts warn users to be cautious about various new DeFi projects.
Evgenia Broshevan, a co-founder of a global security ecosystem Hacken, says that the DeFi ecosystem is building up. Yet, she warns about the abundance of DeFi projects.
“There are many not good quality projects. There are many projects whose main goal is to get money and disappear. You should be careful when you select where to invest the money. You should carefully check the project. Its security, founders, and a lot of other factors,” she told CyberNews.
Whether you invest in various cryptocurrency projects through such well-known platforms as Binance, Coinbase, or Kraken, there are still a few things to check before you go.
“A lot of users invest their money, and they do not even know what is behind that, what is the functionality of smart contracts, of their protocols, and if the founders can take the money and disappear. That is why it is important to check the security part,” Broshevan.
While banks are more conservative, crypto exchanges are accessed from all over the world, and the pressing challenges to them are to be up to date, secured, and transparent. These exchanges are hacked constantly.
In 2019, Binance suffered what it called a “large-scale security breach”. Cybercriminals stole 7,000 bitcoin, equivalent to over $40M at the time, some two-factor authentication codes, and API tokens. For the whole of 2020, losses in the crypto sector through fraud and crime were estimated at $1.9 billion. In 2019, crypto crime losses hit a record $4.5 billion. While this is a sharp fall, the DeFi boom attracted criminals.
According to CoinGecko, DeFi exploits that occurred in Q1 totaled $131.9 million in losses. In comparison, losses from DeFi-related hacks exceeded the $129 million taken for the whole of 2020. In February, Messari calculated that over $284 million in DeFi was lost to hacks since 2019.
So, if you are looking for ways and places to invest in crypto, and you are not only after the biggest gains but also worry about the safety of your future fortune, there are a few things to check.
Broshevan suggested checking the crypto exchange's cybersecurity score. According to Hacken’s cybersecurity ranking and certification platform cer.live, Whitebit is the most secure crypto exchange platform with a 9,96 rating. The next top 4 are Crypto.com (9,82), Binance US (9,74), Binance (9,54), and Coinbase (9,38). Kraken has a rating of 8,75. There are dozens of uncertified platforms with a security score of less than 5. If a platform does not have penetration testing running for at least a year, there is no proof of funds and no bug bounty program, then it is not certified.
CoinGecko integrates cer.live cybersecurity score into their trust score, according to which, Binance, Coinbase Pro, Bitfinex, Kraken, and Binance US are the most trusted crypto exchange platforms. Cer.live also lists various DeFi projects by their cybersecurity score.
“You should also check the information on how they process your data, what do they do for security, do they do external audits, do they have bug bounty programs, how they work with ethical hackers, do they have some insurance,” Broshevan suggested.
For instance, Binance has a special insurance fund designed to cover losses. Gemini, Coinbase, Crypto.com, and Robinhood claim to have also ensured the safety of assets.
“There are few exchanges that do this, but really few of them,” Broshevan said.
Despite all the risks of investing in crypto, she believes that it is becoming a safer place to invest, and many protection mechanisms are being developed and already in place.
“The idea behind one of our projects, which is in a process now, is to have some security oracle, which will notify all exchanges about the direct addresses of hacked crypto, and these exchanges will not accept it. So the hacker who stole the money will not be able to cash it out because it would be blacklisted everywhere, at every exchange. The idea is to make it decentralized, anonymous but safe enough to prevent this kind of hacks,” she said.
Who are the rogue hackers?
“Those guys who are specializing in financial systems, they apply their knowledge to crypto exchanges, DeFi projects, but also you need specialized knowledge for technical aspects of crypto, smart contracts. I would say that it combines the traditional cybercriminals from the financial industry and newcomers who understand the specifics of this business,” Broshevan said when asked who is attacking the crypto market.
People are still the weakest link, and many scammers target unattentive users. The BBC published a story about how a fake Elon Musk giveaway scam cost the man £400,000. He followed the link to a fake giveaway on a counterfeit Elon Musk's Twitter profile and transferred all the bitcoins he had to the scammers after believing their story that they will double his money.
“We saw that there are different scam websites which are just impersonations of real ones. For a famous project, they do the same website, only a malware one, to get the money from people who are not skilled enough to understand the difference between a real project and a scam,” Broshevan said.
While some criminals are targeting unattentive users, others might attack a specific company or even launch a massive attack targeting many victims with different techniques.
Malicious actors also exploit the vulnerabilities in the logic of smart contracts.
“The big guys are targeting big exchanges and projects. Less-skilled guys target users and their unattentiveness,” she said.