Cryptocurrency is becoming a popular investment because of how easy it is to trade. One out of 10 people invest in cryptocurrency according to an August 2021 CNBC/Momentive survey. Of those people, 65% began investing this past year. But cryptocurrency has also become a popular target for hackers.
Crypto Head, a cryptocurrency news site, has recorded 32 “notable” incidents of cryptocurrency hacks and fraud, with nearly $3 billion stolen in 2021. The latest platform to experience a hack is Coinbase, which announced a breach in late September. Hackers stole from at least 6,000 customers between March and May.
Hackers need to know your personal information, like email and password, to access your digital wallet. Here’s how to protect your money and personal information on cryptocurrency exchange platforms.
Get essential money news & money moves with the Easy Money newsletter.
Free in your inbox each Friday.
What protections exist for cryptocurrency
Cryptocurrency is not subject to FDIC insurance. However cryptocurrency exchange platforms likely have insurance to cover breaches, says Ryan Firth, certified public accountant and president at Mercer Street. For example, Coinbase has crime insurance. The company is reimbursing people and offering free credit monitoring in response to its latest breach. Coinbase did not respond to a request seeking comment.
You likely won’t get any tax relief either, says Derek Silva, a personal finance expert at Policygenius. After the 2017 Tax Cuts and Jobs Act, you’re no longer able to deduct financial losses from theft, like a cryptocurrency hack or scam. There are a few exceptions, like if you’re a victim of a Ponzi scheme, Silva says.
You also can’t deduct a loss due to your own negligence, like accidentally sending cryptocurrency to a random person, he says. “The only cryptocurrency loss you can deduct is a capital loss,” which means you sold the cryptocurrency for less than what you bought it for, Silva says.
If your cryptocurrency wallet is hacked and your money is stolen, you should contact the platform immediately, Firth says. “As soon as you notice that something fishy is going on with your account, change your passwords and tell the service provider what's happening,” Firth says. “Hopefully they're insured. But there are no guarantees on that.”
You could sue the platform if it is uninsured, but that could get costly and there’s no guarantee of success, Firth says.
Protecting your cryptocurrency
Cryptocurrency wallets are held on servers that are connected to the internet, making them susceptible to hacks, says Firth. But cryptocurrency exchange platforms give you options to protect your money.
When you create an account on any cryptocurrency exchange platform you will deposit your money into a hot wallet, a free digital storage space for cryptocurrency that is connected to the exchange and internet. A hot wallet is easily accessible, keeping assets liquid for quick trades or withdrawals. Hot wallets are more susceptible to hacks because they are connected to the internet at all times — even when you’re not trading, Firth says.
Some exchange platforms let users transfer cryptocurrency from a hot wallet to a cold wallet, a free storage space that is separate from the exchange and is kept offline at all times, Firth says.
Coinbase takes it one step further. It lets users store cryptocurrency in a vault, an offline space that requires several passwords. It takes more time to transfer cryptocurrency from the vault to a hot wallet compared to transferring it from a cold wallet to a hot wallet, Firth says. He suggests keeping your assets in cold storage when you’re not trading.
Your online activity is traceable, so it’s imperative to use strong unique passwords on cryptocurrency exchange platforms. He suggests downloading an authentication app, like Google or Microsoft Authenticator, as an additional security measure. If you use two-factor authentication on an exchange, opt for email verification rather than text messages. Some hackers will call phone companies and claim a lost cell phone, then redirect a number to a new device, he says. The best way to avoid a hack is verifying your identity on an email with a unique password, Firth says.
Image: ersinkisacik / Getty