Written By
Ted Stevenot
Enticed by short-term gains, people try to trade their bitcoin position to gain more bitcoin. Especially when using leverage or other risky tactics, many amateur traders end up with less bitcoin compared to patiently and persistently accumulating bitcoin over time.
Whether the infamous Mt. Gox or more recent lending platform snafus, millions of people have lost bitcoin this way. Bitcoin left on exchanges face the risk of hacks, stolen passwords, insolvency, and confiscation.
Swipe up to sign up for a free webinar where you can learn how to set up cold storage for your bitcoin.
Often a subset of exchange risk, but unique enough to call out. An attacker convinces your phone provider to port your number to their account, then uses it to steal credentials or along with credentials acquired elsewhere to log in to your accounts and steal funds.
Self-custody is the way to go! But you must physically back up your seed phrase and keep it safe. Your seed phrase generates the keys you use to spend bitcoin, so treat it as such. Multisig can ensure your seed phrase is not a single point of failure.
Many bitcoin wallets give you the ability to add a passphrase to your seed phrase to give you an extra layer of security—but a passphrase can be risky too! If you ever lose the passphrase or can’t remember it, you will lose your bitcoin forever.
Malware is intended to alter your device for malicious purposes, including theft of bitcoin. Malware can include general information stealers and keyloggers, "clipper," which changes bitcoin addresses copied into your computer's clipboard, or malicious mobile apps.
A fake bitcoin wallet scam has you download a new wallet or "update" an existing wallet to a fake wallet engineered to steal your bitcoin. Don’t trust websites posing as “wallets” and always download your software wallets from known-safe sources.
It’s possible to lose bitcoin by sending it to the wrong address, whether that be simply pasting the wrong one or mistyping an amount to send. Always double-check amounts and destination addresses.
This occurs when private keys or seed phrase backups are stored on media that degrades over time—also known as “bit rot”. If the storage fails on a device you’re using and you don’t have a backup, you will lose access to your bitcoin permanently.
With phishing, an attacker uses manipulation via email, messaging apps, text messages, or other forms of communication to convince you to reveal sensitive information. This can include logins, passwords, PINs, or the seed phrase to a bitcoin wallet.
An attacker lists an attractive (usually high-priced) item for sale online and requires a down payment in bitcoin to “hold” the item. Once the initial bitcoin is sent, both the desired item and the scammer disappear.
Bitcoin is collected with the promise of high yield over a certain period of time. Interest payments initially increase confidence that the strategy is actually performing as promised. At some point, the party ends and your bitcoin principal is never recovered.
Many lending platforms promise you yield—anywhere from small to outrageous returns—in exchange for borrowing your bitcoin. If the platform faces overextended loans or excessive yield payment commitments, underlying bitcoin can be lost.
“Send us one bitcoin and we’ll send you back two!” The obvious result is that you send in one bitcoin and never hear from the scammer again. Some hacks have even made these scams appear on official accounts, so watch out!
This kind of attack occurs when criminals believe you have a sizable amount of bitcoin and attempt to physically coerce it from you with violence. This is where good opsec comes in. Low-hanging fruit: avoid putting bitcoin stickers on your devices!
Just because you feel you can trust someone today doesn’t mean that'll be true tomorrow. Anyone with sufficient private keys can spend your bitcoin (or be phished!). Be tactful about who knows your bitcoin balances, key storage practices.
While overexposure of information can lead to loss, so too can too much secrecy. When a bitcoin owner dies without providing next of kin access to the necessary wallets or seed phrases, their bitcoin is often lost for good.
Don’t get too fancy with bitcoin custody. You don’t want the steps to secure your funds to be so complicated that even you can't follow them. And just because you understand your security model today, doesn’t mean you’ll be able to remember it later.
This is when you attempt to back up a seed phrase by memory and destroy the keys stored on hardware devices. If you die or become incapacitated, your bitcoin is permanently lost.
If a bad actor were to get access to a hardware wallet before it's initialized by you, they could modify it to steal your bitcoin. Buy devices from known-safe sources and keep an eye out for signs of tampering.
Multisig wallets alleviate many of the issues on this list by requiring a quorum of keys to authorize spending. But one risk with multisig is undershooting or overshooting the optimal ratio of keys required to spend.
Bitcoin multisig with a partner like Unchained can help protect against all of these scenarios. Swipe up to learn more about distributing your keys geographically across multiple secure locations, so you can take control of your bitcoin while eliminating all single points of failure.