Don’t keep your public key too public, and other tips to safeguard your crypto wallet
Someone has just deposited 0.001 USDT into your wallet. Was it a glitch, an honest mistake, or a sophisticated ad campaign? None of the above: that’s actually one of the popular crypto scams.
You may be a seasoned user who avoids custodial wallets, ignores “investment managers” in your DMs, and has never joined a Ponzi scheme, but do you know that even a cold wallet can fall victim to hackers and scammers — or that you can get blocked on CEXes for unknowingly holding dirty crypto?
As the adoption of crypto increases, so does the number of scams, which are getting increasingly inventive. So what are the most common schemes, and how can we safeguard our funds against losses?
Double-check the receiver’s address
Imagine that you are regularly transferring crypto to a friend or an employee. How many times have you checked her wallet address to the letter/digit? Most likely, never. Coping the wallet address from the last transaction with whom you interact is a common practice that reduces time. Most people memorize the last four digits of a wallet, thinking it’s enough to ensure the crypto is sent to the right recipient.
How exactly are similar addresses generated? This is done via what is known as “brute force”: basically, guessing until we hit the right combination. Brute force requires special software that uses computing power to generate passwords or text strings through thousands of combinations.
The last few symbols of the address from which the mysterious tokens arrived are the same to your friend’s wallet. As soon as it finds its way into your transactions’ history, it is easy to mix up the addresses and send the money to the hackers’ wallet instead. AMLBot reports that those victims who approached them due to this reason had a total loss of about 0.5 million USD.
Do your own AML check
Ask a crypto enthusiast what’s so special about blockchain; the most popular response will be transparency and traceability. In reality, though, most users (and even businesses) never question the origin of the funds.
Even if a tiny bit of your assets is dirty — that is, associated with hacks, scams, illicit activity, or sanctioned wallets — the consequences may be grave. For instance, dirty crypto can become the reason for a centralized exchange or payment system, blocking all your funds. In this scenario, the chances of getting the assets back are meager, and it will require the help of professional AML specialists — sometimes even through the court.
While only big businesses can afford to develop their own software and maintain a separate legal team, the market already has independent solutions: legal assistance and AML checks. For instance, the AMLBot API automates checking all incoming transactions and differentiates the sources according to their risk level.
Stay away from unknown tokens
Platforms’ smart contract audits are far from perfect, so malicious code and unintentional security vulnerabilities are always present. In the best-case scenario, you’ll get no revenue from selling the tokens since the smart contract may contain a hidden 99% transaction fee. Worse, if the token is listed only on a fake swap platform, the transaction approval process can trigger a transfer of your private key — or a dusting attack.
What is a dusting attack? It is a scenario where hackers deposit a tiny amount of crypto in your wallet: not to prompt you to send money to the wrong address, but to track your future transactions and deanonymize you. Usually, users aren’t even aware that they have been dusted, but this could undermine your privacy and make you a target for future attacks and blackmail.
Rules of thumb in crypto security
Let’s sum up the rules for protecting your funds and privacy. First, do your AML — even a small amount of dirty crypto can cause a disproportionate impact. In case of any doubts, contact the AML officer of an exchange or a payment system you are planning to use: it is much easier to negotiate or find an alternative way than to see all your assets blocked and have to resort to professional help.
Second, decouple your wallets: use one hot or cold wallet as a cash desk where you accept and send day-to-day transactions and the second as a vault. In this case, even if one of the addresses is compromised, this won’t put all your savings at risk.
And third, make it a habit to proactively check the incoming transactions — or leave the task to services such as AMLSafe. Identifying a strange token in your wallet gives you time to react: usually, simply hiding it from the interface or taking note of the address similarity is sufficient.
Our advice is to walk the extra mile when it comes to protecting your crypto assets. Yes, these rules may seem like they take a lot of work to follow. Still, once you sort them out, they will help you stay safe through the attacks.