There are plenty of risks associated with sending cryptocurrency – most of which can be avoided by taking appropriate security measures and implementing basic checks and balances. Many consider these measures to be a nuisance or ‘bug’ of dealing with cryptocurrencies, when in fact they are instead a feature – being your own bank delivers financial freedom at the cost of managing your own security and financial protection.
Hackers can create malware that takes a cryptocurrency address copied into the clipboard and replaces it with another one that they control. Unless you double-check the pasted public address before sending, you will not know that it isn’t the one you copied.
Although the risk of having your clipboard hijacked is relatively low, we have heard many stories both from our audience and members of attacks like this taking place. Double checking public addresses before sending is a small price to pay to ensure that your clipboard has not been hijacked and taking basic security precautions with your general security (such as virus protection software and basic network security) is highly recommended to minimise the risk of this attack vector being used against you.
Unlike using a regular bank, you can’t undo a transaction if you accidentally send cryptocurrency to the wrong address or send the wrong amount of cryptocurrency. With a cryptocurrency, once your transaction is confirmed by the blockchain, it is virtually impossible to cancel or alter.
If you mistype the address by 1 letter or number and click ‘send’, you almost certainly will never get that cryptocurrency back.
Irreversibility is a risk because if you accidentally send more than you intended to an address—even if it’s the correct address—there’s no guarantee that you’ll get that money back. For example, if you send 0.005 BTC but you were actually meaning to send 0.0005 BTC, there’s every chance that you never see that 0.0045 BTC you overpaid.
Sending to the Wrong Blockchain
You can’t send a cryptocurrency to a blockchain to which it isn’t native. For example, you can’t send ETH to your Bitcoin wallet. Similarly, you can’t send BTC to your Ethereum wallet. Generally, the place where you’re sending your cryptocurrency from—such as an exchange’s website or your wallet app—will warn you when you paste an incompatible address. That said, relying on this warning isn’t best practice.
Are you sure you’re logging into CoinSpot? The crypto space is laden with phishing copies of highly visited websites such as those of popular exchanges. These fake websites are designed to steal your login credentials by making you think that you’re visiting the legitimate website. The difference between entering your login details to a fake website instead of a real one can be as subtle as a slight change of characters in the URL.
Short for ‘keystroke logging’, keylogging is the act of tracking the keys struck on a keyboard. Keyloggers are typically used by hackers to steal sensitive personal data such as passwords, usernames, seed phrases, PIN codes and credit card details. While these attacks are rare, it is worth being aware that this attack vector exists—especially when downloading extensions or programs from unreliable sources. Again, basic computer and network security can prove to be a low-cost measure to take to minimise the likelihood of being keylogged.