How to Avoid Getting Crypto Hacked

By Raj

A dangerous reality of the crypto space is that if you’re not careful, you will get crypto hacked.

There are a lot of bad individuals out there looking to steal your digital property. As we’ve seen in abundance as of late, the problem seems to only get worse as time marches on.

Crypto hacks and scams are particularly nasty during bull markets. These are periods when a flood of new crypto projects typically hit the market in a short period of time.

Then, to catch the ride up, perhaps you buy a token without doing enough due diligence. The next thing you know, you get rug pulled.

A rug pull, if you don’t know, is a scenario in which a shady blockchain developer unveils a new scam crypto project. The developer collects funds from investors and then pulls out of the project leaving those investors with a worthless asset.

It’s one of the many ways that the villains of the crypto community turn you into their target.

Whether it’s a crypto phishing scam, a rug pull investment scam, a SIM hack, a malware attack, or some other form of crypto hack or crypto scam, if you own cryptocurrencies there’s a risk you will get crypto hacked.

Let’s look at some different crypto scams, as well as some ways to be vigilant and protect yourself.

Don’t Fall for a Crypto Phishing Scam

A crypto phishing scam is not unlike a bank phishing scam. It’s when fraudsters send you an email that looks like it’s from a reputable institution, such as Coinbase.

However, you’ve actually been given a malicious link that takes you to a fake website. On this website, you’re asked to provide personal information about your account that in turn compromises your security.

This type of crypto phishing scam also happens within crypto wallets.

I have a Phantom Wallet that I use for Solana-based coins and NFTs. Pretty much every time I Iog into the wallet, there’s some new NFT scam awaiting me.

Typically, this scam NFT opportunity provides a link to a website. If I click, I know it’ll steal my wallet’s private key and clean out my wallet of all its assets.

The good news is, it’s easy to avoid crypto phishing scams if you’re watchful and mindful to never provide information from a link.

You always want to go directly to the website of institutions that you know are reputable. Also, never click on too-good-to-be-true offers in cryptocurrency wallets.

Yes, you can sometimes receive free and valuable items in your crypto wallet. However, if you’re not sure, you have the option to send the coin or NFT to a new wallet, on a new browser, with no other valuable assets inside of it.

You can also use the “burn” function of your wallet to destroy a scam NFT, if it has such a function, like Phantom does.  

Don’t Get Duped by a Crypto Investment Scam

The pump-and-dump. The ICO scam. And the aforementioned rug pull.

The list goes on when it comes to crypto investment scam artists who are inventing ways to part you from your money.

Pump-and-dumps often happen with obscure new tokens that have just hit the market and have a degree of hype. It’s common for a Crypto Twitter “influencer” who has gained some notoriety in the space to initiate a “strong buy” rating on a scam crypto.

This influencer’s followers then pile in. The ones who got in early get to ride the “pump” price action up from the bottom and sell for profit along the way. But the ones who got in late buy at a high price and then become victims of the “dump” that soon follows.

With an ICO scam, you’re asked to pledge money to a new crypto project that promises to serve some exciting new purpose. You send your cryptocurrency with the hope that they’ll send you the new currency of their new project.

Only, soon you realize that the new currency will never come. Or if it does, it will soon be rendered worthless by the lack of commitment and/or complete disappearance of the ICO team involved. This happens over and over again to unsuspecting and overly trusting crypto investors.

Bottom line, know what you’re investing in and know who’s backing the project.

Always look for projects backed by individuals who are demonstrably smart, transparent and have experience in the crypto space.

Never chase hype, unless you know the specific risk involved and are doing so as an intentional gamble with a potential outcome of total loss of your money.

Watch Out for the Dreaded SIM Hack (MY PERSONAL EXPERIENCE)

Let me tell you something about being the victim of a SIM hack: it’s bad. It’s certainly worse than many other things in life that are not good. For example, I’d rather break my pinky finger than get SIM hacked.

My T Mobile SIM hack happened last spring. It was around 9pm and I was laying on the couch. I reached for my iPhone and noticed its primary functions, including Internet and calling, had stopped working.

Odd, I thought.

However, I was tired and I figured it was a short-term tower glitch. Also, SIM hacks were not part of my brain’s knowledge bank. So, I went to sleep thinking it would all be okay in the morning.

It wasn’t.

When I woke I realized the phone’s functions were still not working. Now concerned, I went to my email and saw an “Equipment Modified” notification from T-Mobile:

I immediately called T-Mobile Customer Service. After a serving of largely unhelpful information from the company’s service representatives, I was finally transferred to a technical rep.

This is when the gaslighting really began.

The rep notified me that T-Mobile allowed the change of the IMSI# on my phone.

T Mobile SIM Hack: Unauthorized IMSI change.

They insinuated that this was probably an error due to the fact that I had recently switched my phone from one account to another.

Moreover, that this could have easily been the accidental fault of an in-store representative.

Uh, okay.

However, this rep also told me to check my accounts and online profiles, such as email and banking, to make sure I had not been more nefariously compromised.

I took some digging, but I soon came to realize that in my case, unfortunately the latter is what happened.

T Mobile Security Breach

I pieced together clues, using what I had learned from T-Mobile so far. Also, I looked at the online complaints by other customers who had experienced this type of T Mobile SIM Hack.

I came to realize that the hacker who target me contacted T-Mobile, pretended to be me, “ported” my number to their own device and took control of my phone.

In other words, T-Mobile handed over control of my phone, my text, my email, my finances, my social connections and my peace of mind to a criminal.

The criminal then proceeded to infiltrate my email and text, and gain access to financial data via two-factor authentication (2FA) associated with those mechanisms.

Prior, I had almost always used some form of app-based 2FA like Google Authenticator or Authy with my financial accounts, but in the case of my Coinbase account, I had unfortunately used text.

Typically, I don’t leave cryptocurrencies on exchanges, but I had planned on making some trades on Coinbase so I had Bitcoin and a few other coins there.

The hackers changed the password on and infiltrated my Coinbase account, and slyly converted everything to Bitcoin over the course of about 100 small trades.

Ultimately, they cleaned out my account of about $5,000.

T Mobile Data Breach Lessons Learned

Here are some of the painfully expensive lessons I learned from this T Mobile SIM hack fiasco:

  • Never use text or email for secondary authentication. Only use app-based applications.
  • Call your cell phone provider and ensure that nobody is allowed to change your IMSI# without direct permission from you. This may require that in the event an IMSI# is requested to be changed, whether by you or a hacker, multiple forms of verification will be required to follow through.
  • You may even want to go as far as to remove your email from your cell phone, as I now have. Why? Once hackers are in the phone, email is a primary mode they use to request a password change on your financial or other account. As a result, an email or text is sent to your phone with which they then use to gain entry into your account.  

Also, think twice before becoming a T-Mobile customer.

I have since tried to speak to their customer service reps to resolve my case and the gaslighting continues in the following ways:

  • First, they pretend like they’re going to help and compensate me for losses, but they never do.
  • Second, they gave me a seemingly fake fraud claim# after I repeatedly asked for one and when I called back and referenced it, they said they couldn’t find it in their system.
  • Third, they sent me an auto-generated text that my fraud claim had been processed and all charges would be adjusted. They were never adjusted.

T Mobile SIM Hack

  • Fourth, when a T Mobile customer service rep can’t or simply doesn’t want to answer my question, they put me on hold indefinitely until I finally hang up.

Bottom line, T-Mobile has no plan in place for return of your assets or funds if you get crypto hacked due to their negligence. And you do not want to endure any of what I had to endure.

SIM security is an increasing problem amongst cellphone companies, so protect yourself from the dreaded SIM hack at all costs.  

Use a Cold Storage Wallet to Avoid Getting Crypto Hacked

One of the greatest hurdles to mass adoption of cryptocurrencies is the dilemma of how to own and store it securely.

Think about it: if your credit card gets compromised, you call the toll-free number on the back, report it and you soon get credited for the loss.

If you get crypto hacked and your coins are stolen, you’re almost certainly not going to get it back. There’s no 800 number to call, no recourse and it’s a total loss. 

That means it’s on you to store it securely.

Keeping your crypto on an exchange like Coinbase is an unwise idea. If you’re not in possession of the private keys to your crypto, then you don’t actually own your crypto.

If the exchange suddenly closes, or they get hacked and lose all their crypto, or someone else hacks your personal account on the exchange, good luck getting your crypto back.

With a crypto hot wallet, the kind that’s installed on your browser for example, you own the private keys to any crypto in that wallet. You also have the seed phrase to the wallet if your computer catastrophically crashes or gets stolen.

However, your hot wallet is connected to the Internet. That means it’s in the realm of possibility that hackers can gain access to your computer, infiltrate your wallet and clean it out.

A cold storage cryptocurrency wallet is the safest bet for storing your crypto. As it’s not connected to the Internet, online thieves are unable to access it. It’s also protected from computer viruses

My favorite crypto offline wallet brands are Ledger and Trezor. They’ve both been around a while and have had time to improve and refine their products. These are the models to consider:

Sleep Well at Night with Crypto Seed Storage 

When you own any kind of a crypto wallet, be it a hot wallet or a cold storage wallet, you’ll be in possession of a seed phrase that is the master password for your wallet.

It’s imperative that you keep this seed phrase safe, as the loss of it means you will never be able to get into your wallet and you risk losing everything.

A crypto seed storage device provides physical security to your seed phrase. Its primary purpose is to protect against the gradual decay of time, as well as natural disaster, such as flood or fire.

As you look to build your crypto portfolio and protect it, this type of device is something to strongly consider.

Hide Your Private Information with a VPN

There are a lot of great reasons to get a VPN (Virtual Private Network). A VPN protects your internet connection and privacy. It does so by creating an encrypted tunnel for data and identity by keeping your IP address out of view.

This means that when you’re online, nobody can eavesdrop on the places you visit and nobody can track you. If hackers want to track you, a good VPN can help to protect your identity from them.

Here are a few VPN providers I like:

  • Fastest VPN – Offers ad-blocker and anti-malware features. 24-hour chat support and a money-back guarantee.
  • Nord VPN – Established VPN service with more than 5,500 servers in 59 countries. They have a Threat Protection feature that monitors for hazards like viruss and trackers. They accept cryptocurrency payments.

Knock It Off with Those Weak Passwords

Why is it that the human brain just wants to make all passwords YOURNAME123? Are we that incapable of storing a more complex combo of characters and symbols in our head?

I get it, you have a lot of online accounts, a lot of passwords and a lot of time gets wasted having to safely store “unique” passwords and then look them up each time you log in.

The problem is, if you don’t create unique and challenging passwords, you put yourself at greater risk of getting crypto hacked. Attacks on passwords are often one of two kinds:

  • Dictionary Attack – A list of common words and phrases are systematically attempted
  • Brute Force Attack – A list of all possible word letter combinations are systematically attempted

In other words, using long non-words and special characters is beneficial to your online safety. As online hacks become more prevalent, this is a good habit to develop for the long run.

Final Thoughts on Being Crypto Hacked

Every day that I look at my email, text, crypto wallets and other digital platforms, I am bombarded with numerous ways in which if I don’t act carefully, I’m certain to get crypto hacked.

I don’t want you to get scammed or crypto hacked. I want safety for all of us.

Always be mindful as you navigate the crypto space. Educate yourself on the different types of scams. Invest in the products and services that will protect you.

The term “better safe than sorry” never rang more loudly and clearly than in the world of crypto. 

Leave a Comment