Safe cryptotrading 101

Decided to invest in cryptocurrency? Read our guide to avoid the most common rookie mistakes and not lose money.

Decided to invest in cryptocurrency? Read our guide to avoid the most common rookie mistakes and not lose money

Ten years after the emergence of the first Bitcoin exchange, cryptocurrency landscape still resembles the Wild West. For some, one good decision can reap profits of several hundred percent while others can lose everything in a single day. How can you protect your initial capital against exchange rate fluctuations, and your profit against fraudsters?

How to choose a cryptocurrency and minimize the risks

The first step is deciding which cryptocurrency you want to invest in. There are no hard-and-fast rules here; almost any token can soar one day and collapse the next. A novice cryptoinvestor needs a lot of luck to anticipate these movements. That said, you can take a few measures to protect your investment.

Total newcomers should choose a currency such as Bitcoin or Ethereum with a track record and demand among traders. Such currencies tend not to surge in price as quickly as altcoins (little-known cryptocurrencies), and in case you need to offload tokens in a hurry, you’ll have an easier time finding a buyer for them. You can view a list of the most popular currencies and their exchange-rate dynamics here, for example; higher market capitalization usually means lower risk.

If you’re an aggressive investor, sure of your abilities and prepared to risk your spare cash, take a look at up-and-coming altcoins. They are cheaper and promise faster profits, but they also come with disadvantages, such as low demand among traders, which, as mentioned, makes them hard to convert into real money. And don’t put all your eggs in one basket — invest in different cryptocurrencies to hedge your bets.

Read the small print

When selecting a cryptocurrency and an exchange, don’t get swept away by fantastically generous offers. Even in the unique environment of cryptocurrency investment, there’s no such thing as a free lunch. If you’re promised super profits, look for the catch.

Recall the cautionary tale of the Chinese service PlusToken, which promised investors a return of 10%–30% per month. More than 3 million people (many not in China) took the bait, making PlusToken worth $17 billion in its prime, in the spring of 2019.

Early investors did get their promised return, but others were less fortunate. The “revolutionary platform” was nothing more than a Ponzi scheme. Chinese authorities arrested some of the scammers, but most of the money vanished without a trace.

Most Ponzi schemes don’t go as far as PlusToken did, but that doesn’t mean their creators are any less crafty. For example, the XtraderFX platform, recently closed down in the United Kingdom, used well-known, trusted faces from the worlds of TV and finance to fraudulently advertise its services.

Typical signs of dubious cryptoprojects are:

  • The people on the project team have no previous mentions in cryptorelated news. In some cases, the project team might even contain the faces of famous actors under different names, but that is rare;
  • The cryptocurrency creators promise guaranteed profits. This smells of a Ponzi scheme;
  • The project code repository on GitHub is almost never updated. That means either no such project exists, or no one is permanently assigned to it.

If any of the above apply to your favored cryptocurrency, rethink your involvement.

What are cryptowallets, and how do they store tokens?

Tokens are stored in cryptowallets, so you need one of those. This previous post discusses how they work and how to choose the most secure one.

In a nutshell, “hot” and “warm” wallets are software-based, permanently connected to the Internet, and allow for the quick transference of funds. However they are relatively vulnerable to hacking because of that constant Internet connection. If you’re going to use a hot wallet, be sure to enable two-factor authentication to increase security and make hacking, as happened to one investor who lost more than $70,000, harder. And it’s better if the two-factor authentication code arrives not by text, but through an app or by other means, to eliminate the risk of SIM cloning.

More secure “cold” wallets are standalone devices. Usually resembling a flash drive or keychain, the most popular models cost about $50 to $200.

Cryptoexchanges provide users with a hot wallet, but we don’t recommend keeping all of your tokens in it, because trading platforms are constantly in the crosshairs of cybercriminals. Use it only for near-term transactions, and store most of your assets in a cold wallet.

Also, save any passwords and codes you see while setting up and using your wallet. For your own safety, many wallet developers display them only once. Jot them down on paper if you’re sure you won’t lose them (or children won’t scribble over them, or anything else might compromise them), but no matter how confident you are, secure storage, such as a password manager, is safer.

Remember: If you forget a key, you will not be able to restore access to your cryptowallet, and your assets will be lost. You don’t want to emulate the Silicon Valley worker who accidentally threw out a flash drive with a wallet worth millions, do you?

How cryptocurrency gets stolen without hacking

Sometimes attackers don’t even need direct access to a victim’s wallet to steal their money. Sometimes, owners just spill the beans.

In the middle of 2020, for example, scammers compromised the Twitter accounts of Elon Musk, Bill Gates, Kanye West, and several other celebrities, and then posted promises on their behalf to double the number of coins any users sent. In just a few hours, the scammers enriched themselves by more than $100,000.

Even if you’re sure you would never be duped that way, stay vigilant; attack schemes are constantly evolving. If someone offers you free coins, think carefully about what their motives might be. And if an offer involves a request to deposit a certain amount in advance, most likely you’re being lured into a trap.

Bear in mind that cryptocurrencies attract scammers like a flame attracts moths, because such projects are speculative by nature, and cybercriminals exploit the risk-taking nature of cryptoinvestors.

How to stay protected when trading cryptocurrencies

Using a secure communication channel for all of your cryptotransactions is vital. If you access a platform’s website using public Wi-Fi, for example, criminals can intercept transaction details or spoof a Web page to steal your assets.

Trading over your home network rather than a public one is safer, but you need to secure it properly. For starters, you should replace the default router password with one of your own. The factory password is often the same for all routers of the same model, making your Wi-Fi vulnerable to brute-force attacks.

In any event, it is always best to conduct all cryptotrading over an encrypted VPN channel, which adds an extra layer of security.

When choosing a VPN service, pay attention to the connection speed (which depends on the number and quality of the provider’s server pool) and the availability of a kill switch. The latter is especially important for high-risk transactions: If the secure communication channel drops for any reason, the kill switch automatically disconnects your device from the Internet, preventing data from being sent unencrypted.

For cryptoinvestors, we recommend our Kaspersky VPN Secure Connection, which is optimized for such tasks.

That, of course, is in addition to running a reliable security solution on your computer or smartphone. A lot of money circulates in the cryptoworld, and that naturally entices cybercriminals. So, unfortunately, the chances of encountering a malware specialized for stealing cryptowallet keys are fairly high.


  • Study the market before signing up to an exchange, and don’t dabble in risky transactions — at least to start with.
  • Diversify your risks by investing in several cryptocurrencies to hedge against sudden price falls.
  • Carefully examine altcoins before investing to avoid Ponzi schemes.
  • Keep the bulk of your cryptocurrency in an offline (aka “cold”) wallet and your password in a safe place.
  • Don’t swallow promises of free coins, even — or perhaps especially — from celebrities: Their accounts may have been hacked, but even if they haven’t, it’s almost certainly a hoax.
  • Protect your Internet connection, and install an antivirus on all devices you use for cryptotrading.