2014 has been a monumental year for bitcoin in many respects.
Consumer adoption rose significantly and a host of retailers, including huge global corporations, decided to take the plunge into digital currency. What’s more, regulators have started to reveal increased understanding of the technology and bitcoin’s blockchain is widely being recognised as a truly innovative technology.
But it has not all been good news.
The February collapse of Mt Gox, then the largest bitcoin exchange, shone light on the importance of wallet security and led to the increased adoption of multi-signature technology over the course of 2014.
Furthermore, even though the bitcoin ecosystem has evolved in the right direction, scams still crop up on a regular basis.
Fraudulent exchanges and cloud mining services, phishing schemes, pump-and-dump and IPO scams, and more, are ongoing security risks that cryptocurrency users face everyday. This week alone, three cloud mining services appear to have gone bankrupt.
So how can you avoid scams in the bitcoin space? While there is no sure-fire way to protect your holdings against technical attacks like these, here are some cautionary measures that will be helpful, offered by security experts in the industry.
A proof-of-reserves cryptographic audit is a good way to publicly disclose bitcoin holdings in a verifiable manner. The process can assure customers that the company is financially able to deliver on its end of the business deal.
George Avetisov is the CEO of HyprKey, a startup aiming to protect digital currency users from fraud by utilizing its HYPR-3 three-factor authentication protocol.
He said:
“Oftentimes you’ll encounter a bitcoin startup claiming to provide something ridiculous like military-grade multisig quantum computer absolute-zero cold storage, when in fact a quick background check on the company reveals that they have neither the funding nor the resources to ever maintain such exotic security.”
If you’re not handing your money to an established company like BitPay, Circle or Coinbase, don’t give it to a company that keeps its development team anonymous or an exchange whose owners you can’t trace. Companies should publicly disclose their officers’ identities and be legally registered to operate.
Rodrigo Souza, who heads New York-based technology platform BlinkTrade recommends googling a company’s WHOIS information. It should show the name under whom the company is registered and how long it has been on the market.
“It pretty much is a scam if it’s private,” he said. “Honest companies don’t hedge their domain in the private world.”
CEO of multisig wallet provider BitGo, Will O’Brien, advised looking to online forums like Bitcoin Talk or Reddit to get a feel for the situation at hand.
“There are many active forums on which users discuss known or suspected scams, and prospective buyers should familiarize themselves with those before making a purchase or investment,” he said. “It’s also preferable to get in touch with someone at the company via phone, or better in person, wherever possible.”
Lack of transparency opens doors for scams or mismanagement. Hence, exchanges should be as transparent as possible and prove their solvency if they’re going to protect against a Mt Gox scenario.
Souza recommended that reputable companies do their part to help customers more easily recognize best business practices.
In an effort for transparency, companies should attach disclaimers at the end of their emails assuring the recipients, he said. These should spell out that the company would never (or minimally) request private information through email, so the customer never has to worry about phishing scams.
“We always put that in the footer of the emails and the bigger companies should start pushing for that,” he said.
Scams imply malicious intent. It happens all too often that bitcoin businesses turn out incompetent and poorly managed. However, they may have no intention to scam their customers.
“The difference between these two is a fuzzy line,” said Olaf Carlson Wee, head of risk at Coinbase, “as an incompetent business can be even more dangerous than a straightforward scam.”
Souza further explained: “People confuse poor marketing skills and poor development skills with scammers. It’s not intentional, it’s incompetence.”
HyprKey’s Avetisov said bitcoin’s still largely negative public reputation is largely to do with the amount of scamming that takes place “by businesses that promise consumers everything from mining hardware to cold storage, only to steal their users’ funds.”
He added:
“I think that while the immediate threat to the growth of bitcoin is cyber fraud, the more broad inhibitor of bitcoin adoption is the lack of faith in the companies building out this infrastructure.”
If what you’re seeing is too good to be true, it is very likely to be a scam. That’s an attitude consistent among industry security experts.
“When buying mining hardware, always be sure to get a delivery date from the merchant, and make sure the merchant has a registered physical location and many happy customers,” Wee said.
Cornell University researcher Emin Gün Sirer suggested that no company should be taken at face value, saying:
“Assume that every new business model in the bitcoin space is a scam unless proven otherwise. Assume that every well-intentioned implementation is broken at its core, unless it has been publicly audited. Do not trust your keys and private information to anyone.”
Having someone else hold your private keys for you is almost always a bad idea, he added, as the blockchain has no “account owners” and transactions cannot be reversed. Since keys are the sole authentication mechanism, he said, “anyone holding keys on your behalf has all of your unbridled powers”.
Avetisov said bitcoin novices tend to forget that the digital currency is irreversible and may be too quick to hand theirs over to a third party.
“My advice to any beginner dabbling in cryptocurrency would be to treat it as they would treat cold hard cash,” he said.
Don’t miss our recap of the seven biggest crypto scandals of 2014.