2014 has been a monumental year for bitcoin in many respects.
Consumer adoption rose significantly and a host of retailers, including huge global corporations, decided to take the plunge into digital currency. Whatâs more, regulators have started to reveal increased understanding of the technology and bitcoinâs blockchain is widely being recognised as a truly innovative technology.
But it has not all been good news.
The February collapse of Mt Gox, then the largest bitcoin exchange, shone light on the importance of wallet security and led to the increased adoption of multi-signature technology over the course of 2014.
Furthermore, even though the bitcoin ecosystem has evolved in the right direction, scams still crop up on a regular basis.
Fraudulent exchanges and cloud mining services, phishing schemes, pump-and-dump and IPO scams, and more, are ongoing security risks that cryptocurrency users face everyday. This week alone, three cloud mining services appear to have gone bankrupt.
So how can you avoid scams in the bitcoin space? While there is no sure-fire way to protect your holdings against technical attacks like these, here are some cautionary measures that will be helpful, offered by security experts in the industry.
A proof-of-reserves cryptographic audit is a good way to publicly disclose bitcoin holdings in a verifiable manner. The process can assure customers that the company is financially able to deliver on its end of the business deal.
George Avetisov is the CEO of HyprKey, a startup aiming to protect digital currency users from fraud by utilizing its HYPR-3 three-factor authentication protocol.
He said:
âOftentimes youâll encounter a bitcoin startup claiming to provide something ridiculous like military-grade multisig quantum computer absolute-zero cold storage, when in fact a quick background check on the company reveals that they have neither the funding nor the resources to ever maintain such exotic security.â
If youâre not handing your money to an established company like BitPay, Circle or Coinbase, donât give it to a company that keeps its development team anonymous or an exchange whose owners you canât trace. Companies should publicly disclose their officersâ identities and be legally registered to operate.
Rodrigo Souza, who heads New York-based technology platform BlinkTrade recommends googling a companyâs WHOIS information. It should show the name under whom the company is registered and how long it has been on the market.
âIt pretty much is a scam if itâs private,â he said. âHonest companies donât hedge their domain in the private world.â
CEO of multisig wallet provider BitGo, Will OâBrien, advised looking to online forums like Bitcoin Talk or Reddit to get a feel for the situation at hand.
âThere are many active forums on which users discuss known or suspected scams, and prospective buyers should familiarize themselves with those before making a purchase or investment,â he said. âItâs also preferable to get in touch with someone at the company via phone, or better in person, wherever possible.â
Lack of transparency opens doors for scams or mismanagement. Hence, exchanges should be as transparent as possible and prove their solvency if theyâre going to protect against a Mt Gox scenario.
Souza recommended that reputable companies do their part to help customers more easily recognize best business practices.
In an effort for transparency, companies should attach disclaimers at the end of their emails assuring the recipients, he said. These should spell out that the company would never (or minimally) request private information through email, so the customer never has to worry about phishing scams.
âWe always put that in the footer of the emails and the bigger companies should start pushing for that,â he said.
Scams imply malicious intent. It happens all too often that bitcoin businesses turn out incompetent and poorly managed. However, they may have no intention to scam their customers.
âThe difference between these two is a fuzzy line,â said Olaf Carlson Wee, head of risk at Coinbase, âas an incompetent business can be even more dangerous than a straightforward scam.â
Souza further explained: âPeople confuse poor marketing skills and poor development skills with scammers. Itâs not intentional, itâs incompetence.â
HyprKeyâs Avetisov said bitcoinâs still largely negative public reputation is largely to do with the amount of scamming that takes place âby businesses that promise consumers everything from mining hardware to cold storage, only to steal their usersâ funds.â
He added:
âI think that while the immediate threat to the growth of bitcoin is cyber fraud, the more broad inhibitor of bitcoin adoption is the lack of faith in the companies building out this infrastructure.â
If what youâre seeing is too good to be true, it is very likely to be a scam. Thatâs an attitude consistent among industry security experts.
âWhen buying mining hardware, always be sure to get a delivery date from the merchant, and make sure the merchant has a registered physical location and many happy customers,â Wee said.
Cornell University researcher Emin Gün Sirer suggested that no company should be taken at face value, saying:
âAssume that every new business model in the bitcoin space is a scam unless proven otherwise. Assume that every well-intentioned implementation is broken at its core, unless it has been publicly audited. Do not trust your keys and private information to anyone.â
Having someone else hold your private keys for you is almost always a bad idea, he added, as the blockchain has no âaccount ownersâ and transactions cannot be reversed. Since keys are the sole authentication mechanism, he said, âanyone holding keys on your behalf has all of your unbridled powersâ.
Avetisov said bitcoin novices tend to forget that the digital currency is irreversible and may be too quick to hand theirs over to a third party.
âMy advice to any beginner dabbling in cryptocurrency would be to treat it as they would treat cold hard cash,â he said.
Donât miss our recap of the seven biggest crypto scandals of 2014.
