editorial independenceWe want to help you make informed decisions. Some links on this page — clearly marked — may direct you to a partner website and may result in us earning a referral commission. For more information, see How we make money.
Crypto investors have helped send more than $50 million in donations to support Ukraine’s defense against Russia, but now US officials are warning of new risks to those investors here at home.
The United States Treasury Department is concerned that Russia could carry out cyber-attacks against crypto companies — including the exchanges that hold many investor coins — in retaliation for Western sanctions. Reuters reported: last week. The US and its European allies have introduced severe sanctions against Russia to try to inflict as much economic pain as possible while it wages war on Ukraine.
To evade sanctions, Russia could lean on crypto as a form of currency, as the “international financial rules and regulations cannot be applied to cryptocurrency as easily,” says Adam Levin, a cybersecurity expert and host of the “What the Hack” podcast. “It’s no surprise that Russians are using it in light of economic sanctions,” he says.
And as Russia’s war in Ukraine continues, investors can expect more cybercrime and scams in the coming weeks or months, Levin says. Concerns about hackers linked to Russia are not new: a recent analysis suggests that more than 70% of all money made from ransomware hacks by 2021 went to hackers linked to Russia.
“Russian cybercrime syndicates can open a page of the North Korean and Iranian playbooks stealing cryptocurrency and DeFi exchanges to fund operations, especially given the devaluation of the ruble,” Levin says.
How can investors protect their crypto?
As crypto has become more popular, crypto hacks and scams have become more common. Scammers stole about $14 billion worth of crypto in 2021, nearly twice as much the year before, according to a report by blockchain data company Chainalysis.
Scammers already seem to be taking advantage of the Ukraine-Russia crisis steal money of people who want to help. One of the most recent examples is a fake token called “Peaceful World” who created scammers to trick people into thinking it was raising money for Ukraine. Fake charity websites and phishing emails also have started popping up.
That is why it is important to take good security measures to protect your crypto investments, and to be extra careful about where you send crypto donations. The safest way to ensure that your crypto is donated to Ukraine is to donate directly to the government. Ukraine’s official (and verified) Twitter account publicly shared its cryptocurrency wallet addresses on Feb. 26.
Stand with the people of Ukraine. Now accepting cryptocurrency donations. Bitcoin, Ethereum and USDT.
BTC – 357a3So9CbsNfBBgFYACGvxxS6tMaDoa1P
ETH and USDT (ERC-20) – 0x165CD37b4C644C2921454429E7F9358d18A45e14
— Ukraine / Україна (@Ukraine) February 26, 2022
According to Levin, standard cyber hygiene best practices also apply to crypto. “Don’t reuse passwords, don’t install unbranded apps on your devices, and be careful when clicking links or downloading attachments from emails,” he says.
To avoid getting scammed, keep an eye out for some common red flags similar to classic money wire scams and credit card fraud. Typographical errors and obvious spelling mistakes in emails, social media posts and during communication, for example, should set off alarm bells in your head. You should also avoid contractual obligations that make you hold crypto without being able to sell, big crypto schemes on social media that promise to make you rich, or promises of free crypto in general.
Levin says malware designed to steal crypto account credentials is readily available on the dark web, so the best way to keep your money safe is to “keep them offline on an encrypted, hardware-based wallet that is stored in a secure physical location.”
That is often referred to as a cold wallet. But there are also hot wallets, which are hosted or stored online. If you use a hot wallet, make sure it has robust security measures, including two-factor authentication, an option to store some of the assets in its own cold storage, and private insurance in the event of theft or hacking (separate from the FDIC insurance).
How to report crypto fraud
You can report fraud to any crypto exchange you used to complete the crypto transaction if you suspect or have evidence that bad players are involved. You can also report fraud and other suspicious activity related to cryptocurrency to the following agencies:
If the fraud involves extortion or blackmail, you can also go to the FBI†