So one of the first questions people have about cryptocurrency is: “Is crypto safe?”
This is a very good question and the type you should be asking. Like most good questions, it doesn’t have a particularly simple answer. The main difficulty in answering this question is it entirely depends on which aspect of blockchain or crypto you’re asking about.
To try and give an effective overview we will breakdown crypto into a few main components:
- Mainstream #layer 1 blockchains#
- Decentralized apps (#dApps#)
- Crypto Tokens
This article is an overview; it should give you a better understanding of how and when Crypto can be very safe; and how and when it isn’t.
This article is by no means a complete account of all the nuances of blockchain safety – that would fill multiple books. We recommend you read this alongside our three other main crypto security articles:
Crypto Scams: How to identify and avoid them
Crypto Security: How to keep your funds safe
Crypto Wallets: Hot vs cold, custodial vs non-custodial
Crypto Security: Mainstream layer 1 blockchains:
Most of what is commonly understood as “crypto” takes place, in some way, on a #layer 1 blockchain#.
If you are unsure of what a blockchain is you can get an overview in our Introduction to Cryptocurrency article or a more in depth explanation in Types of Cryptocurrency: Coins and Blockchain
Examples of layer1 blockchains are: Bitcoin, Ethereum, and Solana. In this section we will go over the security measures of blockchains like these; this section relates to the safety of holding funds on these blockchains in your own wallet and carrying out basic transactions on them; such as transferring funds.
Safety features of blockchains:
So at their core blockchains are incredibly safe; they were designed this way and the major ones have had years of development to improve on this. This is due to a few features at the heart of each major blockchain:
Decentralization:
A blockchain being “#decentralized#” means that there is no central body controlling it – this is different from traditional finance where currencies are controlled by a single entity in the form of governments. Instead, blockchains are maintained by a distributed network of computers (nodes).
Note: Decentralization is a word with many meanings and is a HUGE topic; we have written a full article on it.
Trustlessness:
This word is thrown around a lot and can be confusing. It doesn’t mean crypto is untrustworthy; instead it means it does not require trust.
As an example when you put money in the bank you need to “trust” that the bank is actually looking after your money. Now, in modern society, there are generally a number of consumer protections that means that you generally can trust this (in some countries), but in cryptocurrency this is not required.
Blockchain is public and uses multiple nodes to validate its transactions; therefore your transactions or funds on a blockchain do not require the trust of a third party; only the code.
With major blockchains this code has been thoroughly tested (including by people trying to break it for their own gain) and has proven to be robust.
Immutability:
Blockchain transactions are “immutable”. This means that once a block is recorded onto the chain it cannot be altered. Each block contains a cryptographic hash of the previous block, forming a chain. Any attempt to change a transaction would require altering all subsequent blocks, which is computationally infeasible; basically meaning it isn’t financially even worth trying.
Transparency:
Blockchain transactions are recorded on a #public ledger#, making them visible to anyone. This transparency allows for easy verification and auditing; basically if someone is suspected of doing something suspect, this can be checked. There is no “cooking the books”.
Blockchain Risks:
Whilst the above make blockchains very secure; there are still some risks:
User Error:
Pretty much every way you can lose your money in crypto stems from loser error; this does not make this a trivial issue.
Crypto is full of complex stuff. Simply not understanding what you’re doing can lead to you accidentally approving a transaction that loses you your money.
Decentralization:
But wait, isn’t decentralization a good thing? Yes, sometimes. The problem with decentralization is that it is a double edged sword; no one person or organization can control the blockchain to take your money, but this also means there’s no one to complain to if you do lose your money.
In “real life” if someone puts a fraudulent transaction on your debit card, then often your bank can retrieve it or will insure it.
In crypto this is not the case; that money is gone.
Less established blockchains:
We said earlier that transactions on major blockchains are generally very safe; what about less major ones? New blockchains carry additional risk in two main areas:
- Less Decentralized: Some blockchains are not decentralized at all on launch; even those that are are subject to 51% attacks. This occurs when an individual or co-ordinated group controls more than half of a blockchain. Because of their size, this would be financially unfeasible for something like Ethereum or Bitcoin. A newer or smaller blockchain could be susceptible to it.
- Software Vulnerabilities: Established blockchains have years of open source testing (both by those trying to help and those trying to steal) and have come out very robust. The newer a project and the less adopted, the more likely there will be a vulnerability that the devs over-looked.
Decentralized Apps (dApps): Are they safe?
#Decentralized# Apps or “dApps” refers to pretty much any application built on or for blockchain usage. Examples of the most common ones you might come across include crypto wallets, #DeFi# projects, and decentralized marketplaces; such as #Opensea#. There are many more examples of what form a dApp might take.
Are they safe?
The simple answer here is: some of them.
Literally anyone can make a dApp; you don’t need to be pre-approved or audited beforehand. This means that there can be (and indeed have been) many dApps designed to steal your money.
On the flip side there are many very honest dApps that are incredibly secure; many of the larger projects spend large sums of money on audits. This is not only to ensure their code can not be exploited, but also to reassure users that their funds are safe with them.
The two main categories of risk are as follows:
- Bad Actors: As mentioned above some projects are made specifically to take your funds. These are often designed to look like a legitimate project in order to trick you.
- Contract Vulnerabilities: Sometimes a well meaning project can lose your funds because a 3rd party finds an exploit in their code that can be exploited.
How do I know which dApps I can use?
It can be incredibly difficult for a new user to decide which projects are safe to connect to and which are not. When first starting out it can be a good idea to stick to very well established dApps that have been around for a long time.
These are, generally speaking, a safe bet as they are unlikely to fit into either of the two categories above; most bad actors are looking for a quick turnaround and most contract vulnerabilities are found reasonably quickly (when there is money to be made people move fast).
As you progress through your crypto journey you may find yourself wanting to use newer or less well known dApps. We would cautiously encourage this.
If you do find yourself wanting to do this make sure yo check out Crypto Security: How to keep your funds safe for tips on how to have the best shot at keeping your funds safe.
In relation to connecting to unfamiliar dApps we would especially recommend the advice on having multiple crypto wallets.
Crypto Coins and Tokens: Are they safe?
So it is very important to understand here what we’re talking about when we mean “safe”. So far in this article we have talked about safety from the perspective of keeping the crypto funds within your crypto wallet safe. What we haven’t talked about is the value of those funds.
Most of the danger with actual coins and tokens is the risk that the shiny new crypto you bought loses all of its value. This can happen through a variety of mechanisms; sometimes through an outright scam, other times through poor token design or simply bad market conditions. We recommend you check out the following articles to learn more:
Please note: whilst just holding a cryptocurrency token in your wallet is safe; that is not to say there aren’t dozens of scams surrounding tokens. Please check the Crypto Scams link above to find out how to avoid these.
