New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

How Crypto Gets Stolen – And How To Avoid It

Read 5 min
Beginner
Key Takeaways:
— Crypto gets stolen from users in a number of ways, but there are several methods to avoid them.

— Using devices for the internet and web3 can be risky if you don’t protect them with a hardware wallet such as Ledger Devices.

— There aren’t just technical hacks, some scammers will also use social engineering to steal your crypto. That’s why doing your own research is so important.

There are a number of different ways clever scammers can steal your crypto, but how can someone avoid it? In this article, Ledger Academy explains the different ways crypto is stolen and how to protect yourself from it.

We all know the drill: the security of your crypto depends on your wallet. But listen, there are still some threats even a wallet cannot protect you from – not even your Ledger. So, you might be wondering, how can someone steal my crypto? Am I safe?

The only way to be safe from crypto thieves is to understand the different types of threats that exist. Plus, you can arm yourself with a defense. Your wallet and your own knowledge should be working together to keep your crypto in your possession.

However, some crypto scams can be tricky to spot, and having the safety and security of a hardware wallet will not always protect you. Thus, in this article, Ledger Academy will explain exactly how someone might steal your crypto and how to avoid it.

So, let’s jump in.

How Does Crypto Get Stolen?

There are a few ways your crypto could be stolen from you. You may think it could happen to anyone, but these scams are so common that some people don’t realize that they are easily avoided. So, how does a hacker really steal someone’s crypto?

Access to Your Private Keys Via the Internet

Your internet connection is the biggest threat to your private keys. Anything connected to the internet – including your crypto wallet – is vulnerable to cyber threats. It’s that simple. Since software wallets store your private keys on their host devices, they are particularly vulnerable to these sorts of attacks.

The only way of really keeping your keys safe is by using a wallet that’s not connected to the internet. The whole premise of a hardware wallet like a Ledger device is to keep both your private keys and your recovery phrase offline and away from cyber threats. 

Clicking on a Malicious Link

Clicking on a malicious link can send you to a phishing site. This could prompt you to download files that would give a hacker access to your web2 device, which could put your private keys at risk. If a hacker manages to take control of your computer or smartphone screen, they could even create instances in which you freely give up your seed phrase via social engineering.

The best way to avoid clicking on malicious links is to avoid surfing the internet using the same device you use for managing crypto. This way, any infected device stays well away from your funds.

Signing Dodgy Transactions

If you’re going to sign a blockchain transaction, double and triple-check before clicking confirm. While some signatures may seem harmless, you could be giving a scammer opportunities to steal your crypto. If you think you’ve signed something you shouldn’t have, make sure to check your approvals and revoke any if necessary.

A great way to avoid signing malicious transactions is by understanding what each smart contract function is and does. Just learning a little of what each approval can do will help you stay protected.

Hacks on Custodial Platforms

When you sign approvals to allow platforms to access your assets, you are left relying on that platform’s security. So, for example, if you use a custodial wallet, you’re entrusting your private keys to that centralized entity. If the central entity is hacked, your crypto could be stolen.

By using wallets that allow for self-custody, like those that Ledger offers, you can avoid losing your crypto through centralized platforms.

Contract Bugs on Blockchain Platforms

By signing approvals with your wallet, you allow platforms access to your assets. This is usually harmless for trusted platforms and blockchain bridges. However, if there is a bug in the smart contract, it could offer an opportunity for hackers to steal your crypto funds. While you can’t always avoid these bugs, it’s important to follow the latest in blockchain news to make sure you’re aware of any exploits.

How Hackers Steal Crypto

Some hackers don’t play the internet or the code, they play the people. Social engineering attacks involve scammers creating a fake situation to gain your trust. Essentially, they get you to open the door to your own assets under false pretenses. We see this approach in attacks like phishing and pharming.

Blind Signing: Scammers’ Paradise

Smart contracts enabled the whole ecosystem of Dapps we now enjoy, but they came with a bit of a caveat. Not all smart contract signatures are easy for humans to read, meaning you can’t be 100% sure what you’re actually signing. This is called Blind signing. To explain, scammers use this blind spot by creating scenarios that will convince you to approve a transaction that’s not legitimate. You might think that you’re minting an NFT, but instead, the smart contract will steal your crypto instead.

Ledger devices offer clear signing. This gives you more transparency than ever when you interact through the Ledger ecosystem and adds a huge layer of protection from social engineering scams.

But no matter how secure and transparent Ledger devices are, they won’t be able to prevent a scammer from accessing your private keys if you’re the one giving them access. This is why it is so important to learn how to read a smart contract and how to avoid blind signing. But most of all, the easiest way to avoid scammers is by taking a cautious approach to anything suspicious.

How To Avoid Stolen Crypto

Of course, there are a few top tips you should keep in mind to protect your crypto. Avoiding crypto thieves is no easy feat, but there are some base rules to work from.

Never Expose your Private Keys, Even When You Transact

Your private key allows you access to your funds. However, it will also grant anyone else access too, given they can provide your private key. That’s why it’s so important to keep those keys…well…private. So what about when you’re interacting with online applications?

Well, Ledger devices guarantee that your private key remains offline while the important data is communicated online so the blockchain can execute the transaction. If you want to know more, check out the full article on exactly how that works.

Generate your Recovery Phrase Offline – and Keep It There

Securing your crypto is not just about moving your existing private keys offline – it’s about making sure they are never online to start with.

A Ledger device generates your recovery phrase offline from the very beginning, communicating it to you in a completely offline environment via its unhackable screen. This gives you complete control over your wallet, and it protects your sensitive data from the internet.

But ultimately, how you store that seed phrase is down to you – storing it on a connected device will defeat the whole purpose of using a Ledger.

Segregate Your Assets

Ledger devices can only protect you so far. If you sign a malicious transaction with your Ledger, your funds will still be at risk. To avoid someone stealing your crypto, the best thing you can do is segregate your assets correctly. Keeping separate accounts for minting, selling, and vaulting allows you extra security. If you sign a malicious transaction with one account, your funds cannot be stolen from another. Luckily, you can create multiple accounts on your single Ledger device. To learn how to do this correctly, make sure you check out the full guide on how to segregate crypto assets.

As long as you use the device properly and secure your recovery phrase safely, these threats can be completely overcome, leaving you free to forget your worries and explore the ecosystem.

How Ledger Devices Protect You From Crypto Thieves

If your device falls into the wrong hands, you may face a more sophisticated threat – a physical hack of the device. With sophisticated attacks from expert hackers such as power glitching, side-channel attacks, and software hacks like attacking a Hardware Security Module, hardware wallets can be vulnerable if they don’t have the right fortification. 

Ledger’s hardware wallets are designed to protect your sensitive data against online AND physical attacks. There are a couple of important factors that set Ledger devices apart in their layers of protection against physical attacks: 

Secure Element: The Impenetrable Chip

Ledger uses a Secure Element chip, which is found in things like passports and credit cards where high-end security is needed. Ledger hardware wallets are the only wallets in the industry that uses a Secure Element chip. This top-quality chip protects you and your private keys against attacks like laser attacks, electromagnetic tampering, and power glitches.

BOLOS Operating System: Isolating Each Application

The problem with some hardware wallets is that they use a monolithic system, managing all of the applications they contain as one. Ledger’s custom operating system, BOLOS, ensures that all of the apps and crypto accounts within your Ledger device are managed separately. For you, this means that even if an application was ever compromised via an attack, the damage would be isolated to that application. In short, it would not impact the rest of your wallet.

The Donjon: Constantly Checking Your Security

To make sure your wallets are always safe from hacking, we have a team of internal good-guy hackers to test and find any potential chinks in our armour. The Ledger Donjon is our internal security evaluation team made up of security experts. In short, they conduct constant, extensive hacks to the hardware, establishing any possible point of failure that might impact your security. The Donjon works hand-in-hand with Ledger’s Firmware development and hardware team to scrutinize the security of the devices. Together, they make sure only state-of-the-art security measures are in place. Plus, they ensure that Ledger devices can withstand any attempts to attack, and then constantly upgrade the system accordingly.

Physical Threats Require The Safest Hardware Device

Using a hardware device to secure your private keys protects you from online threats but could potentially leave you open to physical attacks on the device. That’s why it’s so crucial to choose a device that not only uses the safest components but continually seeks to improve its systems to ensure absolutely nothing can permeate the device.

By choosing a Ledger, you can secure your private keys and forget about them – the components and system keep your wallet airtight from physical attacks.

What If Someone Steals My Ledger Crypto Wallet?

Using a hardware device to keep your private keys offline is a great move. But it does mean you need to be mindful of a new threat vector – theft or probing of the device itself. Say someone steals your Ledger. How can you be sure your precious crypto will remain safe, even if the device is in strange hands?

A PIN Code Set By You

Ledger devices offer a PIN code function. It’s the front line of defense against intruders and it’s the only part of security that you set for yourself.

This is why Ledger allows you to set your own code and even determine its length, up to eight digits. This ensures that no matter who has your Nano, only you can access it. And if the wrong PIN code is entered three times, the device automatically bricks (performs a factory reset), meaning your device keeps out even the most opportunistic thief.

Advanced Passphrase

Most devices have a 24-word recovery phrase as a backup. Ledger has a 25th word passphrase on top of that too. It’s an advanced security feature that adds an extra layer of security to keep your funds secret even if you’re under duress. This 25th word allows you to access a  secondary, “secret” wallet from your regular device. This allows you to leave the bulk of your crypto in this secret wallet and protect it in any situation. 

Only YOU Can Stop Your Crypto From Being Stolen

So, if you were wondering “How does someone steal my crypto?”, now you know. Thieves use a combination of programming, phishing, and even social engineering to lull you into a false sense of security. From there, it’s all too easy to get their hands on your precious funds. And in fact, crypto is stolen in this way almost every day. Avoiding stolen crypto funds can be as easy as using a Ledger device correctly, segregating your assets, and staying vigilant. That’s why understanding the crypto ecosystem – and your role in your own cryptocurrency’s security – is crucial to the safety of your coins and tokens. 

Knowledge is power.

Blind signing is one of the biggest threats you face as a crypto holder – here, we explain in detail, so you can protect yourself. Thanks School of Block.


Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.