With the growing popularity of cryptocurrencies, the risk of losing them also increases. In this context, security issues become important for both beginners and experienced users. Investigation analyst at AO "Shard" Dmitry Poyda and former director of investigations Grigory Osipov, in a column for "RBC-Crypto," explained how to securely store cryptocurrency, which wallets and services to use, how to recognize scammers, and avoid the main risks when buying and exchanging digital assets.
When it comes to storing cryptocurrency, security is one of the most important aspects that directly affects the safety of your funds. Unlike traditional fiat currencies, cryptocurrencies do not have central controlling bodies, and the responsibility for protecting funds lies entirely with the owner. Therefore, cryptocurrency holders need to take care to choose secure wallets where their funds will be stored.
There are several types of wallets for storing cryptocurrency, which differ in their level of security, convenience, and functionality. You can choose one that suits your needs and the level of risk you are willing to accept.
Cold and Hot Crypto Wallets. How to Decide on a Choice
Depending on whether the wallet is connected to the internet or not, so-called cold and hot wallets are distinguished.
Hot wallets are connected to the internet. This allows for quick and convenient transactions but simultaneously reduces the level of security: such wallets can become targets for hackers. They are suitable for daily transactions: they provide quick access to funds via the internet, and your portfolio is always at hand. Just open any of the wallets on your device. Examples of hot wallets: Exodus, MetaMask, Electrum.
Disadvantages of hot wallets:
● high vulnerability to hacker attacks, viruses, and phishing schemes;
● high risk of fund loss if the computer or mobile device is compromised.
Cold wallets are devices that are not connected to the internet and store your cryptocurrency keys offline. This is the most secure way to store cryptocurrency, as such wallets are protected from most online threats. Examples of cold wallets: Ledger Nano S/X, Trezor.
Since such devices do not have a constant connection to the network, they are ideal for storing large amounts of cryptocurrency and for long-term investments. The lack of internet connection significantly reduces the risk of theft through online threats, such as hacker attacks or phishing.
Disadvantages of cold wallets:
● less convenient for daily operations, as access requires connecting the device to a computer;
● high cost of the device;
● limited cryptocurrency support: not all models work with rare coins or tokens.
There is also a division of crypto wallets depending on who owns the access keys. Custodial wallets are managed by a third-party service or exchange, meaning the access keys are held by the custodian. In this case, if the service decides to restrict access to your funds, you will not be able to withdraw the cryptocurrency without its involvement. Non-custodial wallets, on the contrary, assume that the keys are only with the user, allowing direct control over one's funds without intermediaries.
Furthermore, cryptocurrency wallets can differ in form factor. They can be hardware, which are separate devices for storing cryptocurrency keys; software, in the form of applications or programs installed on a computer or mobile device; and paper, where access keys are written on paper, making such a wallet particularly protected from online threats.
Combinations of form factors are also found: a software cryptocurrency wallet with additional protection in the form of a card with an NFC module, for example Tangem.
Modern crypto wallets enhance protection through hardware authentication, multi-signature, and transaction simulation before confirmation. Additional seed phrases, key fragmentation, and storage in secure modules are also used; however, even such solutions do not eliminate risks associated with the user's own actions.
Practice has shown that in 2025, about 70% of attacks were aimed at the human factor, where users, under pressure from scammers, themselves violated basic security rules.
Security Basics When Using Wallets
- Use two-factor or three-factor authentication to log into the crypto application, as well as complex passwords and biometric protection.
- Primarily use a cryptocurrency wallet that allows you to create a seed phrase for recovery in case of device loss or software damage.
- Store backup copies in secure places, such as safes, and do not save them electronically (e.g., in the phone gallery, on the computer, or in the cloud).
- It is advisable to use a separate device (laptop, desktop, or smartphone) that will be used only for accessing wallets.
- If it is a software crypto wallet, eliminate the possibility of accessing it from different devices even within the same account. Do not connect programs that provide remote access to the device.
- Regularly update the software of crypto wallets, the operating system from official sources, and use antivirus protection.
- Do not use public Wi-Fi networks.
- Do not advertise the possession of large amounts of cryptocurrency in public places, social networks, and forums. If possible, do not disclose your crypto addresses, do not provide them for receiving "airdrops," and do not use them to pay for dubious services.
How to Recognize a Dubious Service
With the increasing popularity of cryptocurrencies, the number of fraudulent services that try to deceive users inexperienced in this field is growing. Many of them may look quite legitimate and even attract with tempting offers. However, it is important to be able to recognize the signs of dubious services to avoid losing funds.
A general recommendation in this situation: limit yourself to using well-known crypto projects that are at least in the top 20 by capitalization or transaction volume. Information about them is easy to find online, there are reviews, practice of working with them, and experience in resolving conflict and dispute situations. At the same time, new solutions are constantly appearing that require study before use. Let's consider what could be a red flag when choosing an exchange or crypto project.
Lack of Licenses and Regulation
Legitimate exchanges and exchangers operating within the legal framework usually have licenses from regulatory authorities and comply with local laws. For example, exchanges operating in countries with strict cryptocurrency regulation, such as the UK, USA, and Japan, must have permission to provide services. The presence of a license can often be checked on the regulators' websites.
Promising Quick Profits
If an exchange or service promises guaranteed profits with minimal risks, it is almost always a scam. In the cryptocurrency world, it is impossible to guarantee stable profits, as the market is extremely volatile. Scammers often use inflated promises, as well as fear of missing out (FOMO), to attract users' money and then disappear with it.
Lack of Transparency
Reputable companies usually publish information about their founders, their experience in the industry, and provide access to legal information and contracts. When analyzing documents posted on a project's website, it is important to consider that fake solutions often copy them from other services, counting on a formal check without detailed comparison.
Lack of User Support and Feedback
Scammers often ignore customers or provide them with bad support. If you have difficulties with registration, depositing funds, or withdrawing funds, and the support service does not respond or answers with standard phrases, this is a clear signal that the service may be unreliable.
Hidden Fees and Unclear Terms
Fraudulent platforms often hide their fees, causing users to lose money without realizing it. These can be withdrawal fees, hidden charges for exchange or conversion of cryptocurrency, or unexpected fines.
Lack or Small Number of Reviews
If a service has no user reviews or if they are exclusively negative, this is a red flag. Reputation is an important indicator of a platform's reliability.
Problems With Withdrawing Funds
Scammers may block or delay the withdrawal of funds using various pretexts (e.g., verification problems, technical errors, additional checks, checks on the purity of fund origins).
In any case, to check an exchange or service you want to work with, the main recommendation is to conduct your own research or turn to specialists for it.
How to Avoid Risks When Buying and Selling Cryptocurrency on an Exchange Service
For conducting a cash exchange on an exchange service:
● conduct the transaction in safe places. Choose places where you will feel safe (e.g., public places, cafes, or stores) where there are surveillance cameras. It's better to take a friend who can help you or, in extreme cases, be a witness in case of robbery or fraud;
● check the cryptocurrency transaction to ensure that several transaction confirmations have been made in the Network. Before handing over the money, make sure the cryptocurrency has been transferred to your wallet and you can confirm the transaction;
● before completing the deal, make sure you have checked all the cash in the presence of both parties (count the money several times). Do not allow anyone to take the money away until the transaction is completed;
● it wouldn't hurt to record the correspondence with the exchange representatives or even make an audio/video recording of your actions during the exchange; this may be useful in a conflict situation.
For conducting an exchange on a p2P platform:
● choose a verified platform for exchange and follow its rules. This will help resolve a conflict if your partner tries to deceive you. Immediately dispute the deal if the money came from the counterparty from a different bank card or without the mandatory comment;
● check the reputation of counterparties. Before starting a deal, be sure to study the profiles of sellers and buyers, paying attention to their transaction history and reviews;
● keep records of all transactions and communications with counterparties. This can be useful in case of disputes or the need to file a complaint;
● do not communicate with sellers/buyers of the platform in third-party messengers and social networks. In case you fall for a "triangle" scheme (involvement of a third party in the deal), such communication can be used against you.
Buying cryptocurrency on an online exchange service:
● check the exchange service for its reliability rating, including through exchanger marketplaces. You can also read reviews and work statistics there. Choose only those platforms that have a good reputation and positive user reviews;
● check the exchanger's website: whether it is fake or phishing;
● make sure the exchanger checks the "purity" of the cryptocurrency. This is especially important when exchanging for regular currency;
● a number of exchangers request an identity verification procedure;
● double-check wallet addresses and details before sending funds. Be cautious with programs that can replace addresses in the clipboard;
● divide large amounts into parts and conduct transactions in stages. This will help reduce the risk of losing a significant amount at once.
Since mid-2025, buying cryptocurrency through exchange services, especially on P2P platforms using bank cards, has been associated with increased risks of blockages and involvement in illegal schemes. This is due to the strengthening of state control over droppers - persons transferring their bank card details to third parties.
Since July 2025, criminal liability for dropping has been introduced in Russia, and since May, there have been restrictions on transfers for persons included in the corresponding database. Despite this, the crypto exchange market still uses third-party cards, and end users need to consider these risks.
Is It Possible to Get Money Back After an Act of Fraud
Fraud in the world of cryptocurrency is a serious problem, the scale of which continues to grow every year. However, despite many challenges, certain successes have been achieved in recent years in investigations and the return of stolen funds.
One of the main features of cryptocurrencies is the immutability of the blockchain. This means that all transactions, no matter how they were used for fraud, can be traced. However, despite the transparency, the return of funds is not always possible. The problem is that cryptocurrencies can be quickly moved between addresses, and their owners can hide behind anonymous addresses.
The return of stolen cryptocurrency funds is one of the most difficult tasks in cryptocurrency security. The possibilities for return depend on several factors.
● If the stolen funds were stored or withdrawn to a centralized exchange or platform, there is a chance that they can be returned. For example, as part of an investigation, law enforcement agencies can seize funds on the exchange and even return them to the owners.
● In the case of decentralized platforms, it is very difficult to return funds, as there is no centralized body that could intervene in the process.
● The timeliness of actions is of significant importance: the faster the user can track the movement of funds and contact law enforcement agencies, the higher the likelihood of asset blocking. In many cases, the period up to 48 hours from the moment of theft is considered critical.
● The process of returning funds is complicated by organizational and political factors: the practice of interaction between law enforcement agencies and crypto services remains limited, and the services themselves do not always provide information upon requests.
● Although the blockchain provides transparency, the anonymity of users can complicate the search and return of funds. In the case of using anonymous cryptocurrencies, such as Monero, returning stolen funds is extremely difficult.
In some cases, analysts and law enforcement agencies can use investigations and blockchain analysis to track stolen funds, which increases the chance of their return.
Results of 2025 and Directions in 2026 in the Field of Cryptocurrency Security
According to Shard data, in 2025, a total of $2.9 billion worth of cryptocurrency was stolen worldwide. The biggest losses were incurred by: crypto exchange ByBit - $1.4 billion, protocol Balancer V2 - $120 million, crypto exchange Nobitex - $100 million, blockchain platform UPCX - $70 million, crypto exchange Phemex - $69.1 million, crypto exchange BtcTurk - $48 million, crypto exchange CoinDCX - $44 million, and crypto exchange GMX - $40 million. The total number of attacks for the year was 160.
For Russians, the damage amounts to $203 million (at the current exchange rate - 15.8–16.3 billion rubles). For comparison: in 2024, the total damage to Russians from cryptocurrency thefts exceeded $150 million.
In 2025, the global number of frauds and thefts of cryptocurrency increased by approximately 30%. At the same time, in Russia, the state's implementation of the "Concept of the State System for Countering Crimes Committed Using Information and Communication Technologies" and the introduction of three dozen measures to combat fraud within the "first package" during the year yielded results. By November 2025, the number of remote frauds, in which the use of cryptocurrency prevails, decreased by 10.8% compared to the previous year.
Speaking about the most common hacking methods in 2025, it can be noted that most attacks used some form of social engineering, various manipulations: of liquidity and the market, and vulnerabilities in smart contracts were also used. The most successful hacks included a combination of methods, which always gave a greater result for the thieves.
Speaking about cyber threats in 2026, a key factor will be the more active use of artificial intelligence in attacks. Automated phishing and personalized social engineering will make fraudulent scenarios more convincing, and the spread of "fraud as a service" and "ransomware as a service" models will simplify the conduct of complex attacks.
