The War in Ukraine Could Pose New Security Risks for Crypto Investors. Here’s How to Protect Your Coins

A photo to accompany a story about cryptocurrency security Cemal Yurttas / via images via Getty Images
A group of Ukrainian women gathered in Istanbul to protest Russia’s invasion of Ukraine. Russia could carry out cyberattacks on crypto companies as retribution for western sanctions, the U.S. Treasury warns.
We want to help you make more informed decisions. Some links on this page — clearly marked — may take you to a partner website and may result in us earning a referral commission. For more information, see How We Make Money.

Crypto investors have helped send more than $50 million in donations to support Ukraine’s defense against Russia, but now U.S. officials are warning of new risks for those investors here at home. 

The United States Treasury is concerned Russia could carry out cyberattacks on crypto companies — including the exchanges that hold many investors’ coins — as retribution for western sanctions, Reuters reported last week. The U.S. and its European allies have implemented severe sanctions on Russia to try and inflict as much economic pain as possible while it wages war on Ukraine. 

To evade sanctions, Russia could lean on crypto as a form of currency since the “international financial rules and regulations are not as easily applied to cryptocurrency,” says Adam Levin, a cybersecurity expert and host of the “What the Hack” podcast.  “It’s no surprise Russians are using it in the face of economic sanctions,” he says. 

And as Russia’s war in Ukraine goes on, there could be more cybercrime and attempted scams for investors to look out for in coming weeks or months, Levin says. Concerns over Russian-linked hackers are not new: a recent analysis suggests more than 70% of all money made through ransomware hacks in 2021 went to hackers linked to Russia.

“Russian cybercrime syndicates could take a page from the North Korean and Iranian playbooks stealing cryptocurrency and DeFi exchanges to fund operations, especially given the devaluation of the Ruble,” Levin says.

How Can Investors Protect Their Crypto?

As crypto has become more popular, crypto hacks and scams have grown more common. Scammers stole roughly $14 billion in crypto in 2021, nearly twice as much the year prior, according to a report by blockchain data firm Chainalysis. 

Scammers appear to already be taking advantage of the crisis between Ukraine and Russia to steal money from people looking to help. One of the most recent examples is a fake token called “Peaceful World” that scammers created to try to dupe people into thinking it was raising funds for Ukraine. Fake charity websites and phishing emails have also begun to pop up. 

That’s why it’s important to implement good security measures to protect your crypto investments, and to be extra cautious of where you send any crypto donations. The most secure way to ensure your crypto is being donated to Ukraine is to donate to the government directly. Ukraine’s official (and verified) Twitter account publicly shared its cryptocurrency wallet addresses on Feb. 26.

According to Levin, the standard best practices for cyber hygiene also apply to crypto. “Don’t reuse passwords, don’t install off-brand apps to your devices, and be cautious when you click links or download attachments from emails,” he says. 

To avoid getting scammed, keep an eye out for some common red flags that are similar to classic money wiring scams and credit card fraud. For example, any typographical errors and obvious misspellings in emails, on social media posts, and during any communication should set off alarm bells in your head. You should also avoid contractual obligations that lock you into holding crypto without being able to sell, any large social media crypto schemes that promise to make you rich, or any promises of free crypto in general.

Levin says malware designed to steal credentials for crypto accounts is readily available on the dark web, so the best way to keep your funds safe is to “keep them offline on an encrypted hardware-based wallet stored in a secure physical location.” 

That’s commonly referred to as a cold wallet. But there are also hot wallets, which are hosted, or stored online. If you use a hot wallet, make sure it has robust security measures, including two-factor authentication, an option to store a portion of holdings in its own cold storage, and private insurance policies in case of theft or hacking (separate from FDIC insurance).

How to Report Crypto Fraud

You can report fraud to whatever crypto exchange you used to complete the crypto transaction whenever you suspect or have evidence that bad actors are at play. You can also report fraud and other suspicious activity involving cryptocurrency to the following bureaus:

If the fraud involves extortion or blackmail, you can also go to ​​the FBI.