Nine Crypto Pitfalls to Avoid in 2022
Crypto can be exciting to invest in, but it can also be easy to get tripped up. Here are nine common crypto pitfalls to avoid.
Cryptocurrency is going mainstream like never before. Traditional hedge funds are trading it, you can buy it from payment services such as CashApp, and even banks want to sell it to you.1
But crypto isn’t exactly like other investments, and you could make mistakes if you don’t know what to watch out for. Of course you want to be aware of the crypto regulations in the U.S., but you also need to watch out for the mistakes other investors make.
In this article, I’ll discuss nine of the most common crypto pitfalls. Avoid these, and you’ll already be investing more safely than most new crypto investors.
The sections below will go into detail about each pitfall. (I highly recommend reading through it, since you need to know how the pitfalls work to ensure you avoid them.) For now, here is a list of the nine crypto dangers you should avoid:
- Not considering volatility
- Not realizing transactions are irreversible
- Failing to do your research
- Over-trading or day trading
- Giving away your seed words or private key (even by accident)
- Not enabling two-factor authentication
- Approving a malicious dApp to spend your tokens
- Unwittingly investing in a Ponzi or multilevel-marketing scheme
- Falling for a “rug pull” scheme
Pro Tip: Want to know more about crypto investing and how to keep your investments secure? Check out our complete guide to buying crypto safely.
Let’s get started with one of the most common crypto pitfalls.
Pitfall 1: Not Considering Volatility
All assets have some volatility. If you’ve ever been in the stock market during a sudden crash, then you know how bad volatility can get even in traditional assets.
But the stock market may fall 37 percent in a month or two, while cryptocurrencies sometimes fall by 50 percent or more in a single day.
In many cases, these huge crashes are reversed in a week or two. In some cases, a crypto coin may bounce back the following day. But if you have to sell your crypto during one of these massive downturns, that isn’t much consolation. It may feel more like a slap in the face if the price goes up after you sell.
Here are some of the biggest spikes and crashes in crypto history:
- Nov. 30 to Dec. 6, 2013: The market cap of all cryptos goes from $2.7 billion to $15.4 billion in just seven days, a gain of 470 percent.
- Dec. 5 to Dec. 7, 2013: The market cap of all cryptos falls from $15.5 billion to $9.2 billion over the course of three days, a loss of 40.6 percent.
- Dec. 9 to Dec. 18, 2017: The market cap of all cryptos rises from $386.8 billion to $621.5 billion, an increase of 60.7 percent in 10 days.
- Jan. 28 to Feb. 5, 2018: The market cap of all cryptos falls from $579.3 billion to $305.3 billion, a loss of over 47 percent in nine days.
- April 25 to May 8, 2021: The market cap of all cryptos rises from $1.7 trillion to $2.4 trillion, a gain of more than 41 percent in 14 days.
- May 11 to May 23, 2021: The market cap of all cryptos falls from $2.4 trillion to $1.4 trillion, a loss of nearly 42 percent in 13 days.
With most traditional assets, you can more or less use them as savings. If you need cash for an emergency, then you can sell your stocks or bonds, pay for whatever you need, and buy back your assets when you get paid again. That’s much harder to do with crypto, because of the incredible volatility of the asset.
Not considering volatility is a common crypto pitfall. Investors sometimes buy too much thinking they can sell for cash if they need to, and then they have to sell at a loss.
But there is a way to avoid this pitfall. Consider holding enough stable assets such as cash, bonds, and gold to carry you through a crypto downturn. That may result in smaller gains, but it could also allow you to hold your crypto until the market recovers.
If you don’t want to leave the crypto ecosystem, then you could hold stablecoins backed by gold or U.S. dollars to protect against a downturn. These provide the added advantage that they can be held in your wallet securely.
Pro Tip: Not all wallets are created alike. Take some time to better understand them by reading up on the topic in our roundup of cryptocurrency wallets.
Pitfall 2: Not Realizing Crypto Transactions Are Irreversible
We’re used to using debit cards and bank transfers to make payments, which we can usually reverse if we make a mistake. If a store charges you the wrong amount on a debit card transaction, then the store will usually give you a refund or void the transaction. If you send a transfer to the wrong bank, then it will usually be rejected and sent back within a few days.
In extreme cases, a scammer may deliberately charge you the wrong amount on your credit card. But even then, you can usually get your money back by calling the card company and disputing the transaction.
We’ve gotten used to being able to recover our money if something goes wrong, since traditional digital payments are “reversible.” With crypto, however, transactions are usually not reversible because nobody has the authority to issue the reversal.
Let’s say you are trying to deposit crypto from a mobile wallet to an exchange. Cutting and pasting text on a mobile phone can be irritating, so you decide to hand-type the address into your exchange app on your desktop PC. But you leave out one character at the end or accidently use a lowercase letter instead of an uppercase one. You send the transaction, but the deposit never arrives. After investigating, you realize you’ve sent the crypto to the wrong address. Oops!
At this point, there is nothing you can do to recover your funds. Since you signed the transaction authorizing it being sent to that address, all the network validators have to honor the transaction as valid. None of them can help you, and your crypto is gone forever.
Cash or Crypto?: Keep in mind that crypto transactions are like cash in some ways. If you give your cash to the wrong person, that person may run off with your money instead of admitting you’ve got the wrong guy or gal. If you drop your cash on the street, it may get washed into a drain or blow away in the wind. In these cases, there is no one to turn to for help.
If you’re sending crypto to another person or depositing it in an exchange, then you may want to email the address to yourself or just use mobile copy and paste to make sure the address is correct — because once the transaction is confirmed, there is no way to take it back!
Pitfall 3: Failing to Do Your Research
In the crypto world, there are a lot of opportunities to get insane rates of return. Some DeFi apps advertise yields as high as 13 percent per day.
With yields like that, it can be easy to be consumed by fear of missing out (FOMO) and forget to do research. Maybe you hear an app pays 30 percent APR daily, but it turns out the token produced by the app doesn’t do anything. It has no utility. Oh, and did I mention the yield you are expecting gets paid out in this token?
Some projects have great “tokenomics.” The developers have thought deeply about what will make the token have value and go up in price, and they’ve implemented features in the app that will likely make it rise in price over time.
What Is Tokenomics? In the crypto community, the term “tokenomics” is used to describe the supply and demand characteristics of a token. A coin with good tokenomics will be useful for something, and this usefulness will drive demand. It will also have a low inflation rate. By contrast, a coin with bad tokenomics will have little to no utility and high inflation.
Other projects just rely on new traders “aping in” (or jumping on the bandwagon) based on hype the developers have built through paid YouTube promotions and marketing on Twitter. More often than not, these flimsy projects with no real use case crash hard as soon as the developers bleed out their advertising budget and the hype comes to an end.
The simplest way to distinguish between good and bad projects is to read the developers’ docs. The good projects will usually provide detailed, hype-free articles in their docs pages. The economics of these projects may seem complex, but they should make sense logically once the entire system is understood.
By contrast, the projects that are just trying to lure in clueless investors will usually have docs that don’t make sense or that read like advertisements.
It’s easy to forget to do all this research when you see five YouTube videos in the same day by people who claim to be making phenomenal returns on the latest crypto-based fishing game (or other latest craze).
What is “Aping In” or “Aping Into”? You may hear cryptocurrency enthusiasts confess that they “aped into” a project and lost money. That means they followed the crowd and bought into a coin without doing their due diligence and researching the project.
The Dogecoin Days
Dogecoin is often brought up when discussing volatility and doing your own research. Dogecoin, or “Doge” for short, was released in December 2013, but hardly anyone paid attention to it in the beginning. Its market cap was in the $300 million to $500 million range.
Then Elon Musk started tweeting about it in early 2021. As the media reported on the tweets, the price of Dogecoin started to rise. In April, the Doge community decided to take advantage of the interest and engaged in a massive marketing campaign that claimed the price of Doge would rise on April 20, which they labeled “Doge Day.”2
The plan worked. As April 20 approached and passed, the price of Dogecoin rose astronomically, from $0.05 per coin on March 5 to $0.64 per coin on May 7 — a gain of over 1,150 percent!
But then early investors started dumping their coins to take profits. Over the next 70 days, Dogecoin lost over 70 percent of its value, bottoming out at $0.19 per coin. Investors who bought Dogecoin at the top collectively lost over $65 billion in the crash.
Had these investors read the Dogecoin whitepaper, they would have seen that the coin is almost identical to Bitcoin except it has a block reward of 10,000 coins per block.3 Bitcoin currently has a block reward of 6.25, so Dogecoin is Bitcoin with 1,600x greater inflation.
Pro Tip: If you’re brand new to crypto investing, consider reading our Coinbase review. It’s one of the most user-friendly exchanges out there.
That’s probably why so many Dogecoin investors dumped their coins at the top. They knew if they held on, the value of Doge would fall over time anyway because of the high inflation rate. Many of the investors who bought at the top didn’t realize that, because they fell into Crypto Pitfall 3: failing to research.
If you see some project being hyped to the moon, consider reading some of the docs and really thinking about it before jumping in. Do some research to understand exactly how cryptocurrencies gain value. Chances are, those crazy returns won’t go away overnight if it’s a legitimate project. If it’s a meme coin with no use cases, then you’ll probably realize it as soon as you start reading about it.
Pitfall 4: Over-trading (or Day Trading) Cryptocurrency
Another common crypto pitfall is over-trading.
You may run across crypto gurus who say they know how to predict the market. They’ll tell you they can know when a crypto’s price is going to rise or fall by looking at a chart.
But for most investors, trying to time the market doesn’t work.
The crypto market is unpredictable — as is every asset market, for that matter — so no one can predict where the crypto market will go in the next day or even the next hour. For most investors, the safest option is to buy assets that have good utility and hold them for years. That strategy is slow and boring, but it’s usually the most profitable.
Some crypto day traders are very successful at buying low and selling high on a daily basis. They can make several trades a day, every day, and still end up profitable in the long run, but those traders are often the first to say the key to their success is risk management. They risk only a small part of their portfolio with each trade, and they often lose individual trades.
Some of them lose the majority of their trades, but they still make money over the long run because their losing trades are small and their winning trades are big.
This is similar to the way professional poker players make money — but, just as most poker players lose money, so do most crypto traders.
Did You Know: A recent study found that over 80 percent of day traders lose money.4
Pitfall 5: Giving Away Your Private Key or Seed Words
We all know not to give away our website passwords. We’re constantly told that if our passwords leak, they may be found on the Dark Web where hackers will use them to steal our identity. Most of us are well aware of the risk of accidentally giving away our passwords or having them leaked in some way.
But blockchain and cryptocurrency fundamentally change the way we interact with websites. Instead of using a password to log in, we just push a button and sign a message. It’s so much simpler and more convenient.
There are still passwords in the blockchain world though. They’re called “private keys,” and someone can steal all your crypto if they get your private key. You can read more on this in our rundown of crypto keys and passwords, but the big takeaway is that you need to keep these pieces of information safe.
Protect Your Private Key
Unlike your password on traditional websites, you don’t have to remember your private key. Instead, the key is stored on your device in an encrypted form, and you use a traditional password to decrypt the key and “unlock” your wallet.
That can lead to a feeling that the password is the important piece of information, when actually it’s the key that needs to be protected. An attacker may take advantage of that feeling to convince you to give away your key.
Pro Tip: If an attacker has your password, they still can’t access your wallet account without your private key or seed words. If they have your unencrypted private key or seed words, then they can access your account without your password.
Say you’re browsing websites of new DeFi apps, looking for an unknown gem with a high rate of return. You run across a malicious site, and it causes a pop-up box to appear in your browser that looks like your wallet.
The pop-up says a security vulnerability has been discovered in your wallet, and you need to enter your private key to prove you are the owner of the account. The message may even include instructions on how to find your private key, since most users don’t even know how to find it in the menu (and it’s deliberately hidden from you to keep this from happening). If you enter your private key into the field provided, all your crypto can be transferred to the attacker’s wallet.
Private keys may look like this:
Warning: These sample private keys are public and should never be used for your own crypto.
Secure Your Seed Words
Another thing to watch out for is websites that tell you to enter your “seed words,” a set of words you are given when you first set up your wallet. They can be used to derive multiple private keys, each corresponding to a different crypto account.
Since all your private keys can be derived from your seed words, giving away your seed words is even worse than giving away your private key. If an attacker gets your private key to one account, then they can steal your crypto from only that one account. If they get your seed words, then they can steal the crypto from every single account you have tied to that wallet.
Giving away your private key or seed words is an easy pit to fall into, but avoiding it is also simple. Avoid entering your seed words or private key into your wallet or browser page except when you first install or reinstall the wallet.
When you reinstall the wallet, it will open to a special local-host page that is not connected to any website. You can enter your seed words on this page. If you are on a page with a URL starting with “https://www,” then just avoid entering your seed words.
Seed words can look like:
- across loan step quit power pilot huge moment cloth thought vote police
- miracle behind always noodle stadium snake parade exit primary learn frame custom
- yard kid once liar enroll cinnamon miracle slender purity east galaxy exhibit
Warning: These sample seed words are public and should never be used for your own crypto.
Pitfall 6: Not Enabling Two-Factor Authentication
Another common crypto pitfall is not enabling two-factor authentication (2FA). That can be a big problem if you need to keep your crypto on an exchange. Read more on selecting a legitimate crypto exchange in our in-depth guide, but for now, let’s talk about security.
If your crypto is on an exchange instead of in your wallet, then it can be stolen by anyone who gets access to your exchange account. Centralized exchanges use old security protocols such as usernames and passwords, so they’re especially easy to circumvent.
Did You Know: A password is usually easier for an attacker to obtain than a private key. Passwords can be reset, and websites have to store them on their server, making it an easy target. Private keys are stored only on your device, do not need to be known by any websites, and cannot be reset.
If an attacker gets access to your email account, then they can use the “reset my password” feature to create a new password and lock you out of your exchange account. If you use the same password on multiple sites, they can circumvent the security on one of the other sites to steal your password hash from there, and then use hash-cracking software to get your actual password.
If you have no choice but to keep your crypto on an exchange, then you can help protect yourself against these kinds of attacks by enabling 2FA. 2FA requires you to enter a code from your mobile phone anytime you log in to the exchange or make a withdrawal.
An attacker can still use SIM hijacking to steal your code if it is sent through text messages, so you may want to use an authenticator app such as Google Authenticator to be even safer.
What Is SIM Hijacking? SIM hijacking is a type of attack in which a hacker convinces your phone company to transfer service to themselves. It is often used to steal 2FA codes and hack into a user’s crypto exchange account. Using an authenticator app such as Google Authenticator for 2FA helps protect against this kind of attack.
Failing to enable 2FA is a common crypto danger. It’s easy to forget since not all exchanges require 2FA before allowing you to make a deposit or trade, but it’s also a simple pitfall to avoid. Enable it in your settings before you make your first deposit so you won’t have to remember it later.
The best way to protect against exchange hacks is to not keep crypto in an exchange in the first place, but, if you have to, enabling 2FA will at least give you an extra layer of protection.
The process for enabling 2FA varies from exchange to exchange, but the steps generally will be something like this:
- Log in to your exchange.
- Go to the Settings menu.
- Go to the Security menu.
- Click Activate 2FA.
- Download Google Authenticator (or a similar app) from your mobile app store.
- Aim your phone’s camera at your PC, and scan the QR code.
- In the exchange app on your PC, enter the code provided by your phone.
Pitfall 7: Approving a Malicious dApp to Spend Your Tokens
Another common crypto pitfall is unwittingly approving a malicious digital app (dApp) to spend your tokens. As more and more people start using DeFi, I see this problem crop up more frequently.
Let’s say you plan to deposit AVAX into a contract that will pay you a yield in the form of some kind of token — we’ll call it Farm Token (FT). You deposit $100 worth of AVAX into the contract and wait for it to pay out your FT, but it turns out the dApp is malicious and it steals your $100 of AVAX. You realize you should have investigated the dApp more. Maybe you should have read the code or looked it up on message boards to see if someone had discovered malicious code in it. But you also breathe a sigh of relief that you only lost $100 worth of AVAX.
Now let’s take another example: You have $10,000 worth of DAI in your wallet, and you plan to deposit $100 worth of DAI.e into a contract and earn Farm Token in return. To use the dApp, you have to first tell the DAI.e contract that the dApp is allowed to use your tokens.
You push a button on the dApp to call the “approve” function on the DAI.e contract, allowing the dApp to use your tokens. But you don’t want to call this function every time you make a deposit, so you approve an infinite number of tokens. You push the button to deposit $100 worth of DAI.e. Everything seems fine, but a week later you find that the other $9,900 worth of DAI.e in your account has been mysteriously moved to an address you’ve never heard of.
What happened is that there was a line of code in the dApp that allowed its owner to transfer all of your DAI to themselves. If you had deposited the network’s native coin, then it wouldn’t have been possible. You would have been able to lose only what you deposited.
But tokens don’t work the way native coins do.
Pro Tip: To use a token in a dApp, you have to first call the “approve” function in the token contract. That authorizes the dApp to use your token. If you approve an infinite number of tokens, then the dApp can take all your tokens if that is what it is programmed to do.
Luckily, there are a few simple ways to avoid this pitfall.
One way is to alter the “approve” call within the interface so it doesn’t make an unlimited approval. That way, you’ll limit your losses if the dApp turns out to be malicious.
These malicious dApps, however, usually don’t give you the option to change the amount you approve. Another option is to use a command line to make the call, but most users don’t know how to or don’t want to bother with using a command line to call a function.
Another way to avoid this pitfall is to use only dApps that have been around for a while and have a good reputation. The code on the blockchain is public, so word will get out pretty quickly if a dApp is malicious. If a dApp is popular and has been around for months, it likely doesn’t have malicious code — but you still never know.
If you know how to read Solidity, then you can also look up the contracts on a block explorer and read the code yourself. Look for an ownerOnly or adminOnly function that allows the developer to transfer your funds into their own wallet. If you see only unreadable bytecode, that means the developer hasn’t submitted the human-readable version of it. That’s a big red flag, and the dApp should probably be avoided.
Some dApps with a good reputation include:
- Tomb Finance
Pitfall 8: Unknowingly Investing in a Ponzi or Multilevel-Marketing Scheme
There are loads of crypto projects out there. Many are completely legitimate attempts to provide value to users, but some are outright Ponzi schemes.
There are lots of different crypto Ponzi schemes, some of which claim outright they are Ponzi or pyramid schemes! PoWH.io allows you to buy a token called P3D. Every time someone buys or sells the token, the dApp levies a 10 percent tax on the buyer or seller. The tax is distributed to all the people holding P3D. There is no utility to the token except that it allows you to receive this tax.
Fomo3D allows you to buy a “key” token. Once you buy it, every subsequent purchase of a key sends crypto to all the current key holders. Meanwhile, a timer counts down if no one buys a key. As soon as someone buys a key, the timer resets. If the timer goes to zero, then the dApp is drained of all funds and rewards are distributed to investors based on which “teams” they joined.
To be fair, these particular Ponzis can be thought of as games or a form of gambling. They aren’t necessarily trying to lure investors into believing they are legitimate investments.
But there are other Ponzis that claim to be legitimate. Some networks provide passive U.S. dollar yields to investors, but these dApps do not provide any utility except (maybe) entertainment value, and the yields paid out come from new investors buying in. If it seems too good to be true, then it just might be.
Crypto Buyer Beware: Ponzi projects are usually combined with multilevel-marketing (MLM) schemes, in which you can get a percentage of someone else’s deposit if you invite them to participate. If you get someone to deposit to the app through your own affiliate link, for example, then you may get 1 percent of everything they deposit. They are designed so early entrants get rich if the project manages to pull in later investors, but the way they accomplish that is by allowing early entrants to drain the pot and leave newer investors with little to nothing.
Ponzi projects are often promoted heavily on YouTube and Twitter, as the early entrants make videos or post tweets bragging about how much money they are allegedly making from the app. By the time the posts rank highly on social media, most or all of the money has already been made and the investors coming in are just providing exit liquidity for the founders.
Unknowingly investing in a Ponzi scheme is a common crypto pitfall, but there are a few ways to avoid it.
First, check the link provided to see if it looks like a normal URL. If it says something like “?ref=0xab5801a7d398351b8be11c439e05c5b3259aec9b” at the end, it’s probably a referral link, and the person who handed it out is probably just trying to build up the pot so they can exit.
Second, read the docs or the text on the website to see how the app works. If it’s a Ponzi scheme, it may be obvious just by reading the website copy. Many of these schemes don’t even try to hide what they’re doing.
You may also encounter apps with vague docs that simply talk about how much money you’ll make by investing, and those docs will also have referral links on them. You may not be able to prove it’s a Ponzi, but it probably is if the developers can’t explain clearly how the app works.
If you want to participate in a Ponzi scheme purely as a form of entertainment, then that’s up to you. But getting involved in one unknowingly is a common crypto pitfall.
Pitfall 9: Falling for a Rug Pull
Another common crypto pitfall is to fall for a “rug pull.” A rug pull is a scam in which the project founder invites users to invest crypto in the project, and then runs off with the crypto once enough investors have piled in.
One of the most common forms of rug pull is a rebaseDAO rug pull.
Did You Know: RebaseDAOs are a fairly new type of DeFi app that operate like an investment fund. The first one of its kind was OlympusDAO, also known as OHM. Many rebaseDAOs are legitimate, but some are rug pull scams.
All rebaseDAOs have a “manage” function in the contract that the developer can use to pull crypto out of the project. That function is supposed to be used to save the funds if a security flaw is discovered in the contract, but the developer can also use it to run off with investors’ money.
ParrotDAO was a rebaseDAO that launched in November 2021 offering the highest yield of any rebaseDAO in history. On Dec. 23, 2021, the Discord account for the project was deleted, all the funds in the treasury were drained into the developers’ wallets, and none of them were ever heard from again. Millions of dollars were lost in the scam.
Another example of a rug pull scam is a liquidity rug pull, which usually happens on decentralized exchanges such as Uniswap, TraderJoe.xyz, and ViperSwap. The scammer creates a new token and makes a “liquidity pool” in the exchange, and then they hype up the project on Twitter or another social media channel.
What Is a Liquidity Pool?: On a decentralized exchange (DEX), a liquidity pool is a pool of tokens where 50 percent is one token and 50 percent is another. When you buy or sell tokens on a DEX, the token you provide goes into the pool and the token you receive comes from the pool.
Once investors buy a significant amount of the coin, the founder pulls all the crypto out of the liquidity pool, which immediately crashes the price and makes selling the token nearly impossible.
Falling for a rug pull is a very common crypto pitfall, but it can be minimized or avoided through a few strategies.
- First, try to invest only in projects whose founders have revealed their true identities. Most rug pulls have anonymous founders, which prevents them from being prosecuted for their fraud. If the team is doxxed, then it’s less likely to be a rug pull.
- Second, try not to invest more than you can lose in a project that is relatively unknown and has a small community. These can be some of the most profitable projects, but they can also end up being rug pulls.
- Third, if you’re going to invest in completely new projects with founders who are not doxxed, then you may want to consider diversifying into many different projects. That way, if one particular project ends up being a scam, you won’t lose your whole pot.
Now, let’s wrap up what we’ve discussed.
Final Words on Avoiding Common Crypto Pitfalls
Crypto can be an exciting investment, but there are also plenty of pitfalls to avoid.
Some pitfalls are caused by simply not understanding new technology. It may be easy, for example, to accidentally give away your private key or seed words if you don’t understand what they are.
Other pitfalls happen when a crypto newcomer (or even seasoned crypto investor) doesn’t do their due diligence and research the projects they invest in. They hop on the hype train, as it were, and often lose money in the deal. I strongly recommend reading our guide to everything crypto to get a better understanding of this world before you start making investments.
Still other pitfalls occur because of the high rate of return offered by seemingly legitimate crypto projects, which sometimes makes it difficult to distinguish among legitimate projects, rug pulls, Ponzi schemes, and malicious dApps.
There are certainly lots of things to consider if you’re new to crypto, but don’t let it scare you away from cryptocurrencies entirely. There are ways to stay safe out there while having fun buying Bitcoin and other coins.
Just keep these nine points in mind to give yourself the best chance of buying and selling crypto without falling victim to a scheme or other crypto pitfall.
Barron's. (2022, Feb 12). Banks Want to Be a Bridge to Bitcoin. How to Invest.
Fortune. (2021, Apr 19). Dogecoin traders push to make April 20 ‘Doge Day’.
whitepaper. (2019). Dogecoin Whitepaper.
SSRN. (2020, Oct 23). Attention Induced Trading and Returns: Evidence from Robinhood Users.