It’s been a big year for digital assets. With growing interest in the space and mainstream acceptance, the value of the cryptocurrency market briefly surpassed $3 trillion in November, and top coins like bitcoin and ether hit all-time highs.
But with the hype, scammers saw opportunity. Between January and July alone, $681 million was exploited in major cryptocurrency thefts, hacks and fraud, according to intelligence firm CipherTrace.
This year overall, many of the most notable hacks involved decentralized finance, or DeFi, projects, with more than $10 billion lost to DeFi theft and fraud, a November report from blockchain analytics firm Elliptic shows.
Though it’s impossible to find a sure bet, experts recommend investors fully understand the risks surrounding cryptocurrency, and DeFi especially, before buying in. There are also a few common scams and pitfalls to be aware of when trying to protect your investments.
Here are some tips.
1. Research thoroughly
In June, billionaire investor Mark Cuban lost big when trading a DeFi token that ended up crashing to zero in one day. His major takeaway? “Do your own research,” he told CNBC Make It.
DeFi or not, investors should take time to research before buying into any crypto project or token.
While no checklist is foolproof, investors should start by looking into a project or token’s website, where it’s available to buy, its white paper and its listed developers or founders. Though these attributes aren’t the only markers of whether something is sketchy or not, they can be helpful when trying to determine what to invest in and reveal more about a project that wasn’t obvious at first glance.
2. Check out the smart contract
Smart contracts, or collections of code that carry out a set of instructions on the blockchain, are essential for most crypto-based projects to run.
Although they can be quite technical, it’s worth checking out the smart contract behind a project, or asking someone knowledgeable about the space to do so. That’s because if there is an issue with a developer’s code, then there could potentially be weaknesses within the project.
When Poly Network, a DeFi platform that connects different blockchains, was hacked in August, experts said that the hacker was able to exploit an issue with the coding of the network. Though the hacker ultimately returned the stolen funds, it was one of the biggest cryptocurrency thefts ever.
That’s why it’s worth looking for projects that take safety precautions and are well-audited, says John Wu, president of Ava Labs, a team supporting development of DeFi applications on the Avalanche blockchain. An audit aims to uncover if there are issues in a project’s development, including if it’s possible for a central party to control the network or its funds.