Alchemy University

Ch. 9: Risks, Safety, Regulation, and Ethics

Course/Ch. 9: Risks, Safety, Regulation, and Ethics
Lesson 9.17 min read

Financial Risks and Scams

One of the most immediate risks in the crypto world is financial loss – the volatility of assets is high, and the space has attracted scammers exploiting greed and ignorance.

Volatility and Market Risks:
Cryptocurrencies and tokens can swing wildly in price. It’s common to see drops or spikes of 20%+ in a day for many assets. Bitcoin itself has gone through multiple ~80% drawdowns historically. Even “stablecoins” that are supposed to be pegged to $1 have failed under stress (e.g., TerraUSD in 2022).

🔎 Sidebar: Real-World Risk
In the Terra collapse, everyday users lost life savings overnight. The algorithmic peg broke due to structural flaws in the protocol’s incentives—showing that smart contract code alone can’t always maintain stability without real-world economic backing.

Diversification is crucial. Don't put all your eggs in one token—especially not a new, untested project. With all financial investments, it’s wise to start by identifying your goals and risk tolerance before jumping in; with crypto, this is also important.

Scams and Fraud:
Unfortunately, crypto has its share of scams – partly because transactions are final (no bank to call for chargeback) and pseudonymity can hide perpetrators. Common ones include:

  • Phishing: Scammers try to get your private key or seed phrase by impersonating support or creating fake wallet apps/sites. E.g., a user might search for a wallet site and click a Google ad for a fake one, enter their seed – then funds get stolen. Or get an email “Your account is compromised, enter seed to verify” – a trick. The rule is: Never share your seed phrase or private keys, not even with “support staff” (legitimate support staff will never ask).

phishing-trap

🚨 Pro Tip: Bookmark verified dApp URLs and wallet interfaces. Never click links from DMs or emails—even if they “look” official.

  • Rug Pulls: A developer launches a token or DeFi project, hypes it, people invest, then the devs suddenly take the funds and disappear (or they coded the contract to allow them to mint lots of tokens or drain liquidity). This happened a lot during DeFi and NFT booms, where anonymous teams launched stuff and ran away with millions. It’s hard to fully prevent except by doing research: look if code is audited, if team is known or has a track record, how the smart contract is set up (some have time locks or multisigs to reduce single-person control). Community vigilance has gotten better – e.g., users often check if a project’s liquidity is locked in a contract (meaning devs can’t rug it easily). Still, many fall for get-rich-quick schemes.

rug-pull-rodeo

  • Honeypots: A honeypot is a type of scam token that lets users buy in—but blocks them from selling. On the surface, the token might look like it’s skyrocketing in price, attracting FOMO. But when buyers try to cash out, the contract has restrictions preventing it—or taxing it at nearly 100%. The scammers can then drain liquidity at the peak, leaving everyone else trapped.

Red flags include anonymous contracts with no verified source code, very low liquidity, or unusually complex transfer logic in the contract.

  • Ponzi or HYIP schemes: Some yield farming or investment dApps promise extremely high returns (like 5% a day). These often are unsustainable and essentially use new depositors’ money to pay earlier ones – a crypto Ponzi. Eventually they collapse and latecomers lose out. If something’s returns seem too good to be true, it likely is. Always ask: where is the yield coming from? If it’s just referral bonuses or token emissions with no real revenue, be cautious.

  • Hacks and Exploits: Even if the team is honest, a bug can let hackers steal user funds from a protocol. In 2022, about $3.8 billion was stolen from crypto hacks, much of it from DeFi protocols (82% of stolen crypto in 2022 came from DeFi). Big examples: the Poly Network hack ($600M+ stolen, though hacker returned it), Wormhole bridge hack ($325M), Ronin (Axie Infinity) bridge hack ($600M). These show technical risk: if you put money in a smart contract, it’s as safe as that code. Audits help but not guarantee (some hacked projects were audited). That’s why some are cautious about new or unaudited protocols. There’s also risk in smart contracts you interact with maliciously: e.g., signing a bad transaction that gives someone access to all your tokens. Tools exist to revoke token allowances and secure your wallet usage.

📘 Sidebar: Smart Contracts = Public Bank Vaults Unlike centralized platforms, DeFi protocols expose their code to the world. That’s a double-edged sword—anyone can inspect the code, but also anyone can exploit it if it's poorly written.

  • NFT Scams: Lots of copycat or fake NFT collections – e.g., someone clones Bored Ape images and sells them on a slightly tweaked name. Marketplaces improved verification (verified checkmarks for official collections). Another scam: you get a random NFT in your wallet and the NFT’s link promises a reward or something – but if you go to that link and connect your wallet, it’s a phishing site that might trick you into signing a transaction to drain your wallet. So don’t trust random airdropped NFTs; some keep them in a separate account or hide them on the interface.

  • Impersonation and Social Scams: Scammers often impersonate known figures or support in Telegram/Discord. Always verify if someone offering help is real – most support won’t DM first. Also, "send me 1 ETH and I'll send back 2 ETH" giveaways by fake Elon Musk accounts were big on Twitter – obviously a scam, but many lost money. Another scenario: an online friend from a community might gradually trick you into an “investment scheme” (like classic con-artistry, just now with crypto). Basic skeptical mindset helps.

Personal Safety Measures:

  • Use hardware wallets for large amounts or long-term hold. They keep keys offline, making it much harder for malware to steal them. Even if you connect to a bad site, the device shows details of what you’re signing.

  • Use trusted sources: only download wallets from official websites or app stores (and double-check it’s not a fake app with a similar name). For DeFi, go via known aggregator sites or directly typing the correct URL (bookmarks help).

  • Double-check transactions: When signing with your wallet, read what it says (e.g., “Giving unlimited permission to spend your USDC” – that’s a typical one when using DEX; that’s okay in context of a legit DEX, but if you see an unknown contract asking unlimited spend access, be cautious).

  • Test with small amounts first if trying a new platform. And you don’t have to chase every new shiny project – stick to more established ones to reduce risk.

  • Keep backups of your seed phrase (offline, in a safe place). If you lose access to wallet and seed is lost, your funds are gone permanently (there’s no forgot password in true self-custody).

  • For active DeFi users, use multiple wallets with different risk levels: e.g., one wallet only holds assets, rarely interacts (safe); another is your daily “checking account” wallet for playing with dApps – if that gets compromised, your main funds are safe. You can transfer as needed from cold to hot wallet.

web3-security-tool-kit

  • Stay informed: the community often alerts about new scams or hacks on social media. If something major is hacked, people spread the word to withdraw funds from similar protocols or avoid certain tokens.

Emotional risk: The 24/7 crypto markets can be stressful; people can get addicted to trading or overly anxious. It’s important to keep perspective, maybe set rules for yourself (like don’t check prices constantly, etc.). The meme “have fun staying poor” pressured many to FOMO in; but better to be rational and not gamble rent money on dogecoin or random tips. Education like this is crucial: we want young people to engage and innovate, but also to approach it as building long-term value, not zero-sum speculation.