Unless you've been living under a rock for the past few weeks, you've probably heard a little something about a digital currency called Bitcoin. The price of this and other cryptocurrencies has been soaring, and it's driving a tulip mania-style frenzy on Wall Street.

There is so much hype about alt-coins lately that there are now reports of people even taking out second mortgages and home equity lines to buy them. The volatility is so great that the Chicago Board Options Exchange (CBOE) halted bitcoin trading twice on Dec. 10 and once again on Dec. 13, and Coinbase halted litecoin and ethereum trading on Dec. 12.

For years, financial analysts have warned people away from cryptocurrency by arguing that it was too volatile to be a safe investment. However, with prices going sky-high, it's hard for investors and entrepreneurs to sit on the sidelines while a major new asset class
emerges.

However, before people take the plunge, they need to understand the risks. The cryptocurrency markets aren't just volatile, they are also extremely murky and riddled with fraud. Since the launch of bitcoin in 2009, these markets have been plagued with cyber attacks and scams that have cost investors millions of dollars. To make matters worse, cryptocurrency isn't protected by the FDIC, so losses due to theft may not be covered.
There are two main ways cryptocurrency investors can lose their shirts to scammers.

The first is when hackers attack the infrastructure underpinning these coin markets (ex: exchanges, digital wallets, mining companies, web host services, etc.). Reuters estimates that 980,000 bitcoins have been stolen from cryptocurrency exchanges since 2011, the equivalent of $15 billion to $18 billion at current prices. Recent examples of this include the NiceHash hack in December, which lost $64 million in investors' money; also, in November, Tether was hacked for $30 million; and someone exploited a software bug in Parity to freeze $160 million in investors' accounts. And let's not forget the massive Mt. Gox hack in 2014 -- $460 million was lost as a result.
The second is when criminals target investors directly. There are a variety of these online scams, which often use "social engineering" tactics, but the primary ones to worry about are initial coin offering (ICO) fraud, phone-porting, fake wallets and malware.

While there is not much investors can do to protect themselves against attacks on the cryptocurrency system, they can take measures to lower their own risk of falling for a targeted attack.
Here is a breakdown of these four attacks and ways to reduce the threat:

Initial Coin Offering (ICO) fraud
An ICO is when a newly invented cryptocurrency is launched to investors. Needless to say, this is an unregulated and risky activity all by itself, but it is also plagued by scammers.

There are two ways ICO fraud happens. The first is when criminals create a fake ICO and steal any money that investors give them. This is what happened in December, when the SEC shut down the PlexCoin ICO, which it alleges was a $15 million fraud.

The second type of ICO fraud is when hackers "spoof," or impersonate, a legitimate ICO and trick investors into paying them instead of the real company. This happened recently with messaging giant Kik's ICO, which goes to show it can affect even well-established companies. Typically, cybercriminals will create a fake website or social media account and use phishing emails to promote a phony "pre-sale" offer or other trick. Chainalysis recently estimated that ICO spoofing has victimized 30,000 investors this year alone, to the tune of $225 million.

Security tip:

Do sufficient research on an ICO before buying in. Check industry sites like CoinDesk to verify the legitimacy of a claimed ICO. Don't fall for hard sell tactics or too-good-to-be-true offers, especially when received over email or social media messaging, as these are likely phishing attempts. See the SEC's tips on ICO investments.

Phone-porting
Cell phone identity theft, also known as "phone-porting," is when criminals commandeer a person's phone number by tricking the mobile provider into giving them control of the account. Once they have the phone number, they can reset the password to a digital wallet and drain the account. Since these cryptocurrency transactions can't be reversed, the investor can lose everything. According to Federal Trade Commission statistics, phone-porting attacks in general rose by 256 percent between 2013 and 2016.

Security tip:

Mobile providers usually recommend adding a unique PIN and verification question to the account to improve security. However, a better solution is to switch two-factor authentication from SMS to a third-party service like Google Authenticator

Watch out for Fake digital wallets.