Ch8. Crypto Investment Risks — Volatility, Hacks, and Scams Fully Analyzed

Volatility in Crypto Markets

Bitcoin can gain or lose 20% or more in a single day. Why is the volatility so extreme?

Why volatility is so severe:

1. Small market size (roughly 1–2% of global equity markets)
   → A single "whale" (large holder) can move the entire market

2. 24/7/365 trading
   → Immediate reaction to every piece of news or tweet

3. Excessive leveraged trading
   → Sharp price drops trigger cascading liquidations (liquidation cascade)

4. Regulatory uncertainty
   → Highly sensitive to SEC lawsuits, country-level bans

5. Sentiment-driven market
   → FOMO (fear of missing out) and FUD (fear, uncertainty, doubt) cycles

Historical Major Crashes

Year	Event	BTC Drawdown
2017–18	ICO bubble collapse	84%
2020	COVID shock	50% (in one day)
2021–22	Luna collapse & FTX bankruptcy	77%
2022	Rate hike shock	65%

Exchange Hack Risk

Major Exchange Hacks

Mt. Gox (2014): 850,000 BTC stolen, exchange went bankrupt
Bitfinex (2016): 120,000 BTC stolen (~$65 million)
Coincheck (2018): ~$530 million in NEM stolen
FTX (2022): Hacking + internal fraud, ~$35 billion in losses

Why Exchanges Are Dangerous

Exchange wallet = Custodial (third-party custody)
→ Your coins, but managed by the exchange
→ If exchange goes bankrupt or gets hacked → you can lose your coins

"Not your keys, not your coins"
If you don't hold the private keys, you're not the true owner

Safer Storage: Personal Wallets

Hot Wallet (online): MetaMask, Trust Wallet
→ Convenient but vulnerable to hacks

Cold Wallet (offline): Ledger, Trezor hardware wallets
→ Never connected to the internet — the safest option
→ However, difficult to recover if lost or damaged (must back up seed phrase)

Scam Encyclopedia

Rug Pull

How it works:
1. Launch a convincing project
2. Collect investor funds
3. Dev team drains all liquidity and disappears

Warning signs:
- Anonymous team
- No smart contract audit
- Rapid listing followed by intense marketing
- Tokens with no lockup

Famous case: Squid Game Token (2021 — collapsed 99.99% in a single day)

Ponzi / Pyramid Schemes

Ponzi scheme:
New investors' money is used to pay existing investors
→ Collapses when new investors dry up

Crypto Ponzi warning signs:
- Guaranteed daily returns of 1–5%
- "30% monthly returns through staking"
- Excessive referral commissions

Phishing Attacks

Methods:
- Fake exchange websites (URL differs by one character)
- Fake MetaMask pop-ups
- Fake admins on Discord / Telegram
- Requests for your seed phrase under the guise of an airdrop

Rule: NEVER share your seed phrase with anyone, for any reason

Pump and Dump

How it works:
1. Accumulate a large position in a low-volume coin (price rises)
2. Spread "insider information" rumors via social media / Telegram
3. Once retail investors pile in, quietly sell
4. Retail investors are left holding the bag at the top

Risk Management Principles

Position Sizing

Only invest what you can afford to lose:
- Recommended crypto allocation: no more than 5–10% of total portfolio
- Never go all-in on a single coin
- Leveraged trading: strongly advised against for beginners

Security Checklist

Exchange security:
☐ Enable 2FA (two-factor authentication) — use an authenticator app, not SMS
☐ Set up an outbound address whitelist
☐ Use a different password for your exchange than for your email

Personal wallet:
☐ Store your seed phrase (12–24 words) offline, on paper
☐ Keep large amounts in a hardware wallet
☐ Never connect your wallet to suspicious websites

Special Risks in DeFi

Smart contract bugs:
→ Code vulnerability hacks: DeFi hacks exceeded $3 billion in 2022
→ Even audited protocols offer no 100% security guarantee

Impermanent Loss:
→ When providing liquidity, price changes between the paired assets
   can result in a worse outcome than simply holding

Oracle Manipulation:
→ Price data fetched from external sources can be manipulated by attackers

“Not your keys, not your coins” — leaving coins on an exchange carries real risk Rug pull warning signs: anonymous team + no audit + rapid listing + no token lockup Seed phrase: NEVER share, NEVER store online Crypto allocation: no more than 5–10% of total portfolio is recommended