Zone 1
Risk & Security

Crypto resources to help minimize your risk and maximize your returns

Comprehensive Guide to Crypto Risk Management


Minimize crypto risk to maximize returns 

Cryptocurrency evangelists focus on high returns and the revolutionary nature of the technology which has attracted millions of individual investors, businesses and institutions. Yet crypto comes with a new realm of risk that can significantly impact your investments and operations. Effective crypto risk management is crucial to navigating this new landscape. This guide provides an in-depth look at the major risks associated with cryptocurrency and strategies to mitigate them.

Benjamin Graham, godfather of value investing and mentor to Warren Buffett, famously said:

“The essence of investment management is the management of risk NOT the management of returns.”


Key Takeaway

Always think about risk first and foremost. If you aren’t thinking about risk you are automatically asking for low returns. Returns are simply a byproduct of risk management.

Never bought Bitcoin?

Start investing in crypto in 59 minutes or less

FREE Jump Start Course

Understanding crypto risk management 

Crypto risk management involves identifying, assessing, and mitigating risks associated with investing in and using cryptocurrencies. This is easier said than done. These risks can range from technical risks to cybersecurity threats, regulatory uncertainty, and operational challenges. Crypto risk management requires a new skill set for a new realm of risk, but also starts with legacy risk management strategy. This is essential to protect your assets and ensure long-term success in the crypto market.

Mastering crypto risk is like getting the most advanced risk management course. It takes time to develop a crypto risk skillset so be very patient.

What is the biggest risk in crypto?

YOU are the biggest risk in crypto. Most people tell you it’s volatility or scammers, and while these are in fact considerable risks, they are far from the biggest risk.

The three enemies in crypto: 

  1. You (your own worst enemy)
  2. The enemy within (employees and trusted parties)
  3. The external hacker

Key Takeaway

You are your own worst enemy, accounting for more risk than the enemy within and external hackers combined. This is (ironically) good news because it’s where you have the most control.


Key risks in crypto

Market risk

Market volatility is the rapid and unpredictable price movements of cryptocurrencies. Every market has volatility, including stocks, commodities and FX (foreign exchange/fiat currencies). Just tap on your favorite weather app and you’ll find one of the best examples of volatility. Everything is volatile to different degrees and crypto exhibits more volatility than most markets, but it’s the nature of markets. 

Just tap on your favorite weather app and you’ll find one of the best examples of volatility.
Everything is volatile to different degrees and crypto exhibits more volatility than most markets, but it’s the nature of markets. 

Naysayers and nocoiners tend to focus on volatility as if it only happens in crypto markets. People hear this volatility-heavy discourse on podcasts and conclude crypto is a bad investment (or technology) because its volatile. That’s the equivalent of hearing about stocks, gold and volatility all for the first time and never investing in stocks, for example, because they carry too much risk.

Volatility is a risk in all markets, but it gets disproportionately overblown in crypto at the expense of other risks. Furthermore, anyone who talks about volatility or any thing else crypto should have to disclose if they are a nocoiner (someone who has never used crypto). Anyone who doesn’t own crypto or hasn’t used crypto should keep their mouth shut with negative crypto commentary.

Crypto market volatility mitigation strategies

  • Diversification – Spread investments across multiple cryptocurrencies to reduce the impact of a single asset's price movement. Most crypto prices typically move in tandem, but that will change over time.

  • Stablecoins – Allocate a portion of your portfolio to stablecoins, which are pegged to fiat currencies. You can sell crypto and park the profits in stablecoins until you’re ready to buy the next crypto asset.

  • Investment strategy – Determine your strategy or investing thesis. For example, a long-term buy and hold strategy won’t necessarily be impacted by volatility in the long run. This is true of any investment over a long time horizon.

Key Takeaway

Crypto volatility provides tremendous opportunities and conversely anyone can get rekt and lose significant assets. It’s a double edge sword so use it to your advantage while avoiding downside risk.


Cybersecurity threats

Cybersecurity is a critical concern in the crypto space due to the digital nature of cryptocurrencies. Hacks, phishing attacks, and malware can result in the loss of funds.

Crypto includes all the typical legacy cybersecurity threats plus a new set of risk arising from self-custody of crypto assets. For example, Alice knows she has to secure her bank login credentials, however her bank is responsible for the security of her funds and related information. Once Alice crosses over into crypto she is responsible for all her credentials, passwords, etc. and managing her own crypto assets. Managing your own assets comes with a new set of risks which explains why crypto risk management is the highest level game you can play.

Crypto security mitigation strategies

  • Password managers (PMs) – Use this tool to store all site credentials. Password managers should be used for safeguarding all credentials inside and outside of crypto. It’s a broader security tool. Centralized exchanges, for example, still use usernames and passwords.

  • Two-factor authentication (2FA) –  Enable 2FA on all crypto-related accounts to add an extra layer of security. 2FA is like a temporary code to access sites in addition to usernames and passwords. Only authenticator apps like Google Authenticator or Authy should be used for 2FA.

  • Email addresses – Use different email addresses for usernames and communication. Don’t use the same email over again for all your accounts. Hackers assume you’ll do this and proceed to brute force access to your accounts. 

Key Takeaway

Do NOT use SMS (text messages) for 2FA. Hackers use SIM swap attacks to highjack your phone number and gain access to all your SMS 2FA enabled sites.


Fraud and scams

Hackers and scammers are lurking everywhere. They love crypto because transactions are essentially irreversible and crypto assets can be liquidated and moved around very quickly.

Transactions and addresses are pseudonymous in nature, but many hackers have been identified and brought to justice with various techniques.

In addition, because of the transparent nature of blockchains you can “follow the money” easily. Exchanges sometimes blacklist or freeze funds known to be part of scam.

Fraud and scam risk mitigation strategies

  • Stay informed – Beware of email phishing schemes, social engineering and pig butchering. 
  • Study articles – There are many breaking stories about scams and hacks so read every story. They often tell tales about what NOT to do and the mistakes that people make. 
  • Education – The importance of crypto education can NOT be overemphasized. Continuous education is important for many reasons, but most importantly to increase your fraud and scam intelligence. Scammers and hackers are armed and ready to use social engineering to steal your crypto assets.
  • Too good to be true - Avoid promises of safe, oversized and guaranteed investing returns. For example, XYZ trading guarantees 60% returns monthly with a very safe investment. This has red flags written all over it. Learn how to spot a crypto scam.

Key Takeaway

There are two ways to invest, a direct investment and investing with someone who invests the money on your behalf like a financial advisor. Anyone who takes your money is a fiduciary who is subject to licensing and regulation in every jurisdiction around the world. Never let anyone invest your money based on outlandish claims and no pedigree.


  • Use regulated centralized exchanges in your jurisdiction. Always do your own research especially with decentralized finance (DeFi). DeFi is typically a direct investment that has its own set of risks and also tremendous opportunity.

Related: Top Crypto Fraud Risks and How to Avoid Them

Regulatory risks

The regulatory environment for cryptocurrencies is constantly evolving in every jurisdiction around the world. Changes in laws and regulations can impact the legality and value of cryptocurrencies. Surely you’ve heard the phrase, “news moves the markets.” This gets magnified in crypto and sometimes the market reaction to an obscure piece of news may not seem rational.

Crypto regulation risk mitigation strategies

  • Stay informed – Regularly monitor regulatory developments in your region and globally which can be done by reading crypto news. U.S. crypto regulation has largely been in the realm of uncertainty, especially the U.S. SEC, for example, mostly from a startup, business and institutional perspective. The lack of clarity means businesses will migrate to a jurisdiction with more regulatory clarity. Basically, you can’t play a game effectively and win if there is no rulebook.

Many DeFi platforms simply exclude U.S. persons with geofencing techniques from a lack of regulatory clarity. Legal counsel tells their client it’s easier to exclude than take the risk of being in the crosshairs of the SEC. 

  • Legal counsel - Consult with legal experts to navigate complex regulatory landscapes especially for business enterprises who are considering issuing a token.
  • Accounting – Consult with CPA or CA specialists in digital assets, especially if you have complex transactions. You could be missing a judgment call on the application of tax regs which could wildly change the outcome of your tax liability.

Key Takeaway

CPAs who are both power users and specialize in crypto are rare and challenging to find. Some have waiting lists so do your research and develop relationships early.


Technical risks

Technical risks include issues related to the technology and processes used in apps and managing crypto assets. This can include software bugs and technical failures. Smart contracts are self-executing programs stored on smart contract-enabled blockchains. Decentralized finance and decentralized exchanges use smart contracts to eliminate third parties from the finance equation.

Money is now programmable thanks to smart contracts. In addition, DeFi apps are like modular finance or money legos that work in tandem with and built on top of one another. Every bank is essentially the same as every other bank competing with one another while DeFi is the complete opposite.

Smart contracts are like software written with programming languages. All software has bugs and smart contracts are no different. The question is always how significant are the bugs.

Crypto risk mitigation strategies

  • Smart contract audits – Projects should disclose audits on their websites. Some apps get one or more audit to reduce the risk of significant bugs and provide assurance to users. Significant issues should be corrected by the developers and disclosed.

Key Takeaway

A smart contract audit does NOT guarantee an app is completely safe and operating as indented. An audit may identify bugs and provide recommendations, but the project developments may fail to make the corrections. In addition, many degens put funds into unaudited projects. You have to make the call on the amount of risk you are willing to take.


  • Observe and wait – Let new protocols and apps get seasoned for several days or weeks so any issues have a chance to come to the surface. This doesn’t guarantee anything but a really bad bug is most likely to get exploited quickly. 
  • Containerize – Manage risk by putting smaller asset amounts into new or unproven protocols. You can also add assets in tranches over time rather than aping in all at once.

    Don’t put all your ETH bags into the latest greatest app because it promises juicy incentives and a big potential airdrop.

Mitigating risks in crypto 

Effective risk mitigation involves a combination of strategies and best practices tailored to your specific needs and risk tolerance.


Diversification is a fundamental risk management strategy. By spreading investments across various cryptocurrencies, sectors, and asset classes, you can reduce the impact of a single asset's poor performance on your overall portfolio. Most people think of diversification under this definition, but the concept should be applied more broadly to increase your crypto risk management success.

Additional ways to diversify your crypto

  • Hardware wallets – Buy and deploy two or more hardware wallet brands.  They are the most secure way to store crypto, but keep in mind there are security incidents with hardware wallets. Don’t put all your eggs in a single basket.

  • Web3 browser wallets – There are multiple wallet choices for the same native assets. For example, MetaMask supports many EVM chains (Ethereum-compatible blockchains) like Avalanche (AVAX) and Fantom (FTM). Sometimes a new blockchain like Kaspa may only have one compatible wallet so you have to use that one if you own the native token. There are many reasons to have multiple wallets, but diversify your wallets to reduce your risk. 
  • Web browsers – Most Web3 browser wallets can be installed in the browser of your choice, such as Brave, Chrome and Firefox. Diversify browser risk by installing your wallets in different browsers. 
  • Liquid staking tokens (LSTs) – ATOM, the native token of the Cosmos interchain, can be staked to secure the network. Staking locks up the asset, but liquid staking solutions allow users to get additional return with LSTs. For example, ATOMs can be staked with Stride to get stATOMs or Quicksilver to get qATOMs. Each LST protocol has its own set of risk so diversify your LST positions. Learn more about how to make money crypto staking.

Key Takeaway

Apply diversification to everything in crypto. The above list has just a few examples, but you get the idea to containerize your risk at every step of your journey. This is how you minimize your risk of losing assets.

Secure storage solutions 

Securing your crypto assets is paramount. The choice of storage solutions can significantly affect your risk exposure. Reduce risk by diversifying your storage solutions as described above. The next most important thing is backing up your private keys and seed phrases in multiple offline locations. 

Private keys and seed phrases are the set of characters that represents all the assets you ever store on a particular wallet. Example of a 12-word seed phrase: timber, sword, where, noodle, joy, bear, admit, tuna, vibrant, museum, gossip, live. Whether you have $500 of assets or $5MM of assets stored on your wallet, guard those 12 words with your life. Think about what you would do to keep a seed or key secure.

Types of crypto backup solutions 

  • Paper backups – Write down private keys and seed phrases on a piece of paper and never save the information online. The information should start offline and stay offline forever. This is also the fastest lowest cost method for backups. 

  • Stainless steel and titanium backups – Archive private keys and seed phrases on metal rather than paper. Stainless steel and titanium have high melting points and reduce the risk of fire and water damage. There are many styles and types of metal backups. 

  • Safe deposit box – All backups should be duplicated and secured in one or more safe deposit boxes at one or more banks. It’s seems counterintuitive and ironic to secure self-custodied assets at a bank, but banks have a unique value proposition because the penalty for robbing a bank is so high, a safe deposit box in a bank vault is an extremely secure solution.
  • Safes – Just like a safe deposit box, all backups should be secured in your own dedicated crypto safe in one or more locations.

Staying informed

The crypto landscape is dynamic, with new developments and threats emerging regularly. Staying informed is crucial for effective risk management. 

“Information about crypto is more important than crypto itself.” - Kirk Phillips, CPA, CMA, CFE, CBP, founder of Crypto Bullseye Zone™

Education is the number one way to reduce risk and as stated above, investment management is the management of risks - not returns. 

How to stay informed

  • News and updates – Follow reputable crypto news sources like Coindesk and Cointelegraph.

  • Community engagement – Participate in crypto communities and forums to stay updated on trends and discussions. Discord is one of the primary tools used by crypto projects and provides many discussion topics and the best way to understand what’s happening with a project.

  • Education –Continuously educate yourself and your team on crypto technologies, market trends, and security best practices. This can not be overstated. Everything requires education, but like all things in crypto it’s a much higher level.

Crypto risk management is a complex and continuous process that requires a proactive and informed approach. By understanding the key risks and implementing effective mitigation strategies, you can protect your assets and navigate the crypto landscape more confidently. Whether you're an individual investor or a business, prioritizing risk management is crucial to achieving long-term success in the world of crypto.

Content Insight

This content has been created through a collaborative effort, combining the capabilities of artificial intelligence (AI) technology and the expertise of a seasoned professional with extensive experience in the crypto space. While AI played a role in generating portions of this material, it has been carefully reviewed, researched, and refined by a human expert to ensure accuracy, relevance, and a nuanced understanding of the subject matter. The information presented herein reflects a synthesis of AI-generated insights and the real-world knowledge contributed by the human expert, aiming to provide a comprehensive and well-informed perspective on the topic. Users are encouraged to verify details independently and seek advice from qualified professionals before making any financial or investment decisions.


Unlocking Security: A Comprehensive Guide to Crypto Password Management

How to Secure Passwords and Email
with The Bitcoin CPA

5 Security Habits for a
More Valuable Cryptocurrency Portfolio 



The Crypto Tax BlueprintTM Course 

Exchanges and wallets to complete tax return


Avoid pitfalls, eliminate headaches, and produce useful financial data. Never overpay or under report your taxes.

I Want This

Mastering Estimated
Tax & Payments 

Avoid getting rekt by
crypto taxes


Efficiently manage taxes to avoid penalties, interest and anxiety. AVOID getting tax rekt by mastering tax triggered from crypto gains and biz income.

I Want This

Crypto IRA & SEPs

Best-kept secret in crypto


Double down with a tax deduction and defer taxes at the same time plus the BONUS of NO gain & loss calculations or tax on gains.



Questions today's CPAs need to ask about tomorrow's blockchain↗

with Kirk Phillips, the Bitcoin CPA

Kirk Phillips, The Bitcoin CPATM on The Tatiana Show ↗


AICPA Updated Comments on IRS Notice 2014-21: Virtual Currency Guidance↗


Blockchain Adoption is Inevitable—Barriers and Risks Remain ↗



Membership helps ensure mistake-free cryptoTM

With a Crypto Bullseye membership you get full access to our crypto crash course library, plus 1:1 coaching with a crypto OG. Memberships provide the best value for mistake-free cryptoTM.

Bullseye Pro




  • Entire crypto crash course library included
  • Curated market monitoring, analysis & opportunities
  • Personalized insights on the crypto ecosystem
  • Weekly insights delivered to your inbox
  • Learn mistake-free crypto with proprietary system
Join Waitlist Now

Satoshi Insider



Includes everything in Bullseye Pro, PLUS:

  • One live kick start personal 1:1 strategy call
  • Monthly Crypto Bullseye insiders AMA & intel calls
  • Signed hardcover copy of The Crypto Tax Blueprint™
  • Discounts on other offers
Join Waitlist Now

Related Content 

UK Crypto Gambling

Deepfake Scams in Crypto: What You Need to Know

Sec. 6050I Crypto Crackdown (Part 1): 15 Days or Felony? $250K Fines

Minimize risk, maximize security. Subscribe to the latest intel.

Weekly blog from crypto OG TheBitcoinCPA