Work and transact online
Kia haumaru te moni whitirangi

Keep cryptocurrency secure

Cryptocurrency is digital currency that can be used to buy or sell goods or services online, like any other form of currency. Find out how to keep cryptocurrency safe from scams or theft.

What it is

Cryptocurrency is digital currency. There's no bank or government involved – instead, cryptocurrency is kept in a digital wallet and transactions are recorded using blockchain technology. There are over 4,000 different types of cryptocurrency available online, including Bitcoin.

Cryptocurrency can be used to buy or sell goods or services online like any other form of currency. To access your wallet, you use a private key – a very long string of information that can’t be cracked easily.

Related technologies

Non-fungible tokens (NFTs)

NFTs are certificates of ownership for unique digital items, for example art or music, that verify who owns it using the same blockchain technology as cryptocurrency. NFTs you purchase are kept in your wallet, along with your currency.

NFTs have similar risks to cryptocurrency.

Decentralised Finance (DeFi)

Decentralised Finance (DeFi) is a new financial technology that uses crypto blockchain technology to make financial transactions without traditional institutions such as banks and other regulators. DeFi is an unregulated technology, so it also has the same kinds of risks as cryptocurrency and NFTs.

The risks

We've seen an increase in the number of scams and theft targeting cryptocurrencies. These scams can result in large financial loss.

Cryptocurrency investment scams 

These scams:

  • send out emails, or set up fake websites, advertising cryptocurrency investment opportunities with attractive returns
  • sometimes also offer direct sales of cryptocurrencies, such as Bitcoins, Litecoins or other altcoins (a term used to describe non-Bitcoin currencies) – but then after the target has paid, the scammer doesn’t deliver the promised coins
  • often use common scam techniques to trick users – for example, creating a sense of urgency or promoting fake currency.

Be aware that any offers could be a scam, especially if you're contacted out of the blue or if the offers are too good to be true.

Stolen cryptocurrencies

These attacks use a fake website to trick you into downloading malicious software. The attackers use the software to get login details or private keys to transfer cryptocurrency into their accounts.

For example:

  • You click on an ad and download an app related to cryptocurrency. You try to log in into your account through the app and it fails. When you check your wallet in a different app, all your cryptocurrency has been removed.
  • A user clicks a link in a phishing email which appears to be from the cryptocurrency exchange they use. When they enter their password and username for the exchange and refresh the page, they notice their wallet has been emptied.

Forgetting your wallet’s private key

If you forget your private key, you won’t be able to retrieve it anywhere. If you can’t log in to your wallet, you can’t access any of the funds in it.

Wallet storage issues

Your cryptocurrency wallet needs to be kept securely, either on your own device or with an exchange. If you prefer to use an exchange’s wallet services, look for a reputable one.

If the exchange:

  • is targeted by a DDoS (denial-of-service) attack and goes down, access to your wallet will be temporarily unavailable
  • closes its business and goes offline, you’ll lose your cryptocurrency.

Cryptocurrencies — Financial Markets Authority

How to protect yourself

  • Use a strong, unique password

    Set a strong password (also known as a private key) to access your wallet and/or exchange account. We recommend using a , or a long, strong and unique password, paired with to limit to your .

    How to create good passwords

  • Set up two-factor authentication (2FA)

    2FA adds an extra security check on top of your password, making it harder for someone to access your wallet or exchange account. This can be a randomised token from an authenticator app or something only you have, such as your fingerprint.

    Use two-factor authentication to protect your accounts

  • Maintain a back-up

    Wallets which are used to store cryptocurrency must be backed up to offline storage to protect you from losing your wallet if anything goes wrong – for example, if you're targeted by ransomware, your device breaks or your wallet is accidentally deleted.

    Test your backup so you know you can restore it if you need to.

    Back up your data and devices

  • Store some of your cryptocurrency offline

    Follow the same rules for your cryptocurrency wallet as you would a normal wallet, and only carry cash in it that you're willing to risk losing. We recommend you keep the rest in offline storage.

  • Set up encryption

    Ensure that you have full-disk on all devices from laptop to mobiles. This will reduce the risk that an attacker who has physical access to your device could extract your wallet while the device is powered off or locked.

Potential threats with the NFT trading process diagram

View long description

There are potential threats with the NFT trading process.

1. Advertisements and promotions: Protect from investment scams by being wary of any investments that offer high returns or seem too good to be true, and do due diligence around any cryptocurrency-related investments.

2. Buying NFTs: There is a risk of being scammed when buying an NFT. Like buying from an unknown website, NFTs come with the same risks that you may not get what you’ve paid for, it could be different to what’s advertised, be stolen or fraudulent.

3. Unauthorised access of your digital wallet: Protect your digital wallet by making sure you are the only one with your private key, and don’t share I with anyone. Secondly, turn on two-factor authentication to keep malicious actors out.

4. Selling NFTs: There is a risk of being scammed when selling an NFT.

Get help

You can report an online issue or security incident to us at CERT NZ.

Get help now