Cryptocurrency has been around since 2008, when Bitcoin and blockchain technology were invented. Since then, Bitcoin and many other kinds of cryptocurrency have started or grown. There are now over 4000 different cryptocurrencies available on the internet.
Cryptocurrency is kept in a digital wallet. To access this wallet, for buying or selling, you use a private key –a very long string of information that can’t be easily cracked.
Cryptocurrency can be used like any other form of currency, to buy or sell goods or services online.
CERT NZ is seeing an increase in the number of incidents relating to cryptocurrencies. These incidents have resulted in large financial loss. Most of the issues we’ve seen fall into one of two main categories: scams or theft.
- Cryptocurrency investment scams – these scams operate by sending out emails, or setting up fake websites, which advertise cryptocurrency investment opportunities with attractive returns.
Alternatively scams also offer direct sales of cryptocurrencies, such as Bitcoins, Litecoins or other altcoins (a term used to describe non-Bitcoin currencies). After the target has paid, the scammer doesn’t deliver the promised coins.
Many of the scams we’ve seen use common techniques, such as creating a sense of urgency or promoting fake currency to trick users. Be aware that any offers could be a scam, especially where contact with you was unsolicited or where the offers are too good to be true.
- Stolen cryptocurrencies – these attacks use a fake website or trick you into downloading malicious software. The attackers use these to get login details or private keys to transfer cryptocurrency into their accounts.
- A user clicks on an advert and downloads a program associated with cryptocurrency. Then the user tries to log in into their account via the application and it fails. When they check their wallet, via a different app, all their cryptocurrency has been removed. Due to the nature of the transaction, it cannot be retrieved or reimbursed.
- A user clicks a link in a phishing email which appears to be from the cryptocurrency exchange they use. When they enter their password and username for the exchange and refresh the page, they notice their wallet has been emptied.
Cryptocurrencies are held in digital wallets, secured by a private key. A private key is the same as a password and should be long, strong and unique.
You can look after your own digital wallet, or you can keep your cryptocurrency in an exchange’s wallet and they’ll look after it on your behalf.
It’s important to be aware of the following.
- Forgetting your wallet’s private key. If you forget your private key, you won’t be able to retrieve it anywhere. If you can’t log in to your wallet, you can’t access any of the funds in it.
- Consider your wallet storage options. It needs to be kept securely, either on your own device or with an exchange. If you prefer to use an exchange’s wallet services, look for a reputable one. If the exchange is targeted by a DDoS (denial-of-service) attack and goes down, access to your wallet will be temporarily unavailable. If the business closes and goes offline, you’ll lose your cryptocurrency.
- Cryptocurrencies and digital wallets are still relatively new technologies. It is a maturing market especially for the use of cryptocurrency wallets and exchanges – investigate the technologies being used before committing or storing any money.
The Financial Markets Authority highlights risks regarding cryptocurrencies
- They’re high-risk investments and highly volatile – the price can go up and down very quickly.
- They’re not regulated in New Zealand.
- Cryptocurrencies, crypto-exchanges and the people that use them are often the targets of hacking, online fraud and scams.
Cryptocurrencies External Link — Financial Markets Authority
Using cryptocurrency for purchasing non-fungible tokens (NFTs) is increasing in popularity. NFTs are certificates of ownership for unique digital items, such as art or music, that verify who owns it using the same blockchain technology as cryptocurrency. NFTs you purchase are kept in your wallet, along with your currency.
As NFTs become more popular, their appeal for attackers is also growing. NFTs come with similar risks to cryptocurrency. We are seeing more incidents reported, from unauthorised wallet access to scams via social media to fake investments.
If you are thinking of purchasing NFTs ensure you do your due diligence and be aware of the dangers. This includes the potential threats outlined below:
Decentralised Finance (DeFi) is an emerging financial technology that also uses crypto blockchain technology to undertake everyday financial transactions without traditional institutions such as banks and other regulators. It is an unregulated technology therefore it is open to similar risks as cryptocurrencies and NFTs.
There are precautions you can take to look after your cryptocurrency. Below are some ways to keep yourself and your wallet more secure.
Two-factor authentication (2FA)
2FA adds an extra security check on top of your password, making it harder for someone to access your wallet or exchange account. This can be a randomised token from an authenticator app or something only you have, such as your fingerprint.
Set a strong password (also known as a private key) to access your wallet and/or exchange account. We recommend using a passphrase, or a long, strong and unique password, paired with 2FA to limit unauthorized access to your account.
There are a number of issues which could mean you could lose your wallet, such as ransomware, your device breaking, or your wallet being deleted. Wallets which are used to store cryptocurrency must be backed up to offline storage. Test your backup so you know you can restore it if you need to.
A cryptocurrency wallet is the same as a normal wallet, where you should only carry cash with you that you are willing to risk losing. You can reduce the amount of money in your cryptocurrency wallet to an amount you are willing to lose and keep the rest in offline storage.
Ensure that you have full-disk encryption on all devices from laptop to mobiles. This will reduce the risk that an attacker who has physical access to your device could extract your wallet while the device is powered off or locked.