Cryptocurrency has been around since 2008, when Bitcoin and the technology that records its transactions, blockchain, were invented. In the last year Bitcoin has become extremely popular in the media and many other kinds of cryptocurrency have started or grown, such as Ethereum.
Your cryptocurrency is kept in a digital wallet and is accessed by having a private key, like a very strong password, to approve buying and selling. If someone else has your private key, it’s like giving someone access to your safe. It gives them free reign to sell or exchange the bitcoin to someone else.
There is risk with cryptocurrency as it’s decentralised, meaning there is no central authority guaranteeing the cryptocurrency.
The Financial Markets Authority warns of three risks regarding cryptocurrencies:
- They’re high risk and highly volatile – the price can go up and down very quickly
- They’re not regulated in New Zealand
- Cryptocurrencies, crypto-exchanges and the people that use them are often the targets of hacking, online fraud and scams
Thieves targeting cryptocurrency
We have seen a big increase in the number of incidents relating to stolen cryptocurrencies or scams relating to cryptocurrencies, like Bitcoin. Most of the issues we’ve come across fall into one of two main categories cryptocurrency scams or stolen cryptocurrencies:
- Cryptocurrency investment scams – these scams operate by sending out emails, or setting up fake websites, which advertise cryptocurrency investment opportunities with attractive returns. Alternatively scams also offer direct sales of cryptocurrencies such as bitcoins, litecoins or other altcoins, which don’t result in any transfer once the victims have paid.
Many of the scams we’ve seen use common techniques, such as creating a sense of urgency or promoting fake legitimacy to trick users. Be aware that any offers could be a scam, especially where contact is unsolicited, or where the offers are too good to be true.
- Stolen cryptocurrencies - these attacks use a fake website or trick you into downloading malicious software. They use these to get log-in details or private keys to transfer cryptocurrency into their accounts.
For example, recently someone clicked on an advert, which downloaded a program associated with cryptocurrency. They tried to login into their account via the application and it failed. They realised something was wrong when they checked their wallet to find all their cryptocurrency had been removed, which resulted in a loss of $100,000 NZD. It could not be retrieved or reimbursed.
In another case, someone clicked a link in a phishing email which appeared to be from the cryptocurrency exchange they use. When they entered in their password and username for the exchange and refreshed the page, they noticed their wallet had been emptied. This resulted in a loss of $10,000 NZD.
Things to look out for
Cryptocurrencies are held in digital wallets. You can look after your own digital wallet, or you can keep your cryptocurrency in an exchange’s wallet and they’ll look after it on your behalf.
- Forgetting your wallet’s private key. If you forget your private key — which is basically the password for your wallet — you won’t be able to retrieve it anywhere. It’s generated specifically for you and you’re the only person who has access to it. And if you can’t log into your wallet, you can’t access any of the funds in it.
- Consider your wallet storage options. It needs to be kept securely, either on your own device or with an exchange. If you prefer to use an exchange’s wallet services, look for a reputable one. If the exchange is targeted by a DDoS attack and goes down, or the business closes and goes offline, you’d lose your cryptocurrency, such as Bitcoin.
- Cryptocurrencies are still relatively new technologies. It is a maturing market especially for the use of cryptocurrency wallets and cryptocurrency exchanges – investigate the technologies being used before committing any money.
CERT NZ recommends you get advice before making financial decisions.
Read the Financial Markets Authority advice: https://fma.govt.nz/investors/ways-to-invest/cryptocurrencies/ External Link
There are precautions you can take to look after your cryptocurrency. Below are some ways to keep yourself and your wallet more secure.
2FA adds an extra security check on top of your password, making it an extra step harder for someone to access your wallet or exchange account. This can be a randomising token or something only you have, such as a fingerprint.
Set a strong password to access your wallet and/or exchange account. We recommend using a passphrase, or a long and strong password, paired with 2FA with limit unauthorized access to your account.
There are a number of issues which could mean you could lose your wallet, such as ransomware, your device breaks, or your wallet is deleted. Wallets which are used to store cryptocurrency must be backed up to offline storage. Test your backup so you know you can restore it if you need to.
A cryptocurrency wallet is the same as a normal wallet, where you only carry cash with you that you are willing to risk losing, rather than thousands of dollars. A solution to minimise risk would be to reduce the amount of money in your cryptocurrency wallet to an amount you are willing to lose and keep the rest in offline storage.
Ensuring that you have full disk encryption on all devices from laptop to mobiles, will reduce the risk that an attacker who has physical access to your device could extract your wallet while the device is powered off or locked.