Cryptocurrency security

What Is Cryptocurrency?

Cryptocurrency is a digital payment system that doesn’t rely on banks to verify transactions. It’s a peer-to-peer system that can enable anyone anywhere to send and receive payments. Instead of being physical money that is carried around and exchanged in the real world, cryptocurrency payments exist purely as digital entries to an online database that describe specific transactions. When you transfer cryptocurrency funds, the transactions are recorded in a public ledger. You store your cryptocurrency in a digital wallet.

Cryptocurrency got its name because it uses encryption to verify transactions. This means advanced coding is involved in storing and transmitting cryptocurrency data between wallets and to public ledgers. The aim of the encryption is to provide security and safety.

Cryptocurrency has been around since 2008, when Bitcoin and the technology that records its transactions, blockchain, were invented. In the last year Bitcoin has become extremely popular in the media and many other kinds of cryptocurrency have started or grown, such as Ethereum.

Your cryptocurrency is kept in a digital wallet and is accessed by having a private key, like a very strong password, to approve buying and selling. If someone else has your private key, it’s like giving someone access to your safe. It gives them free reign to sell or exchange the bitcoin to someone else.

There is risk with cryptocurrency as it’s decentralized, meaning there is no central authority guaranteeing the cryptocurrency.

How Secure Is Cryptocurrency?

Cryptocurrencies are usually built using blockchain technology. Blockchain describes the way transactions are recorded into “blocks” and time stamped. It’s a fairly complex, technical process, but the result is a digital ledger of cryptocurrency transactions that’s hard for hackers to tamper with.

In addition, transactions require a two-factor authentication process. For instance, you might be asked to enter a username and password to start a transaction. Then, you might have to enter an authentication code that’s sent via text to your personal cell phone.

While securities are in place, that doesn’t mean cryptocurrencies are un-hackable. In fact, several high-dollar hacks have cost cryptocurrency startups heavily. Hackers hit Coincheck to the tune of $534 million and BitGrail for $195 million in 2018. That made them two of the biggest cryptocurrency hacks of 2018, according to Investopedia.

Thieves targeting cryptocurrency

We have seen a big increase in the number of incidents relating to stolen cryptocurrencies or scams relating to cryptocurrencies, like Bitcoin. Most of the issues we’ve come across fall into one of two main categories cryptocurrency scams or stolen cryptocurrencies:

  1. Cryptocurrency investment scams – these scams operate by sending out emails, or setting up fake websites, which advertise cryptocurrency investment opportunities with attractive returns. Alternatively scams also offer direct sales of cryptocurrencies such as bitcoins, litecoins or other altcoins, which don’t result in any transfer once the victims have paid.

    Many of the scams we’ve seen use common techniques, such as creating a sense of urgency or promoting fake legitimacy to trick users. Be aware that any offers could be a scam, especially where contact is unsolicited, or where the offers are too good to be true.

  2. Stolen cryptocurrencies – these attacks use a fake website or trick you into downloading malicious software. They use these to get log-in details or private keys to transfer cryptocurrency into their accounts.

Things to look out for

Cryptocurrencies are held in digital wallets. You can look after your own digital wallet, or you can keep your cryptocurrency in an exchange’s wallet and they’ll look after it on your behalf.

    • Forgetting your wallet’s private key. If you forget your private key — which is basically the password for your wallet — you won’t be able to retrieve it anywhere. It’s generated specifically for you and you’re the only person who has access to it. And if you can’t log into your wallet, you can’t access any of the funds in it.
    • Consider your wallet storage options. It needs to be kept securely, either on your own device or with an exchange. If you prefer to use an exchange’s wallet services, look for a reputable one. If the exchange is targeted by a DDoS attack and goes down, or the business closes and goes offline, you’d lose your cryptocurrency, such as Bitcoin.
    • Cryptocurrencies are still relatively new technologies. It is a maturing market especially for the use of cryptocurrency wallets and cryptocurrency exchanges – investigate the technologies being used before committing any money.

Protect yourself

There are precautions you can take to look after your cryptocurrency. Below are some ways to keep yourself and your wallet more secure.

Two-factor authentication

2FA adds an extra security check on top of your password, making it an extra step harder for someone to access your wallet or exchange account. This can be a randomizing token or something only you have, such as a fingerprint.

Turn on two-factor authentication


Set a strong password to access your wallet and/or exchange account. We recommend using a passphrase, or a long and strong password, paired with 2FA with limit unauthorized access to your account.

How to create a good password


There are a number of issues which could mean you could lose your wallet, such as ransomware, your device breaks, or your wallet is deleted. Wallets which are used to store cryptocurrency must be backed up to offline storage. Test your backup so you know you can restore it if you need to.

Backing up data and devices

Minimize risk

A cryptocurrency wallet is the same as a normal wallet, where you only carry cash with you that you are willing to risk losing, rather than thousands of dollars. A solution to minimize risk would be to reduce the amount of money in your cryptocurrency wallet to an amount you are willing to lose and keep the rest in offline storage.


Ensuring that you have full disk encryption on all devices from laptop to mobiles, will reduce the risk that an attacker who has physical access to your device could extract your wallet while the device is powered off or locked.

Related articles and links

4 Common Cryptocurrency Scams and How to Avoid Them

Scam websites – what they are and how to spot them

How to report a website

How to identify and avoid fake apps

Top 6 online scams

Visit CERT NZ for more information. 
Visit ACSC for more information.