Cryptocurrency Scams in New Zealand

Most crypto scams fall into two broad categories: those designed to get direct access to your wallet or login credentials, and those designed to convince you to send funds voluntarily. The methods below cover the most commonly reported patterns in New Zealand.

Phishing aims to capture the private key or login details for a wallet or exchange account. The most common version is a fake website or email that closely mimics a real exchange or wallet provider, prompting you to "log in" or "verify your wallet" on a page that simply records whatever you enter. A related and less visible technique, sometimes called clipper malware, runs in the background on an infected device and silently swaps a copied wallet address for the scammer's address the moment you paste it - meaning a transaction can go to the wrong destination even though everything else about it looks normal.

This scam usually starts with an unsolicited message, often on a dating app, social media, or messaging platform, that doesn't mention crypto at all at first. A relationship builds over days or weeks before the other party introduces a "trading opportunity" and a platform or app to use it on. The platform shows a real-looking dashboard with fabricated gains, encouraging larger deposits over time. The scam typically surfaces when the victim tries to withdraw funds and is told a "release fee," "tax," or "verification deposit" is required first - and that fee is never enough; another is always requested after it's paid.

Someone presents themselves as a financial advisor, fund manager, or "crypto expert" managing money on your behalf, often promising fixed or guaranteed returns. Anyone legally offering financial advice in New Zealand needs to be registered with the Financial Markets Authority - this can be checked directly on the FMA's register before sending any funds, and the absence of a registration is itself a strong warning sign.

A website or app built to closely resemble a real, established exchange - similar logo, layout, and domain name with a small variation - created purely to collect deposits. Withdrawals either fail with a vague error or are blocked behind a "fee" once a balance builds up.

A crypto project raises funds or capital, usually for a stated product, token, or platform, then the people behind it withdraw the project's liquidity and disappear. The token or project becomes worthless, and the team behind it is typically unreachable afterward.

A platform sells access to mining hardware or "hash rate" it claims to operate on a buyer's behalf, in exchange for an upfront payment and a promised ongoing return. In many reported cases, the platform doesn't operate the mining capacity it claims to, or operates at a fraction of the advertised scale, and stops paying out once enough upfront investment has been collected.

A follow-on scam aimed specifically at people who've already lost money to a scam. Someone, sometimes claiming to be a recovery specialist, a private investigator, or even a police officer, contacts the victim offering to recover the lost funds for an upfront fee. Genuine recovery of stolen crypto is uncommon and difficult even for law enforcement, and a service requiring payment before producing any result should be treated as very high risk.

Scammers impersonate celebrities, business figures, or industry commentators, often via fake social media accounts, offering to "match" or multiply any crypto sent to them. Scammers have also impersonated specific, named individuals from within New Zealand's crypto media and commentary space, including CNZ's own founder, Harry Satoshi, to approach people directly. CNZ does not initiate contact requesting funds or a seed phrase through any individual associated with the organisation - any message claiming otherwise is not genuine.

A message or call claims to be from a bank, IRD, the police, or a utility company, stating an account is frozen, a fine is owed, or a payment is overdue, with payment demanded in cryptocurrency. No genuine government agency, bank, or utility company will ever request payment in crypto.

A job listing, often for a remote "crypto converter," data-entry, or task-based role, asks the new hire to move funds between accounts or wallets as part of their duties, sometimes after an initial small, genuine-looking payment to build trust. These typically end with the worker's own funds, banking details, or wallet access being compromised.

• Never share a private key or seed phrase. No legitimate service, individual, or government agency will ever ask for one.
• Treat unsolicited investment opportunities, especially those promising guaranteed or rapid returns, as high risk by default.
• Check whether an investment manager or advisor is registered with the FMA before sending funds - fma.govt.nz maintains a public register.
• Check a company's registration status on the Companies Office register (companiesoffice.govt.nz) before dealing with an unfamiliar NZ-based platform.
• Be wary of anyone who builds a relationship online - romantic or otherwise - before introducing a trading platform or investment opportunity.
• Never pay an upfront fee to someone offering to recover funds already lost to a scam.
• Verify any message claiming your account is frozen or payment is owed by contacting the organisation directly through its official channels - not through a number or link provided in the message.
• Be cautious of job listings involving crypto transfers, particularly those with vague duties or unrealistic pay.

• Contact your bank immediately if you've sent funds via your bank or believe your banking details are compromised.
• Report to the National Cyber Security Centre (NCSC) - the agency formerly known as CERT NZ - via cert.govt.nz. They handle cybersecurity-related incidents including phishing and account compromise.
• File a report with Netsafe at netsafe.org.nz, or call 0508 638 723 (NZ only). Netsafe can advise on next steps and liaise with Police or Consumer Protection where relevant.
• Report investment-related scams to the FMA at fma.govt.nz, particularly where an unregistered advisor or fake platform is involved.
• Contact CNZ via contact@cryptocurrency.org.nz if you'd like to flag a scam pattern we should be reporting on, or are unsure where else to go.

• Understanding how wallets, private keys, and exchanges work makes it easier to spot when something doesn't match how the technology actually functions.
• Hardware wallets, two-factor authentication, and keeping private keys confidential are standard practices for reducing exposure to several of the scam types above.
• Scam techniques shift over time - checking NCSC's and Netsafe's current alerts periodically is a reasonable way to stay current.