Luno will keep your cryptocurrency safe but only you can protect your wallet from being accessed by intruders. If your sign-in details are stolen and used to steal Bitcoin or Ethereum from your Luno wallet, there is nothing you or Luno can do to get it back.

That’s why we’ve written this list of good practices to help you keep your wallet safe.

Be vigilant of malware

A recent malware called Alien specifically targeting Android users illustrates just how adventurous hackers can be.

Malware (short for malicious software) is any type of software (viruses, trojan horses, rootkits, etc.) intentionally designed to cause damage to a computer, server, client or computer network. There are many ways in which attackers might try to trick you into installing malware, and the best way to stop their adventuring is to avoid getting infected in the first place.


Think twice before clicking links or downloading anything, and never install apps from suspicious sites and grant the app admin rights. Always install apps from official app stores.

Be vigilant of phishing


When navigating to the Luno website, make sure the website address (or URL) is the legitimate address. If you see anything else in the address bar on top of your browser, leave the site immediately and report it to us by sending a screenshot to us in a support ticket. We’ll try to have the fake site shut down. 


Make sure whenever you receive an email from Luno that it was truly sent by Luno. Check the origin of any email before interacting with any of the links – you can do this by double-checking the sender’s address.

If you do receive a phishing email, do not interact with any of the links in the message. Your email provider should have a “report as phishing” option. Use it.

Phone calls

Be vigilant when receiving phone calls and always ascertain who’s calling you. A tactic that phishers employ is to masquerade as a legitimate entity in order to gain access to your account.

When calling, we may ask you some security-related questions in order to verify your identity.

We will never ask you for the following:

  • Your password

  • Your banking details

  • Your two-factor authentication codes

  • Your OTP pin

  • Authorisation links

Stay alert

Read any notifications sent by Luno and report any activity that looks suspicious as quickly as possible to us. 

Tags are a recent feature we’ve rolled out in the Security Centre. If a new device signs in to your account, or a new API key is created on your account, you’ll notice a notification icon displaying a “New” tag next to the Security Centre menu item. This update enables you to see at a glance if there has been any new activity on your account. It is especially useful to see if an attacker has gained access to your account. If you notice a “New” tag displaying in your Luno account and you have not signed in from a new device or added a new API key, you have the ability to deactivate that device or revoke the newly-created API key. 
The notification tags will disappear once you proceed into the Active Device or API items in the menu.

Two-factor authentication

This is such a powerful security measure, it shouldn’t be regarded as optional. With enough time and computer power any password can be guessed.

We’ve written a piece to help you in setting up your two factor authentication security in the Security Centre.


Bitcoin is popular and high on the list of things hackers want to steal from you. It’s extremely important you use a strong password. Not only must your Luno password be strong, it must be unique.

If you’re using the same password on your Luno account as your email or your social media accounts, then you’re basically betting the keys to your Bitcoin wallet on you never having clicked on a phishing link.

To protect yourself even further, it’s good practice to use a Password Manager, which allows you to create and remember secure passwords.
It’s good practice to update your password regularly. Here’s how:

Step 1 Sign in to the Luno app or website, go to Menu and then Security Centre

Step 2 Select Password, on this screen you can update your password

Step 3 Now enter your four-digit Luno pin and then once again to confirm the password update

Step 4 Success! You have reset your password. You will receive an SMS to confirm the change

Active Devices

This feature in Security Centre gives you the control to see which devices are currently being used to access your Luno account. Here you have the ability to deactivate any suspicious devices that you may not recognise. As we covered above, be sure to look out for notification tags that may flag an unauthorised active device. 

API Keys

An application programming interface key, or API key, is a unique key that allows a program to gain access to your Luno account. Should you wish to view or manage your API key, you can do this in the Security Centre.


You can read more about API keys here.

Biometrics and Touch ID / Face ID

This feature gives you the option to set up biometric authentication (Touch ID or Face ID if you use iOS) for various security features within your Luno account, such as unlocking your app and authorising certain actions.

Secure your email

Luno will interact with you through your email. This is our way of communicating with you. If criminals have access to your email, you are at risk.

Here’s a few things you can do:

  1. Use a unique and strong password.
  2. It's recommended to update your password frequently. A strong password is at least 14 characters in length and contains a mix of letters, numbers and special characters.
  3. Set up two-factor authentication for your email
  4. Most email providers support Google Authenticator or even SMS security. Check your settings.
  5. Check your forwarding settings to make sure.
  6. Attackers will sometimes gain access to your email. They’ll remain stealthy. Without your knowledge, they set up a forwarding address to have all your incoming mail forwarded to them. They wait until the opportunity arises to steal from you. In this way, your Bitcoin can be stolen even if your account was compromised months ago. Check your mail forwarding settings and make sure there aren’t any unknown devices logged into your mail.
  7. If you signed up to Luno using a Gmail address, here are some additional resources for you:

In summary, no time spent on improving security is ever wasted. We know adding security means less convenience, but we’ll have peace of mind knowing you have peace of mind. Stay safe, and feel free to reach out to us if you have any security related questions. We’re here to help.