Securing crypto in Asia demands zero trust and zero knowledge

By Takanori Nishiyama

Recently, the Global Anti-Scam Summit (GASS) Asia 2025 organized by the Global Anti-Scam Alliance (GASA) concluded successfully in Singapore, with government agencies, law enforcement, regulators, and global technology leaders, including Amazon, Gogolook, Google, and Meta, convening to discuss anti-scam strategies and tactics through conference sessions and workshops.

Online scams and phishing attacks are escalating rapidly across the Asia-Pacific region, with cryptocurrency as a prime target. According to the Global Anti-Scam Alliance (GASA) Asia Scam Report 2024, consumers in Asia lost US$688.4 billion to scams in a single year, much of it driven by phishing, impersonation, and investment fraud. The Cyber Security Agency of Singapore (CSA) reports that cryptocurrency investment scams ranked among the top five scam types in 2024, costing tens of millions of Singapore dollars. In Japan, the National Police Agency (NPA) recorded over 3,500 cases of unauthorized access to online accounts, with crypto exchanges and wallets among the targeted services.

This threat landscape reinforces the urgency for stronger cybersecurity measures across both individuals and institutions. For users, the fundamentals remain critical: keep private keys offline in a reputable hardware wallet or secure vault, use strong and unique passwords for every account, enable multi-factor authentication, and stay vigilant against phishing attempts, especially those that create a false sense of urgency to transfer funds or share credentials.

Yet even the most security-conscious user is vulnerable if the platforms they rely on are not equally well-defended. For cryptocurrency platforms, implementing a zero-trust, zero-knowledge Privileged Access Management (PAM) framework is essential. PAM enforces the principle of least privilege, ensuring that no single administrator has unchecked authority and that all privileged actions are logged and auditable. Combined with zero-knowledge password management, this approach limits credential misuse, prevents lateral movement by attackers if a successful breach does occur, and strengthens resilience against insider threats.

In APAC, many cryptocurrency exchanges and platforms operate across multiple jurisdictions with differing regulatory requirements. Without a unified, scalable security framework, defenses can be inconsistent, leaving gaps for attackers to exploit. Integrating zero-trust PAM with identity platforms such as Microsoft 365 and Azure AD standardizes access controls while maintaining compliance with local laws.

Recent successes prove the value of coordinated action. Interpol’s ASEAN Cyberthreat Assessment highlights that joint law enforcement operations, paired with improved institutional security measures, have disrupted major scam networks in Southeast Asia. GASA also notes that industry-government collaboration is a key driver in preventing large-scale fraud.

In today’s high-risk environment, the credibility of the cryptocurrency industry depends on its ability to protect assets, preserve user trust and stay ahead of evolving threats. Combining vigilant users with resilient, zero-trust-enabled institutions is no longer a best practice – it is the minimum standard for participating in the digital economy. The APAC region has both the urgency and the opportunity to lead by example, setting a new benchmark for global crypto security.

(The author is the Senior Vice President for Asia-Pacific and Japan Country Manager of Keeper Security.)