Blockchain transactions are irreversible, which means that once funds have been sent, there is no way to return them.
This make account security a lot more important to prevent intruders from taking control of your cryptocurrency holdings. Below are some steps to help you secure your account.
Set up a strong password
Strong means unique and brute force protected. Please don't use simple words, dates, names etc. as your password. We know that remembering loads of passwords can be difficult, so setting up a password manager could greatly enhance your password security.
Keep your passwords safe and don't disclose them to anyone, not even to us. We won't ever ask you to reveal your password! Enable 2-factor authentication
This is an absolutely vital security feature. Even if someone managed to find out your password, 2FA prevents them from logging into to your account. Read more about the importance of 2-factor authentication here.
To set up 2FA on your account, open the ‘Settings’ page in the upper right corner of the website and switch to the 'Security' tab, where you will find the option to add a 2-FA device.
- Keep them clean and clear – be sure that you know what is installed on your devices.
- Getting Linux installed on your trading computer or just having a Mac is a good idea, as it can significantly reduce risks.
- Don't install any plugins when you are not absolutely sure that they are safe.
- Browser extensions from unknown developers can easily turn out to be malware. They can be used to steal your personal data, intercept your payment details or even to simply replace your own deposit addresses on a web page with a hacker’s address.
The same level of security should apply to your phone or tablet or any other device which stores your 2FA code and passwords. Enable fingerprint lock (if available) and remote erase in case yo lose your phone. Don't share your phone with anyone, especially not with children. Wipe out all the applications that you don't use, upgrade your iOS or Android to the latest version, and please do not jailbreak your phone if you are not a pro (maybe think twice if you are a pro).
In general, we advise you to not use public WiFi when transferring money or logging into your accounts.
Unless you do not connect to the network from a country with forcibly installed, state-owned SSL certificates, your data is transferred using the latest generation of SSL.
If you still feel concerned about your safety, you can use a VPN.
White-listing withdrawal addresses
This brand new feature lets you create a list of approved addresses to withdraw your funds to. It is a great tool to prevent a withdrawal to an unknown address in case your account is compromised. This is a perfect way to triple secure your funds (in addition to 2FA and confirmation emails).
We recommend you to set up a separate email address for trading. Gmail is a basic reliable option. Don't forget the 2-factor verification – so as soon as your mailbox is accessed from an unknown device you’ll get notified.
Using your email
- Never open any attachments from unknown sources– especially if it’s any kind of unknown file type or documents/files you haven’t requested.
- Never click any external links sent to you in emails without being sure of their source. If you do, make sure you know why you are clicking – for example, you have just registered and we ask you to confirm the email and enable 2FA. When receiving this type of email, please check the From line. If it is firstname.lastname@example.org, it’s most likely a verified sender. – one letter can change everything.
- Keep track of your inbox. Once your account is accessed from a new IP, a proper notification is sent to your email. Other major events (like withdrawals) are communicated via email. Mind such notifications as they will help you detect illegitimate activity as fast as possible.
There are some new scams out there but old tricks still work pretty well: people click links that look like something they know which then leads them to a replica website.
The one and only URL is exchange.bitcoin.com, any other URL is a phishing site. Do not trust lookalikes, do not enter your login and password if you have doubts about the website you just landed on. The best option would be to simply bookmark the legitimate page.
Don't hesitate to contact our Support if you think you received a suspicious message or noticed any suspicious activity. We monitor phishing activities, and your help is much appreciated.
At the moment, we do not have phone or voice support. Please do not call any line advertised as bitcoin support and abort any phone conversation with anyone introducing themselves as a bitcoin support team rep.
The only bitcoin contacts are those you see on the website, in the “Contacts” section. If you are in doubt, please contact support before you send an email message or chat to someone on Facebook or Twitter.
Last but not least: we will NEVER ask you to send money to participate in any contest or lottery. Please be careful, protect yourself with simple yet reliable tools, pay more attention to the actions you take both online and offline and use safe networks.
Made sure that your account is safe? Then, it's time to make your first deposit!