Since the inception of Bittrex, we’ve focused on providing a reliable and secure trading platform for our customers. We want our customers to have a trading experience that is safe, secure and fraud-free. Unfortunately, cybercriminals are always looking for ways to try to take advantage of customers by accessing data and assets. Here are some of the quick and easy ways to help keep yourself secure. We recommend using the additional security features that Bittrex has implemented in order to keep your account even more secure.
Keep yourself secure with these tips:
1. Be smart with your passwords
So many passwords, so little time. Research the top password managers to determine which one is best for you. Once you set it up, you’ll be able to manage various login credentials and generate ultra-secure passwords. These will help keep your account more secure. Additionally, you’ll want to protect your password resets and use strong secret questions (versus ones that someone could find answers to online).
- Set up a password manager to manage your passwords and protect it with two-factor authentication. Be sure to choose a provider that allows non-SMS based 2FA.
- Use unique and complex passwords for all your accounts.
2. Avoid Scams
No one wants to fall for a scam. But sometimes all it takes is one click when you aren’t paying attention to realize you’ve opened yourself up to fraudsters. Find out which common scams are making the rounds and how to spot them.
- Be careful who you trust. If you receive an email or social media message, think before you click.
- Verify the source of the sender and if it looks like it’s from us, always go to Bittrex.com directly to log in.
- Never click on links from unknown sources.
- Don’t give out your account information (username, password, 2FA code, email address/password).
- Never allow someone to remote access your computer..
3. Be mindful about what you share online
It’s easy for someone to impersonate you if you share more details about yourself online. Be careful of the personal details you share like email addresses, trading platforms you use, birthday, phone numbers, etc. Impersonators can use the data you share online to try to impersonate you and attempt to gain access into your banking, mobile phone, credit card, trading platforms and other accounts. The more you share, the more likely it is someone could impersonate you.
Keep your Bittrex account secure with these tips:
All it takes is a couple minutes, just a few simple steps, and your account is much harder for cybercriminals to access. We’ve implemented these security features to help keep your account safe.
1. Enable two-factor authentication
By setting up two-factor authentication (2FA) on your account, you are adding an extra layer of security to ensure that you’re the only person who can access your account, using devices you trust, like your smartphone, which never leaves your side. This provides protection to your account if someone might know your password. Follow these steps to set up 2FA on Bittrex. You can also use 2FA to keep other sites secure like your email or social media accounts, which we also highly recommend to prenable two-factor authentication on your Bittrex and email accounts by going to <settings> and selecting <Two-Factor Authentication>
- Enable two-factor authentication on your email account.
- Avoid SMS (text) 2FA whenever possible. Use Google Authenticator or another device-based, one-time password authentication.
2. Protect your account with IP and crypto address whitelisting
We support whitelisting of IP addresses and crypto addresses. These two features are a great way to protect your account in the event that you lose your credentials or API keys. These are both opt in features that you will need to enable and require 2FA to update.
IP whitelisting: By setting one or more whitelisted addresses, you are telling Bittrex to only authorize trades or withdrawals from those IPs. This includes both the bittrex.com web interface and API based trades or withdrawals.
Crypto address whitelisting: By setting a withdrawal address on a digital currency, you are telling Bittrex to only authorize withdrawals to that address. This includes both the bittrex.com web interface and API based withdrawals. Note that when opting into this feature, you must specify a withdrawal address for every digital currency you would like to place a withdrawal from.
3. Restrict access to API keys
Always be careful when sharing data through a third-party API. It could be a website or app. Anytime you do trading through a third-party app (even one downloaded by Android or ApAlways look at the app reviews to see whether they are a trusted resource.
- For those more tech savvy, look at the open source to review the code to ensure there’s not anything questionable.
- See how long the app has been in use. Don’t use an app that just launched with 0 reviews.
- By giving your API key to someone else, you are putting your account at risk.
4. Monitor your account activity
It’s smart to always keep an eye on your Bittrex account and monitor your transaction history. Bittrex will only display up to 28 days of trading history for you to view. By navigating to <settings>, then <my activity>, you can view recent user activity which shows when you last logged in and with what IP address. To pull the most recent data, click on <orders> on the homepage and select <download history, withdrawal history or deposit history > to view your records.
- Monitor your account activity to make sure no unauthorized trades occur.
- View your deposit and withdrawal history: Click on <Holdings>, then
- Download your full trading history by clicking on <orders>, then <download history>.
What steps should I take if my account is hacked?
If it appears that your account has been compromised, then you’ll want to disable your account and open a support ticket immediately with as much detail as you can provide. In the event funds were stolen, you can file an FBI report. They have resources to coordinate and investigate these reports. Bittrex can provide log in history information for your account upon request.
- Disable your account using the <disable my account> link in the Bittrex Login Notification email.
- Open a support ticket and provide details
- If funds were stolen, file an FBI report.