Your HitBTC account comes with an entire security control center. Please familiarize yourself with them and then make the appropriate selections to stay safe.
Email notifications about new IP logins
If or when you or someone else logs into your account from a new IP address, you will receive an email notification from us. Please check your inbox regularly.
Terminating all sessions
Once you click the “Terminate all sessions” button, potential intruders will be immediately logged out of your account. All active sessions, except yours, will be terminated.
To use this feature, please open the "Security" tab on your Settings page and click the “Terminate all sessions” button.
Automatic logout
To enable Automatic logout, please open the "Security" tab on your Settings page and click on the drop-down menu to pick the preferred time period after which you will be automatically logged out.
Latest activity
At HitBTC you can keep track of recent activities on your account. Go to the "Security" tab on your Settings page. You will see that this is where all sign-ins, password changes, 2FA enabling/disabling, money withdrawals, and other important events are recorded.
Whitelisting withdrawal addresses
This feature on HitBTC lets you create a list of permitted addresses to which your funds can be withdrawn. This vital tool prevents withdrawals to foreign addresses in the unfortunate event that your account or email address are compromised. We strongly recommend that you take advantage of it to introduce another layer of protection for your funds (in addition to 2FA and confirmation emails).
Security tips
- Password
We recommend that you choose a good, strong password. By “Strong” we mean unique and brute-force protected. Please stay away from using common words, dates, names, etc. as your password: a complex combination of letters, numbers, special characters, and upper and lower case works best. The most secure option is a randomly generated password that is stored in a reliable password manager (we highly recommend KeePass). It is also a very good idea to get in the habit of changing your password every few weeks. It would also be very wise NOT to reuse your password in other places, such as your email and any other websites.
Keep your password safe and do not share it with anyone, not even with us, and never send it to third parties in any type of message. And remember: we will never, ever ask you to disclose it! If someone is asking you for your HitBTC password claiming to be our support team representative, this is a clear sign that you're dealing with a fraudster.
- Devices
Keep all your working devices well organized. Make certain that you know what software and why is installed on them. In the best scenario, you'd have a separate dedicated computer for trading that will be free of any applications that are not related to trading.
It is useful to have Linux operating system installed on your trading computer or work on a Mac: even though this can't ensure your 100% security, it greatly lowers the risks.
It is best to stay away from any plugins, especially if they are just recently launched: some of them may be malware trying to collect your passwords. It is best NOT to save your passwords in your browser.
The same goes for browser extensions from unknown developers: they may very well be malware capable of stealing your personal data, capturing your payment details, or even to stealthily swapping your own deposit addresses with the hacker’s address.
Make sure to maintain the same high level of security on your phones, tablets, or any other devices that store your 2FA codes and passwords. If these features are available on your device, we recommend that you enable fingerprint and remote erase in case your phone is lost.
We suggest that you do not share your phone with anyone, especially your children. Regularly uninstall and clean swipe all applications that you no longer use, upgrade your iOS or Android operating system to the latest edition, and please resist the temptation to jailbreak your phone if you are not a pro (and even if you are a pro, please do think twice before attempting it!).
It is a very good idea to create a dedicated email address for your trading. Gmail is a dependable option. Please make sure to enable the 2-step authentication, so that if your mailbox is accessed from an unknown device or IP address you’ll get notified.
Under no circumstances should you open random, unanticipated attachments, especially if they include files of unfamiliar or unknown type or documents that you have not been expecting. Do not ever follow any unexpected links that come to you in an email. If you have to, please make certain you know why you are clicking it: for example, if you have just registered an account with HitBTC and we are asking you to confirm your email address and enable the 2FA, please always check the From line.
If the message came from [any mailbox title]@hitbtc.com (not “hlt”, not “heet” etc.), it is probably a legitimate sender. But do pay attention: one letter difference in the domain name can mean that you're being scammed.
Please check your trading email regularly. If or when your account is accessed from a new IP address, we will notify you via email immediately. We will also send you email notifications of any other major events, such as withdrawals. Watch out for these notifications: they will help you promptly discover unauthorized activities on your account.
- Phishing websites.
Even though new scams and fraud schemes are being devised every day, the old traps still work as well as ever: people trustingly follow links that may look somewhat familiar that lead them to the websites they seem to recognize but they are actually fake.
HitBTC uses only one URL, and it is hitbtc.com. No matter how closely any other address resembles the legitimate one, if it is not hitbtc.com it is definitely a phishing website. Always be on the lookout for any potential "clones." Do not, ever, enter your login and password if you have even the slightest doubt about the authenticity of the website you just accessed. The best option is to enter HitBTC's address manually every time or just bookmark it and use the legitimate link.
Please get in touch with HitBTC Support right away if you believe you have received a questionable message or noticed suspicious activity. We monitor and quickly react to all phishing activities, and we will greatly appreciate your help.
- Contacting support
At this time HitBTC does not offer phone or voice support. Please keep in mind that any phone line that may be advertised as belonging to HitBTC support is not legitimate; hang up any phone calls from anyone who may be claiming to be representing HitBTC.
The only way to get in touch with HitBTC is via contacts published in the “Contacts” section of our website. If in doubt, please reach out to our support team before you send an email message or chat to someone on Facebook or Twitter claiming to represent us.
Last but not least: HitBTC under no circumstances will ask you to send any money to gain access to any lottery or contest. Please be vigilant, protect your account and funds with the tried and true steps we suggest. Pay full attention to what you do online and in the real world, and use secure networks.