Blockchain transactions are not reversible. It means that once funds have been sent, there is no way to return them or to determine the receiver.
That is why it is necessary to protect your account from intruders.
Set up strong password
Strong means unique and brute force protected. Please don't use simple words, dates, names etc. as your password. Also it is a good idea to change your password every few weeks.
It's important to keep your password safe and not disclose it to anyone, even to us. We won't ever ask you to reveal it!
Enable 2-factor authentication
This is an absolutely vital security feature. In case anyone gets to know your password, he simply wouldn't be able to use it. Read more about how it generally works.
In order to set up 2FA on your HitBTC account, you would need to open the ‘Settings’ page in the upper right corner of the website and switch to the 'Security' tab. Make an acquaintance with the detailed instructions.
Be careful. Follow simple safety rules
- Keep it clean and clear – be sure that you know what is installed on your machine. Ideally, have a dedicated computer for trading and do not install any applications that are not relevant to trading.
- Getting Linux installed on your trading computer or just having a Mac is a good idea – does not guarantee you 100% safety but significantly reduces risks.
- Do not install any plugins, especially those new to the market, they can easily turn out to be password-collecting malware. Avoid saving your passwords in your browser.
- Browser extensions from unknown developers can easily turn up to be malwares. They could be used to steal your personal data, intercept your payment details or even to simply replace your own deposit addresses on a web page with hacker’s address.
The same level of security should apply to your phone or tablet or any other device which stores your 2FA code and passwords. Enable fingerprint (if available) and remote erase in case the phone is lost. Do not share your phone with anyone, especially your children. Wipe out all the applications that you do not use, upgrade your iOS or Android to the latest version, and please do not jailbreak your phone if you are not a pro (maybe think twice if you are a pro).
Do NOT install any applications advertised as HitBTC: as of March 2018, HitBTC is available only in a mobile browser mode, you can access it by Chrome mobile, Firefox mobile, Safari mobile or Opera for mobile phones.
You do not jeopardise yourself by simply using Wifi. Unless you do not connect to the network from a country with forcibly installed, state-owned SSL certificates, your data is transferred using the latest generation of SSL. If you still feel concerned about your safety, use VPN.
- Do NOT use same passwords twice, especially for your email and any other website. The most secure option is a combination of a randomly generated password and a trusted password manager, we recommend KeePass.
- Do not tell anybody your password or send it to third parties in any type of message. The only person who needs your password is yourself – a HitBTC Support member will never ask for it.
We ask you to enable 2FA when you register at HitBTC because your security is our top priority. Please be sure that you enabled it.
Whitelist of withdrawal addresses
This brand new feature lets you create a list of approved addresses to withdraw your funds to. It is a great tool to prevent a withdrawal to an unknown address in case your account gets compromised. Even if your email gets compromised as well. Perfect way to triple secure your funds (in addition to 2FA and confirmation emails).
Learn how to use it here.
We recommend you setting a separate email address for trading. Gmail is a basic reliable option. Do not forget the 2-step verification – so if your mailbox is accessed from an unknown device you’ll get notified.
Using your email
- Never open any attachments – especially if it’s any kind of unknown file type or documents/ files you haven’t requested.
- Never click any external links sent to you in emails. Or, if you have to, make sure you know why you are clicking – for example, you have just registered and we ask you to confirm the email and enable the 2FA. When receiving this type of email, please check the From line. If it is anything@hitbtc (not hlt, not heet etc), it’s most probably a verified sender. See? – one letter can change everything.
- Keep track on your inbox. Once your account is accessed from a new IP, a proper notification is sent to your email. Also major events (like withdrawals) are communicated via email. Mind such notifications, they will help you detect illegitimate activity as fast as possible.
There are some new sorts of scam but old tricks work pretty well: people click the links that look like something they know which lead them to a website looking like something they know.
The one and only URL for HitBTC is hitbtc.com, any other URL is a phishing site. Do not trust lookalikes, do not enter your login and password if you have doubts about the website you just clicked. The best option would be to simply bookmark the legitimate HitBTC page.
And do not hesitate to contact HitBTC Support if you think you received a suspicious message or noticed a suspicious activity. We monitor phishing activities, and your help is much appreciated.
At the moment, HitBTC doesn’t not have phone or voice support. Please do not call any line advertised as HitBTC support and abort any phone conversation with anyone introducing themselves as a HitBTC support team rep.
The only HitBTC contacts are those you see on the website, in the “Contacts” section. If you are in doubt, please contact support before you send an email message or chat to someone on Facebook or Twitter.
Last but not least: HitBTC NEVER asks you to send any money to participate in any contest or lottery. Please be careful, protect yourself with simple yet reliable tools, pay more attention to the actions you take both online and offline, use safe networks.
Made sure that your account is safe? It's time to initiate your first deposit!