Secure your trading: simple steps

The world of crypto, relatively young and growing so fast, has become very attractive to cheaters of all types. Some of their tricks are as old as the internet itself – but still thousands of users get attacked every day. So we put together a list of the most common cases to help you keep your trading safe. Please read the following carefully: some threats may hide in common actions, daily used services and even your mobile phone.

Your Devices

  • Keep it clean and clear – be sure that you know what is installed on your machine. Ideally, have a dedicated computer for trading and do not install any applications that are not relevant to trading.
  • Getting Linux installed on your trading computer or just having a Mac is a good idea – does not guarantee you 100% safety but significantly reduces risks.
  • Do not install any plugins, especially those new to the market, they can easily turn out to be password-collecting malware. Avoid saving your passwords in your browser.
  • Browser extensions from unknown developers can easily turn up to be malwares. They could be used to steal your personal data, intercept your payment details or even to simply replace your own deposit addresses on a web page with hacker’s address.

The same level of security should apply to your phone or tablet or any other device which stores your 2FA code and passwords. Enable fingerprint (if available) and remote erase in case the phone is lost. Do not share your phone with anyone, especially your children. Wipe out all the applications that you do not use, upgrade your iOS or Android to the latest version, and please do not jailbreak your phone if you are not a pro (maybe think twice if you are a pro).

Do NOT install any applications advertised as HitBTC: as of March 2018, HitBTC is available only in a mobile browser mode, you can access it by Chrome mobile, Firefox mobile, Safari mobile or Opera for mobile phones.


You do not jeopardise yourself by simply using Wifi. Unless you do not connect to the network from a country with forcibly installed, state-owned SSL certificates, your data is transferred using the latest generation of SSL. If you still feel concerned about your safety, use VPN.


  • Do NOT use same passwords twice, especially for your email and any other website. The most secure option is a combination of a randomly generated password and a trusted password manager, we recommend KeePass.
  • Do not tell anybody your password or send it to third parties in any type of message. The only person who needs your password is yourself – a HitBTC Support member will never ask for it.


We ask you to enable 2FA when you register at HitBTC because your security is our top priority. Please be sure that you enabled it.


We recommend you setting a separate email address for trading.  Gmail is a basic reliable option. Do not forget the 2-step verification – so if your mailbox is accessed from an unknown device you’ll get notified.

Using your email

  • Never open any attachments – especially if it’s any kind of unknown file type  or documents/ files you haven’t requested.
  • Never click any external links sent to you in emails. Or, if you have to, make sure you know why you are clicking – for example, you have just registered and we ask you to confirm the email and enable the 2FA. When receiving this type of email, please check the From line. If it is anything@hitbtc (not hlt, not heet etc), it’s most probably a verified sender. See? – one letter can change everything.
  • Keep track on your inbox. Once your account is accessed from a new IP, a proper notification is sent to your email. Also major events (like withdrawals) are communicated via email. Mind such notifications, they will help you detect illegitimate activity as fast as possible.

Phishing websites

There are some new sorts of scam but old tricks work pretty well: people click the links that look like something they know which lead them to a website looking like something they know.

The one and only URL for HitBTC is, any other URL is a phishing site. Do not trust lookalikes, do not enter your login and password if you have doubts about the website you just clicked. The best option would be to simply bookmark the legitimate HitBTC page.

And do not hesitate to contact HitBTC Support if you think you received a suspicious message or noticed a suspicious activity.  We monitor phishing activities, and your help is much appreciated.

Contacting support

At the moment, HitBTC doesn’t not have phone or voice support. Please do not call any line advertised as HitBTC support and abort any phone conversation with anyone introducing themselves as a HitBTC support team rep.

The only HitBTC contacts are those you see on the website, in the “Contacts” section. If you are in doubt, please contact support before you send an email message or chat to someone on Facebook or Twitter.

Last but not least: HitBTC NEVER asks you to send any money to participate in any contest or lottery.  Please be careful, protect yourself with simple yet reliable tools, pay more attention to the actions you take both online and offline, use safe networks.

We wish you safe and successful trading.