Introduction to Account Security and Principles

With the prevalence of cryptocurrency investment, security is what matters most in the Cryptocurrency field. Cryptocurrencies have brought lots of exciting possibilities, but they are also full of risks and dangers. Besides, the anonymity, privacy, and decentralization of cryptocurrency make it hard to trace back your asset once it's been penetrated.

For your asset security, CoinEx provides comprehensive precautions from three dimensions: Platform safeguard protection, personal security settings, and general security principles, and it will help mitigate some risks associated with using, holding, and trading cryptocurrencies.


🔒 Eight Security Features on CoinEx

1. 100% Reserves Guaranteed

All your crypto assets on CoinEx will be 100% reserved. CoinEx promises and implements that your assets won’t be used anywhere else, and your withdrawals will be 100% processed in time when needed.


2. High-speed Matching Engine

CoinEx independently developed a high-speed transaction matching engine, which can carry a transaction volume of up to 10,000 transactions per second. We guarantee stability and reliability in the case of massive concurrent transactions, ensuring that each of your orders is properly handled.


3. Overall Adoption of HTTPS

CoinEx uses the Hypertext Transfer Protocol Secure (HTTPS), which is an extension of the Hypertext Transfer Protocol (HTTP), to authenticate the accessed website and protect the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks, and the bidirectional encryption of communications between a client and a server protects the communications against eavesdropping and tampering.


4. Full-dimensional Capital Protection

Cold wallet storage and multi-signature strategy guarantee asset safety and isolation. We insist on collaborating with the top security teams in the industry to provide full-dimensional protection of funds.


5. Monitor for Abnormal Changes in IP Address

If it is detected that the IP address used to access the account changes frequently within a short period of time, the system will automatically send an instant warning notification to the email/mobile phone number bound to the account to prevent the account from being hijacked.


6. Login Notifications

Every time you successfully log in to your CoinEx account, the system will automatically send you a sign-in notification via Email or SMS, including the IP address, time, and location of the login. You can also view your login records in the last 30 days at "Login History". In case of any unknown login that is not operated by you, please change your login password immediately or submit a ticket to contact CoinEx customer service.


7. Real-time Alert of Asset Changes

Each time your deposit/withdrawal transaction is recorded on the blockchain, the system will push a notification to your bound email/phone, which allows you to track your account assets in real time.


8. Multiple Confirmations for Withdrawal

After submitting a withdrawal request, CoinEx requires withdrawal reconfirmation in the email before it can be executed systematically, which prevents the loss of assets from incorrect input or other operational errors to a certain extent.


⚙️ Five Must-Read Security Settings on CoinEx

1. Login Password

CoinEx provides a series of user-customizable security measures. We encourage you to use the combination settings to strengthen the account security level, and to obtain a more secure and efficient trading experience. What's more, the login password, serving as the first security pass to enter each CoinEx account, plays a very important role. Be sure to set a unique password for your CoinEx account and keep it safe. Please refer to the following points when setting your login password:

(1) Do not disclose your password to anyone at any time.

(2) Do not share passwords of other websites or any passwords in use.

(3) Use a unique and complex password that contains uppercase and lowercase letters, numbers, and special characters. It is recommended to set it to 16 digits.

(4) Develop the habit of regularly updating the password, change your password at a certain period (such as every three months).

(5) Use password management tools to assist in managing passwords in case you forget them.


2. Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is the second security guarantee for each account. We strongly recommend enabling your 2FA, so that you can operate the account more safely via 2FA code, such as login, trade, add API keys, and change account security settings. In addition, once the 2FA has been modified, a security hold will be placed on your account for 24 hours automatically, to reduce security problems caused by account theft or other reasons.

CoinEx currently supports the following two 2FA methods:

(1) Google Authenticator (TOTP one-time password)

(2) SMS code


3. ID Verification

Most financial service providers take the detailed info of the customers during the onboarding process, before the registrants can even make financial transactions. In some cases, accounts can be made without KYC but are limited in their functionality. Due to the pseudonymous nature of cryptocurrency, it’s often used for the laundering of illicit funds and tax evasion. KYC procedures help combat money laundering, terrorism financing, fraud, and the illicit transfer of funds.

An extra security layer will be added after passing ID verification. KYC checks may feel like an annoyance, but it provides a great deal of security indeed. With ID verification, you can also sign up for the ambassador program and enjoy more platform benefits like trade contests.


4. Freeze Account

To freeze or suspend an account due to security reasons, you can use the function of Freeze Account to protect your account. This operation will suspend all transactions and withdrawals, delete all API keys, and remove all devices that have access to the account.


5. API Security Measures

You can establish APIs with different uses according to your own needs, to integrate various functions of the exchange into their applications quickly and efficiently. However, using the APIs requires external applications to share data, which also carries certain risks.

(1) Independent API permissions: CoinEx API separately sets read-only, tradable, and withdrawable permissions for each newly-added API key, which is convenient for you to solve the management problems of multiple groups of APIs more safely and effectively.

(2) API private keys: API private keys have read-only, tradable, and cash-out permissions, and they play essential roles, for they allow access to read and trade through the account. If the API private key has been exposed, there's a high probability that would cause the loss of your assets. If you have enabled an API account, please keep your API private key separately and ONLY to yourself.

(3) Set API withdrawal whitelist separately: CoinEx allows users to set API withdrawal whitelist on WEB and App separately to facilitate the expansion of the withdrawal experience in multiple application scenarios.


💡 Three General Security Principles

1. Value Your Privacy

(1) Consider the risks of boasting about your successful trading rallies

(2) Do NOT share your previously used addresses

(3) Be careful mentioning your balances

(4) Avoid sharing information that is connected to your offline identity

(5) Use encrypted communication channels


2. Always Be Vigilant

(1) Learn about common phishing tactics, get to know the common threats and dangers, and it'll help you keep your assets secure.

(2) Use strong and unique passwords, improve your general security, and enable 2FA protection for your online accounts.
(3) Check and confirm information multiple times, and keep vigilant at all times to avoid infringement, especially when performing asset and password backup and other related security operations.


3. Manage Your Own Assets

Software and mobile phone wallets offer a wide variety of features and are usually very easy to use. However, the big disadvantage from a security perspective is that they are connected to very complex and often online environments such as your mobile phone or a computer, and these factors open many opportunities for viruses and hackers to access your coins. Therefore, CoinEx strongly recommends new or inexperienced users avoid storing or trading large amounts of cryptos with such software or wallets.

(1) Use paper wallets: It means to have your private keys written on a piece of paper, and it is often regarded as one of the safest ways to store private keys. They are, however, quite difficult to manage and usually only viable for one-time use.
(2) Use hardware wallets: Hardware wallets are typically easy to use, highly secure, and mostly pocket-sized, and these devices protect the private keys against malware and hackers by keeping them offline. On the other hand, they are costly and require physical confirmation for most actions.

Security is never absolute and finished. That's why we should take our time to update the knowledge base from time to time and check our potentially weak points on a regular basis.