What's Account Security

With the prevalence of cryptocurrency investment, security is what matters most in the Cryptocurrency field. Cryptocurrencies have brought lots of exciting possibilities, but they are also full of risks and dangers. Besides, the anonymity, privacy, and decentralization of cryptocurrency make it hard to trace back your asset once it's been penetrated.

CoinEx has provided complete precautions for this to ensure the safety of your assets.


100% Reserves

All your crypto assets on CoinEx will be 100% reserved. CoinEx promises and implements that your assets won’t be used anywhere else, and your withdrawals will be 100% processed in time when needed.

High-speed Matching Engine

CoinEx independently developed a high-speed transaction matching engine, which can carry a transaction volume of up to 10,000 transactions per second. We guarantee stability and reliability in the case of massive concurrent transactions, ensuring that each of your orders is properly handled.

Station-wide Adoption of HTTPS

CoinEx uses the Hypertext Transfer Protocol Secure (HTTPS), which is an extension of the Hypertext Transfer Protocol (HTTP), to authenticate the accessed website and protect the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks, and the bidirectional encryption of communications between a client and server protects the communications against eavesdropping and tampering.

Full-dimensional Capital Protection

Cold wallet storage and multi-signature strategy guarantee asset safety and isolation. We insist on collaborating with the top security team in the industry to provide full-dimensional protection of funds.

Monitoring of Abnormal Changes in IP Address

If your IP address changes frequently during a short period, you’ll receive alarm notifications via SMS or Email in case your account was hacked.

If it is detected that the IP address used to access the account changes frequently within a short period of time, the system will automatically send an instant warning notification to the email/mobile phone number bound to the account to prevent the account from being hijacked.

Sign In Notifications

Every time you successfully log in to your CoinEx account, the system will automatically send you a sign-in notification via Email or SMS, including the IP address, time, and location of the login. You can also view your login records in the last 30 days at "Sign-in History". In case of any unknown login that is not operated by you, please change your login password immediately or submit a ticket to contact CoinEx customer service.

Real-time Alert of Asset Changes

Each time your deposit/withdrawal transaction occurs is uploaded on the blockchain, the system will push a notification to your bound email/phone, which allows you to track your account assets in real-time.

Multiple Confirmations for Withdrawal

After submitting a withdrawal request, CoinEx requires withdrawal reconfirmation in the email before it can be executed systematically, which prevents the loss of assets from incorrect input or other operational errors to a certain extent.

Individual Security Measures

CoinEx provides a series of user-customizable security measures. We encourage you to use the combination settings to strengthen the account security level, and to obtain a more secure and efficient trading experience.

1. Login Password

As the pass to enter CoinEx, the login password is the first security guarantee for each account and plays a very important role. Be sure to set a unique password for your CoinEx account and keep it safe. Please refer to the following points when setting your login password:

(1) Do not disclose your password to anyone at any time;

(2) Do not share passwords of other websites or any passwords in use;

(3)Use a unique and complex password that contains uppercase and lowercase letters, numbers, and special characters. It is recommended to set it to 16 digits;

(4) Develop the habit of regularly updating the password, change your password at a certain period (such as every three months);

(5) Use password management tools to assist in managing passwords in case you forget them.


2. Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is the second security guarantee for each account. We strongly recommend to enable your 2FA, you can operate the account more safely via 2FA code, such as login, trade, add API keys, and change account security settings. In addition, once the 2FA has been modified, a security hold will be placed on your account for 24 hours automatically, to reduce security problems caused by account theft or other reasons.

CoinEx currently supports the following two 2FA methods:

(1) Google Authenticator (TOTP one-time password)

(2) SMS code

 

3. ID Verification

Most financial service providers take a customer’s details in the onboarding process before they can make financial transactions. In some cases, accounts can be made without KYC but are limited in their functionality. Due to the pseudonymous nature of cryptocurrency, it’s often used for the laundering of illicit funds and tax evasion. KYC procedures help combat money laundering, terrorism financing, fraud, and the illicit transfer of funds.

An extra security layer will be added after passing ID verification. KYC checks may feel like an annoyance, but it provides a great deal of security indeed. With ID verification, you can also sign up for the ambassador program and enjoy more platform benefits like trade contests.


4. Disable Account

If you need to freeze the account or no longer use it for security reasons, you can [Disable Account] to protect your account security.

If the account needs to be frozen or no longer used due to security reasons, you can use the function of Disable Account to protect your account security. This operation will suspend all transactions and withdrawals, and delete all transactions manually. API keys and remove all devices that gained access to the account.


API Security Measures

You can establish APIs with different use according to your own need, to integrate various functions of the exchange into their applications quickly and efficiently. However, using the APIs requires external applications to share data, which also carries certain risks.


1. Independent API Permissions

CoinEx API separately sets read-only, tradable, and withdrawable permissions for each newly-added API key, which is convenient for you to solve the management problems of multiple groups of APIs more safely and effectively.


2.
API Private Key

API Private Keys have read-only, tradable, and cash-out permissions, it has an essential role for it allows access to read and trade through the account. If the API private key has been exposed, there's a high probability that would cause the loss of your assets.

If you enable an API account, please keep your API private key separately and ONLY to yourself.


3. Set API Withdrawal Whitelist Separately

CoinEx allows users to set API withdrawal whitelist on WEB and API separately to facilitate the expansion of the withdrawal experience in multiple application scenarios.