Is HitBTC safe?
HitBTC Exchange Security Analysis
Is HitBTC safe?
Recently I’ve seen this question on Quora.
I decided to share my thoughts on it here, on Medium.
In general I’d call Hitbtc a safe exchange. They do have many security features, even though there could be more of them. At the same time, too many security measures could slow down the process of trading, so there should be some kind of balance in it.
I’ll try to describe all that I know about Hitbtc safety and give you a full and detailed answer to the question if HitBTC is safe.
First of all, all of the following is my own opinion. You don’t have to agree with me. In fact, you should test several exchanges by yourself and then you can find the one that suits you better.
I’ll give you a list of HitBTC security features and provide description for all of them. Then I’ll sum up this information and share with you my own opinion on security level of this exchange.
So, let’s start.
1. Whitelist of addresses for cryptocurrency withdrawals
One of the main Hitbtc security features is the whitelist option.
Log in to your account. Press the settings button. You will see menu where you can enable or disable several security features.
Whitelist is a list of trusted addresses which you can create, add, delete and so on. To add a new address in your list you should press ‘Add address’, choose currency, enter a name for your address and enter your address. That`s all.
After you create this list, nobody will be able to withdraw your coins or tokens to other addresses. If you want to delete your whitelist, you’ll have to confirm it via email.
This option gives you some kind of guarantee that even if your account is hacked, the hacker won’t be able to withdraw your funds to his addresses.
The option works only in case if you use secure passwords.
Obviously, your passwords for your email address and your HitBTC account should be different. If you use the same password for email and HitBTC account and your HitBTC account will be hacked, the hacker will be able to delete your whitelist, confirming his actions using your email. After that he will be able to withdraw your funds.
Theoretically, using of this whitelist security feature will improve safety of your account.
2. Automatic logout
Let’s go to the next tab. ‘Security’. Automatic logout will let you to log out from all your current sessions after chosen time (30 min, 1 hour, 8 hours, 1 day, 7 days). If you share your PC with somebody else, this is a good option, especially if you have a habit not to log out from your account.
This is not something very original, every exchange should have this feature.
Сhoosing the time when you will be logged out depends on your trading style. If you are an active intraday trader, theoretically you should use 1 day automatic logout. If you are a long-term investor, you can use 1 hour automatic logout.
On the screenshot you can also see the button “Terminate all sessions”. If you login via many devices and you need to log out from all your sessions, just push this button. You will be log out from all you devices simultaneously.
3. 2FA option for login
An extra option for secure login. Shortly: you should install Google Authenticator application on your mobile device, scan code, save backup code, and enter temporary code from Google application in the entry field.
IMO it is better to spend 10 minutes to enable this option than to have an account which is not safe enough.
4. Active Sessions and Your recent activity
These options are supposed to give you actual information about security of your account. If something goes wrong, this information will help you to react faster.
In ‘Active Sessions’ field you can see all your current sessions. If you see something strange (for example, someone has logged in your account from another country and it isn`t you) , you can immediately change your password and push the button ‘Terminate all sessions’.
In ‘Your recent activity’ field you can see a history of last activity on your account with IP adresses, time and so on. If someone has unauthorized access, you will see it in your history. I’d look there from time to time. If somebody will hack you, you will see it.
5. Possible upgrade of you account to PRO status
You can get an extra security feature from HitBTC — keep your funds in Sequant Capital facility in London. This option is available only for those who passed through the KYC/AML procedure.
If your funds are absolutely legal and you are ready to provide HitBTC exchange with all the information about your identity and sources of your funds, you can try it. After this procedure your funds will be safe in a cold storage. Theoretically it should improve security of your money.
Conclusion
Actually, this is an ambigious question if Hitbtc is safe.
If you do not use any security features and your password is qwerty1234 for all services — man, possibly all your life is very unsafe and you are a very risky guy.
If you use many security features and you have strong and different passwords — I can guarantee that your accounts on HitBTC or somewhere else are safe.
