At BIT, we prioritize the safety of our users and have implemented various security technologies and strategies to protect users’ assets. However, it is also important for users to be aware of potential security risks and take necessary precautions. In case of any security issues while using BIT products, please report to us via email sec@bit.com.
To secure your BIT account assets, we strongly advise you to follow the following security principles:
1. Use unique usernames and passwords
- Do not use the same username and password for BIT that you use on other websites and platforms. Many websites have inadequate security protection, especially for data security, which leads to frequent information breaches.
- User identities and login information are often sold on the dark web. If a website you use with the same username and password as BIT experiences a breach, the attacker may attempt to access your BIT account using the leaked information.
- To reduce the threat of a data breach, use a completely unique username and password for BIT that is at least 8 characters long, contains numbers, letters, and symbols, and update it regularly.
It is also recommended to use separate email addresses for different accounts to prevent the breach of one email from affecting multiple associated accounts. Check https://haveibeenpwned.com/ to monitor if your personal accounts have suffered a breach in real-time.
2. Enable multi-factor authentication
- After setting up your BIT account, set up multi-factor authentication as soon as possible to add another layer of protection.
- BIT supports multiple authentication methods, including Ukey, Google authentication, SMS verification, and email verification.
- For security and reliability, it is recommended to use Ukey and Google authentication, and to use a separate device for Google authenticator.
3. Be cautious of phishing attacks
- Phishing is a social engineering attack that steals sensitive information such as usernames, passwords, 2FA verification codes, private wallet keys, bank accounts, and other important data.
- Phishing attacks can take various forms, such as emails, text messages, phone calls, fake websites, apps, social media, etc. Phishing attacks on social media are widespread in the cryptocurrency field.
- Do not open unknown or suspicious URLs, click links or open files from anonymous text messages/emails, and never disclose passwords, verification codes, or mnemonic words.
- BIT officials will never ask for your private keys or other sensitive information.
4. Keep your terminal environment secure.
- Install antivirus software on your daily use computer and keep the virus database up-to-date. Regularly scan and check your computer for suspicious behavior, and take immediate action if any is found. Change the password of your BIT account if necessary.
- Set your terminal system and browser to automatically update. Update as soon as possible when notified. Unfixed vulnerabilities can increase the risk of being attacked.
- Strengthen the security of your daily WIFI network, including using strong encryption methods and secure passwords. Use caution when using public WIFI, as attackers can monitor these networks and obtain sensitive information such as usernames and passwords.
If you come across security issues on BIT or fake BIT phishing activities, please let us know right away. If you find any security vulnerabilities in BIT products or network threat activities related to BIT, please notify us through email sec@bit.com. If you discover phishing activities targeting BIT, you can report it through the BIT Threat Intelligence Reward Program, and we will provide a reward in return.