How to Secure Your BitMEX Account

We previously shared how we secure our funds in custody – our side of the story on how we protect customer assets. While third-party due diligence is critical, it’s equally as important for customers to take their own security measures to protect their funds.

If you want to learn about how you can enhance the security of your BitMEX account and the funds that sit within it, read on. 

Understanding Physical Security and Situational Awareness 

Physical security factors come first when understanding the protection of assets. When it comes to crypto and digital assets, this becomes even more important. 

Here are some things you can do to protect your physical security and enhance your situational awareness: 

  • Limit public exposure: Avoid sharing personal information (e.g. address, travel plans) on public platforms or social media. This helps prevent potential attackers from gathering information about your whereabouts or residence.
  • Keep valuable items safe: Store items like wallets, phones, and laptops stored and out of sight. Use locks on bags or backpacks to deter theft.
  • Don’t share information: Keep any information about your crypto holdings for yourself only. Share personal information with discretion.
  • Pay attention to what you wear, own, or personalise: Your physical state can be an indicator that you own crypto, which could make you a target (e.g. having crypto symbols on clothing or stickers etc).
  • Trade in physically secure places: Only log in and trade on your BitMEX account from physically secure locations (not in public or around CCTV cameras). 
  • Be unpredictable: Avoid establishing predictable patterns in your daily routine (e.g. taking the same route, visiting the same location at the same times). Varying your routine makes it more difficult for potential attackers to predict your moves.

Securing Your Devices and its Contents

Your electronic devices are the gateway to your BitMEX account, meaning taking measures to protect your device is paramount. 

Here are some things to be vigilant about when it comes to your electronic devices: 

  • Think about having dedicated devices: Consider using a dedicated phone or laptop to access and trade on your BitMEX account.
  • Use disk encryption: Ensure your device is encrypting all the information stored by utilising disk encryption. 
  • Use device protection: Make sure your device requires a PIN, FaceID, TouchID, or a strong password before it’s used to access your BitMEX account. 
  • Avoid browser extensions: Keep the browser you use to access BitMEX free of any extensions that don’t directly pertain to securing your browser. 
  • Be vigilant of links: Avoid clicking on links that are unexpectedly delivered via SMS or e-mail on the devices you use to access your BitMEX account. 
  • Double-check legitimacy: Ensure that the BitMEX application installed on your device is the correct, verified one.
  • Update your devices: Keep your device and browser up to date with the latest patches as they are released. 
  • Avoid jailbreaking or accessing root on the devices you use to access your BitMEX account. 

Securing Your BitMEX account, Associated E-mail and Application 

Now for the most important part: securing your BitMEX account. This comes with protecting your e-mail account as well as the BitMEX application. 

Here are some things to remember when it comes to securing your BitMEX account, e-mail, and application: 

  • Use anonymous dedicated e-mails: Create a dedicated e-mail account for your BitMEX account which does not reveal anything about your identity (e.g. using a pseudonym for your e-mail address). 
  • Choose strong passwords: Make sure you have a strong password for the e-mail account associated with your BitMEX account, as well as for your BitMEX account itself. Choose unique strong passwords and consider storing them in a password management tool. 
    • Need some tips to secure your e-mail accounts? Check out Proton’s 9 top tips here.
    •  
  • Use Multi-Factor Authentication (MFA): Before you start transferring any funds, make sure your e-mail and BitMEX account are secured with MFA (Yubikeys are highly recommended). Your 2FA seeds should only be stored in an offline format. 
  • Use dedicated browsers: If you don’t wish to use a dedicated device for your trading, we suggest you use a dedicated browser to access and trade on your BitMEX account – separated from your other daily activities. 
  • Implement recovery options: Ensure multiple recovery options are enabled on the e-mail account associated with your BitMEX account. Avoid using SMS as one of these options. 
  • Store your API keys: Once generated, store your API keys in a secure way by using password managers or encrypted storage solutions. Avoid storing them in plain text or sharing them with others. 
  • Monitor your API key usage: Regularly check in on your API key usage and associated logs to identify any suspicious activity. 
  • Review apps and services: Periodically review the applications or services that have access to your API keys. 
  • Evaluate whether you still all of them or whether you any inactive/unnecessary keys that can be revoked or deleted. 
    • Consider the kind of access these keys need and restrict access to ‘Read Only’ where possible. 

To be the first to know about our new listings, product launches, giveaways and more, we invite you to join one of our online communities and connect with other traders.  

For the absolute latest, you can also follow us on Twitter, or read our blog and site announcements.