Yes. Add the destination address to your Addresses Book with Require 2FA toggled off. Via the API, use the Address/Address_new endpoint with skip2FA set to true. The exemption must be confirmed via 2FA and email before it takes effect. Once saved, you will not need your 2FA to withdraw to that address.
How do I skip 2FA for a withdrawal address?
BitMEX allows you to bypass two-factor authentication for withdrawals to specific, pre-approved addresses. To set this up, navigate to your Addresses Book and add the destination address with the Require 2FA toggle switched off.
Once the address is saved with this setting, future withdrawals to that address will not require a 2FA code at the time of the withdrawal request.
When adding the address, ensure you enter the correct wallet address and select the appropriate network. After saving, BitMEX sends a confirmation email to the email address associated with your account. You must click the confirmation link in that email to activate the 2FA exemption.
How do I configure skip2FA via the API?
To add a new withdrawal address with 2FA exemption via the API, use the Address/Address_new endpoint. Set the skip2FA parameter to true and provide your otpToken to authorise the action. The otpToken is the current code generated by your authenticator app, and providing the token confirms that you are the account holder making this change.
You can verify your saved address settings, including whether skip2FA is enabled, by using the Address/Address_get endpoint. Regardless of whether you use the web interface or the API, email confirmation is a mandatory step, as detailed in the following section.
Is email confirmation required after enabling skip2FA?
Yes. After adding a withdrawal address with Require 2FA toggled off (or skip2FA: true via the API), you must confirm the action through your registered email address. BitMEX sends a confirmation email immediately after the address is saved or submitted via the API. Until the email confirmation is completed, the address status remains Pending and withdrawals to that address will still require your 2FA code.
The email confirmation step exists as a safeguard to ensure that only the account holder can authorise changes to 2FA requirements for withdrawal addresses. Even if an unauthorised party gains temporary access to your account or API keys, the email confirmation prevents the 2FA exemption from taking effect without access to the registered email account. Check your inbox (and spam folder) promptly after making the change, because the confirmation link may expire if not acted upon in a timely manner.
What are the security considerations?
Enabling skip2FA for a withdrawal address reduces the number of security checks required for transactions to that specific address. Only enable the skip-2FA option for trusted and frequently used addresses where you are confident in the destination wallet’s security. Removing 2FA from the withdrawal process means that anyone with access to your account credentials could initiate a withdrawal to the pre-approved address without needing the authenticator code.
To mitigate risk, consider limiting skip2FA to addresses you control directly, such as personal hardware wallets or verified exchange accounts. Regularly review the addresses in your Addresses Book and remove any that are no longer in use. If you suspect that your API keys or account credentials have been compromised, disable or delete all skip2FA-enabled addresses immediately and rotate your API keys.