Skip to main content

How Do I Secure My BitMEX Account?

  • Updated

Protect your BitMEX account by using a dedicated email with a pseudonym, enabling MFA (preferably a Yubikey), choosing unique strong passwords, encrypting your device, and only accessing your account from secure locations. Store 2FA seeds offline and keep API keys in encrypted storage with minimal permissions.

 

What physical security measures should I take?

Physical security and situational awareness form the first line of defence for crypto traders:

  • Limit public exposure: Avoid sharing personal information such as your address or travel plans on social media. Keep details about your crypto holdings strictly private.
  • Be mindful of visual cues: Clothing, stickers, or accessories displaying cryptocurrency symbols can identify you as a holder and make you a target.
  • Secure your valuables: Keep wallets, phones, and laptops locked away and out of sight.
  • Trade from secure locations only: Never access your BitMEX account in public or around CCTV cameras.
  • Vary your routines: Avoid predictable patterns in daily routes and schedules, making it more difficult for potential attackers to anticipate your movements.

 

How should I secure my devices?

Your device is the gateway to your BitMEX account. Take the following precautions:

  • Consider using a dedicated phone or laptop exclusively for accessing BitMEX and executing trades.
  • Enable disk encryption on your device to protect all stored information.
  • Require a PIN, FaceID, TouchID, or strong password before accessing your account.
  • Keep your browser free of unnecessary extensions that do not directly pertain to security.
  • Avoid clicking unexpected links delivered through SMS or email on devices used for BitMEX.
  • Ensure the BitMEX application installed is the correct, verified version.
  • Keep your device and browser up to date with the latest patches.
  • Avoid jailbreaking or rooting devices used for BitMEX.

 

How should I secure my BitMEX account and associated email?

Account-level security requires attention to your email, passwords, MFA, and API keys:

  • Use a dedicated email account that does not reveal your identity. Use a pseudonym rather than your real name.
  • Choose unique strong passwords for both your email and BitMEX accounts. Store them in a password manager.
  • Before transferring any funds, secure both accounts with MFA (preferably a Yubikey). Store 2FA seeds only in an offline format.
  • If not using a dedicated device, use a dedicated browser for BitMEX, separated from daily browsing.
  • Enable multiple recovery options on your associated email account. Avoid using SMS as a recovery method.
  • Store API keys securely in a password manager or encrypted storage. Never store them in plain text or share them.
  • Monitor API key usage and associated logs regularly for suspicious activity.

Periodically review applications with API key access. Revoke inactive or unnecessary keys and restrict access to read-only where possible.

Related articles

This website is operated by HDR Global Trading Limited, a company incorporated under the International Business Companies Act of 1994 of the Republic of Seychelles with a company number of 148707 and registered address at Global Gateway 8, Rue de la Perle, Providence Mahé, Seychelles (“HDR”). HDR wholly owns BitMEX, a Bitcoin-based trading platform.


Access to trading or holding positions on BitMEX is prohibited for any person or entity that is located, incorporated or otherwise established in, or a citizen or a resident of: (i) the United States of America, Québec (Canada), the Hong Kong Special Administrative Region of the People’s Republic of China, the Republic of Seychelles, Bermuda, Cuba, Crimea and Sevastopol, Iran, Syria, North Korea or Sudan; (ii) any state, country or other jurisdiction that is embargoed by the United States of America; or (iii) any other jurisdiction where the services offered by BitMEX are restricted (collectively “Restricted Jurisdictions”). If it is determined that any BitMEX user has given false representations as to their location, incorporation, establishment, citizenship or residence, or HDR detects a user is from a Restricted Jurisdiction as described above, HDR reserves the right to immediately close their accounts and liquidate any open positions. HDR may, in its sole discretion, implement controls to restrict access to the BitMEX trading platform in any of the Restricted Jurisdictions.