Physical security and situational awareness
- Limit public exposure: avoid sharing personal information, such as your address or travel plans on public platforms or social media. This helps prevent potential attackers from gathering information about your whereabouts or residence.
- Keep valuable items, such as wallets, phones, and laptops, securely stored and out of sight. Use locks on bags or backpacks to deter theft.
- Use discretion in sharing personal information with others: keep information about your crypto holdings for yourself only.
- Be aware that what you wear, own and personalise can be used to determine that you own cryptocurrencies and can make you a target (e.g. cryptocurrency symbols on clothing, stickers on laptops, etc.).
- Only trade or check your BitMEX account from physically secure locations (not in public or around CCTV cameras).
- Avoid establishing predictable patterns in your daily routines, such as taking the same routes or visiting the same locations at the same times. By varying your routines, it becomes more difficult for potential attackers to predict your movements and target you.
Securing your devices and their contents
- Consider using a dedicated phone and/or laptop for accessing your BitMEX account and executing trades.
- Ensure your device is encrypting all the information stored on it by utilising disk encryption.
- Make sure your device requires a PIN, FaceID, TouchID or strong password before being used to access your BitMEX account.
- Keep the browser you use to access BitMEX free of any extensions that don't directly pertain to securing your browser.
- Avoid clicking links that are unexpectedly delivered through SMS and email on the devices you are using to access BitMEX on.
- Ensure that the BitMEX application installed on your device is the correct, verified one.
- Keep your device and your browser up to date with the latest patches as they are released.
- Avoid jailbreaking or accessing root on your devices that you access BitMEX on.
Securing your BitMEX account, associated email account and the BitMEX application
- Use a dedicated email account for your BitMEX account which does not reveal anything about your identity. E.g. Use a pseudonym and not your real name.
- Choose a strong password for your email account associated with your BitMEX account and your BitMEX account directly. Choose unique strong passwords for each account and consider storing these passwords in a password management tool.
- Before transferring any funds, Ensure your email account and your BitMEX account are secured with MFA (preferably with a Yubikey). Only store your 2FA seeds in an offline format.
- If you choose to not use a dedicated device for your BitMEX trading as suggested above, utilise a dedicated browser for that purpose, separated from your day to day activities.
- Ensure multiple recovery options are enabled on the email account associated with your BitMEX account. Avoid the use of SMS as one of these options.
- Once generated, store your API keys securely. Utilise password managers or encrypted storage solutions to protect your keys from unauthorised access. Avoid storing them in plain text or sharing them with others.
- Regularly monitor your API key usage and associated logs for any suspicious activity.
- Periodically review the applications or services that have access to your API keys.
- Consider whether you still use all of them and if any inactive or unnecessary keys can be revoked or deleted.
- Consider what kind of access these keys need and restrict this access to Read Only where possible.