Account security is at the core of CoinEx’s services. We continuously optimize our security systems and encourage you to enhance your security awareness to protect your assets together with us.
Here are 9 simple yet effective measures to significantly strengthen your account protection:
1. Use a dedicated email address for registration
(1) Your email is a key credential for your account. To prevent credential stuffing due to email leaks, we recommend registering your CoinEx account with an email address that has never been used on other websites.
(2) Keep your registration email and password secure, and regularly check your email security settings to ensure safety.
2. Use a strong password and change it regularly
(1) Create a unique, complex password for your CoinEx account and change it periodically.
(2) Use professional password managers (such as LastPass or KeePass) to manage your passwords and prevent loss or leaks.
3. Enable two‑factor authentication (2FA)
Enabling 2FA is one of the most effective ways to protect your account, significantly reducing risks even if your password is compromised.
CoinEx currently supports two types of 2FA tools, recommended in order of security:
- Passkey (🌟Strongly recommended): Based on FIDO protocols, this allows passwordless login with high security and convenience. It is less vulnerable to phishing and interception.
TOTP (👍Recommended): Tools like Google Authenticator generate a dynamic code every 30–60 seconds. This method is secure and independent of mobile network signals.
SMS verification (🚩Less secure): This relies on your carrier’s network and is susceptible to signal issues or SIM hijacking, so it should only be used as a backup plan.
⚠️ Always enable at least one secure 2FA tool and properly back up your mnemonic phrases and keys. Never share them with anyone.
🔗Explore more:
- How to Bind Mobile Number (Web | App)
- How to Bind TOTP Authenticator (Web | App)
- How to Bind Passkey (Web | App)
4. Carefully check the domain before logging in
(1) Always ensure you are accessing CoinEx via the official domain: https://www.coinex.com/.
(2) Do not access through search engine results or third‑party links.
(3) Pay attention to website design and domain spelling to avoid leaking account information due to misclicks.
5. Strictly protect your account information
(1) CoinEx will NEVER ask for your password, 2FA code, or any other sensitive information.
(2) Stay vigilant against anyone claiming to be “customer support” or “official staff”, and verify through CoinEx’s Official Verification Channel. Always rely on official announcements for accurate information.
(3) Official contact information for email, Telegram, X (formerly “Twitter”), etc., is provided on our official website. Be wary of unverified information sources.
6. Be cautious with unknown links or attachments
(1) Be highly cautious of unknown links or attachments in emails, SMS, or social messages from unknown sources. Always confirm that the information is from CoinEx before taking action.
(2) Enable Anti‑Phishing Code: CoinEx supports adding a personalized anti-phishing code to your account. Once enabled, all emails from CoinEx will display this code, making it easier for you to verify authenticity.
7. Enhance your device security
(1) Enable password or biometric verification on your phone and computer to prevent data leakage if your device is lost.
(2) Install legitimate security software and avoid downloading software from unknown sources to prevent malware attacks.
(3) Avoid using public Wi‑Fi. Use trusted networks or dedicated devices for accessing your account.
8. Store your API Private Key securely
(1) If you have enabled API access, store your API Private Key independently and never share it with others.
(2) Since API Private Keys can be used for reading, trading, and withdrawals, leakage may result in asset loss.
🔗Explore more:
9. Increase your security awareness
(1) Stay cautious of any information or directives that cannot be verified as officially sourced. Keep your sensitive account information safe to improve overall security awareness.
(2) Regularly check your account activity, including login IPs, locations, and times. If you notice any anomalies, immediately remove any suspicious logged‑in devices through login status management or disable your account. Also, delete all API keys and remove any devices that have access to your account.
(3) If your account shows any unusual activity, submit a ticket and contact us as soon as possible.