Due to the tamper-proof and irreversible nature, lack of regulation, and anonymity of the blockchain (industry), hackers have targeted this industry. In recent years, the blockchain sector has become a hot spot for asset theft, with large numbers of users and projects having their cryptocurrencies stolen, resulting in significant financial losses.
Drawing on years of experience in network security and feedback from users who have fallen victim to account and asset theft, we've identified several unsafe practices in account usage to help you avoid pitfalls and protect your BingX account and assets.
1. Password
1. Using weak passwords
Weak passwords are easily cracked, often consisting of simple number combinations, number combinations same as account, or adjacent keyboard keys. Common examples include Abcd1234, Qwer1234, and Admin123.
Risk: Weak passwords are vulnerable to being guessed or cracked, such as through credential stuffing attacks.
Recommendation: Use a strong password with a mix of uppercase and lowercase letters, numbers, and special characters, and make sure it exceeds 10 characters.
2. Using the same password across multiple accounts
To simplify remembering passwords, users often use the same password across different sites. If a site’s password is leaked (such as its database is compromised), other accounts using the same password are also at risk. It's known that the Internet has witnessed frequent batch leakage of accounts on websites, even those used by tens of millions or hundreds of millions of people such as email, social networking and shopping websites, not to mention those small sites.
Risk: A single account breach can compromise all accounts using the same password.
Expert Advice: Use a unique password for your BingX account.
3. Storing passwords in plain text
Users sometimes save their passwords in plain text files, such as in notes or Excel spreadsheets, to avoid forgetting them.
Risks:
- If your phone or computer is hacked or borrowed, your saved passwords can be exposed.
- If you sync these files to the cloud, it can lead to leaks if the cloud account is compromised.
Expert Advice: Avoid storing passwords in plain text. Here, it is highly recommended to use password management software like 1password to store passwords. You only need to remember one password to easily manage all kinds of passwords for various sites.
2. Multi-Factor Authentication (MFA)
1. Not setting up 2FA
Failing to set up two-factor authentication (2FA) after creating an account and rushing into trading, despite security reminders from the website, is a major taboo! Over half of cryptocurrency exchange accounts that were compromised did not have 2FA enabled.
Risk: If your email account is compromised, hackers can bypass security by linking 2FA and steal your funds.
Expert Advice: Set up 2FA (using Google Authenticator or an email/phone number) before making any deposits or transactions.
2. Using unknown software to save Google Secret.
Google Authenticator is a software that saves Google Secret and generates OTP verification codes in real-time. Some users can't download Google Authenticator due to network isolation, so they may choose to download alternative software instead.
Risk: Downloading and using some unknown software (possibly malicious software) may expose your Google Secret through backdoors in these software.
Expert Advice: It is strongly recommended to use Google Authenticator first, followed by authenticator software from industries such as Microsoft and Binance.
3. Google Authenticator enables cloud synchronization
Google Authenticator introduced Google Account Cloud Synchronization in 2023, which backs up Google Secrets on the Authenticator to the cloud, allowing cross-device migration of verification codes.
Risk: While Cloud Sync brings convenience, it also brings a security risk. If your Google account is compromised, the saved Google verification codes may be leaked (depending on whether your Google account devices have 2FA protection).
Expert Advice:
- 1. Keep Google Authenticator offline (disconnected from the internet).
- 2. (If 1 is not feasible) Do not enable the Google Account Cloud Sync feature.
- 3. (If Cloud Sync is necessary) Be sure to set up 2FA for your Google account.
3. KYC
1. Non-KYC account
Typically, a non-KYC account doesn't pose security risks. However, under certain abnormal circumstances, it may become vulnerable to aiding hackers in compromising the account and withdrawing its assets.
Risk: Hackers gain access to a BingX account, complete the KYC process, and then use the verified KYC information to request the removal of other security measures, such as the linked email, phone number, or Google Authenticator.
Expert Advice: Complete advanced KYC as soon as possible.
2. Purchasing IDs for KYC
Buying IDs from others online to complete KYC verification, often to bypass regional restrictions or operate multiple accounts.
Risks:
- Since the KYC data belongs to someone else, the seller may later claim ownership of the account with the trading platform, potentially causing disputes and leading to asset losses.
- The BingX platform has a specialized system for detecting KYC violations. If detected, the account will be restricted, causing significant inconvenience, and the funds spent on purchasing KYC will be wasted.
Professional Tips:
- Do advanced KYC with your own ID and portrait.
- Never purchase KYC verification service online.
3. Selling Your Own ID for Others' KYC
Some individuals sell their own ID information online for others to use in KYC verification, not realizing that this can have serious consequences for them.
Risks:
- Buyers of KYC may use the accounts for illegal activities such as money laundering or criminal transactions. This could lead to complicated investigations for you and potentially even imprisonment.
- Identification and portrait information may be leaked and reused on other sites.
Expert Advice: Always safeguard your identification and personal portrait information. Never sell it online.
4. Being scammed
1. Trusting Online Friends and Sharing Account Information
Users deceived into sharing their account details due to money-making schemes are the second most common type of exchange account theft.
Some users fall for scammers' exaggerated profit claims and guarantees, handing over their trading accounts in hopes of high returns. Unbeknownst to them, in such cases, not only do they fail to make a profit, but they also lose 100% of their principal.
Risk: Once you provide your account password and real-time verification code to scammers, they can access your account, leaving your funds unprotected. They may perform actions such as wash trading, withdrawals, or fiat currency withdrawals.
Expert Advice:
- Anyone promising to earn high returns for you is definitely a fraudster!
- Anyone asking for your account password is definitely a fraudster!
- Anyone requesting your verification code is definitely a fraudster!
2. Installing malicious software/browser plugins
Users may install cracked software, malicious programs, or dubious plugins for various reasons, such as avoiding the cost of genuine software, accepting files from online contacts, or visiting scam websites. This poses significant risks to your device and personal security. For instance, the malicious browser extension Aggr Trade recently made headlines in the crypto community for stealing accounts and funds from numerous users.
Risks:
- Malware monitors and steals important information on your device.
- Malware remotely controls your device.
Expert Advice:
- Only download genuine software from the official website.
- Be cautious of software or plugins that request significant permissions, and carefully evaluate whether to grant authorization.
3. Visiting phishing websites
Many phishing websites imitate BingX with similar domains and interfaces. Although we actively collaborate with external security agencies to scan and take immediate legal action against such sites to remove them, new ones may still appear. Exercise caution and remain vigilant while using online services.
Risk: If you accidentally enter your account, password, verification code, or other sensitive information on a phishing site, it can lead to a breach of your account security.
Expert Advice:
- Please ensure you use the official website, which is https://bingx.com..
- If you encounter any phishing websites or apps impersonating BingX, please report them to us, and we will address the issue as soon as possible.
5. Others
1. Turn off email/SMS notifications
Some users, frustrated by frequent emails or SMS messages ending up in junk or spam folders, choose to turn off these notifications.
Risk: Missing notifications from BingX regarding unusual activity on your account.
Expert Advice:
- Enable email/SMS notifications for your BingX account.
- View notifications sent to you by BingX promptly.
2. Sign in on public devices without logging out
Logging into your BingX account on public devices, especially if you forget to log out, poses a significant risk to your account.
Risks:
- Public devices may have malicious software that can steal your account information.
- If you forget to log out, others may gain access to and operate your account.
Expert Advice
- Do not log into your BingX account on public devices.
- (If absolutely necessary) Ensure you log out immediately after using your account on public devices.