Before opening an account
Confirm the official domain, legal entity, regional availability, and app publisher. Read independent incident reporting and the current terms rather than relying on promotional rankings.
- Bookmark the official domain
- Use a unique email and password
- Choose app-based or hardware security keys
- Review account recovery options
- Understand custody and insolvency risk
After registration
Enable the strongest authentication available, set an anti-phishing code, configure withdrawal allowlists where practical, and review active sessions. Never share one-time codes or seed phrases.
Ongoing habits
Check addresses and networks for every transfer, test withdrawals, keep tax and transaction records, and remove funds not needed for active exchange use. Treat urgent direct messages as suspicious.
Common questions
Frequently asked questions
Is two-factor authentication enough?
It is important but not sufficient. Combine it with unique credentials, phishing awareness, session review, withdrawal controls, and careful custody decisions.
Should I leave crypto on an exchange?
Exchange custody can be convenient but introduces counterparty risk. Consider your knowledge, transaction needs, and ability to secure self-custody.
What should I do after clicking a suspicious link?
Do not enter credentials. If you already did, use the official site to change your password, revoke sessions, secure email, and contact official support.