BitFinex Account Security: Unauthorized Login

TL;DR

Someone accessed your BitFinex account without permission. This guide helps you secure it immediately, investigate what happened, and prevent future issues.

Steps to Secure Your Account

1. Change Your Password Immediately: This is the most important step.
   • Go to your BitFinex account settings.
   • Find the ‘Password’ section and create a strong, unique password. Use a mix of uppercase and lowercase letters, numbers, and symbols.
   • Do not reuse passwords from other websites.
2. Enable Two-Factor Authentication (2FA): This adds an extra layer of security.
   • BitFinex supports Google Authenticator or Authy. We recommend using one of these apps.
   • In your account settings, find the ‘Security’ section and enable 2FA.
   • Follow the on-screen instructions to scan the QR code with your chosen app and enter the verification code. Keep a backup of your recovery codes in a safe place!
3. Review API Keys: If you use API keys, revoke any that you don’t recognize.
   • Go to the ‘API Tokens’ section in your account settings.
   • Look for any unfamiliar API keys and delete them. If you need an API key, create a new one with limited permissions.
4. Check Withdrawal Addresses: Verify that no unauthorized withdrawals have been set up.
   • Go to the ‘Withdrawal Addresses’ section in your account settings.
   • Remove any addresses you don’t recognize or haven’t used before.

Investigating the Unauthorized Login

1. Review Account History: Look for suspicious transactions.
   • Check your transaction history for any withdrawals, trades, or deposits you didn’t make.
   • Pay close attention to dates and times.
2. Check Your Email for Phishing Attempts: Look for emails that might have tricked you into giving away your password.
   • Search your email inbox for messages from BitFinex or related services asking for your login details. Be wary of links in these emails.
3. Scan Your Computer for Malware: Malware could have stolen your credentials.
   • Run a full scan with reputable antivirus software.
   • Consider using a second opinion scanner to catch anything your primary antivirus might miss.

Preventing Future Unauthorized Access

1. Use Strong, Unique Passwords: As mentioned before, this is crucial.
2. Enable 2FA on All Accounts: Protect all your important accounts with two-factor authentication.
3. Be Wary of Phishing Emails: Never click links or enter your credentials in suspicious emails. Always go directly to the website (e.g., BitFinex) by typing the address into your browser.
4. Keep Your Software Updated: Regularly update your operating system, web browser, and antivirus software.
5. Use a Password Manager: A password manager can help you create and store strong, unique passwords securely.

Reporting the Incident

Contact BitFinex support immediately to report the unauthorized login. Provide them with as much detail as possible about what happened.