Security is the number one priority at CoinZoom. We have invested countless hours and resources into ensuring that our platform is safe from bad actors, including incorporating big data analysis and AI technologies to aid us in preventing attacks. We’ve even partnered with various cyber-security and compliance firms in the blockchain space. Yet, the best security partnership we can build is with the CoinZoom community itself.


Each and every one has the power to ensure that the community remains SAFU from bad actors, starting with maintaining regular habits that help keep accounts safe. With our organizational commitment toward preventing unauthorized activity and our community’s heightened sense of security, we can collaborate to create a more secure environment for cryptocurrency.


1. Always use Two-Factor Authentication (2FA), preferably Google Authenticator.

Activating 2FA on your CoinZoom account is a crucial first step toward securing your funds on CoinZoom. Currently, we offer two options for 2FA: SMS and Google Authenticator. We recommend using Google Authenticator. While SMS 2FA may be more convenient, this increases the attack vectors that may be used to target your account (e.g. SIM swapping). 


2. It is highly recommended to use a password that is at least 8 characters long, containing at least one uppercase letter, one lowercase letter, one special character, and one number. However, a strong password alone is not enough, as there are a variety of ways in which your password may be obtained by an attacker. With this in mind, it’s a good habit to change your password periodically. This practice should not be confined to your CoinZoom account, but also used for your e-mail accounts (especially if used for a financial account such as CoinZoom).


3. Allow withdrawals only to addresses you trust and check the whitelist regularly. CoinZoom has a feature, “Whitelisting”, which allows you to limit the wallet addresses to which you can withdraw your funds. As each addition requires e-mail confirmation, this feature can protect you in special cases of unauthorized access. Simply enable the “Whitelist” option in the Withdrawal Address Management section.


4. Take the necessary steps to secure your account when using API. A large portion of the CoinZoom community uses our API, our documented programming interface that allows CoinZoom data to be shared with other applications. This allows for a more customized trading experience, but if not used securely, it may lead to issues. When using the API, you may consider things such as restricting access by IP address, avoiding providing your API keys to third-party services, changing your keys regularly, and/or using the aforementioned withdrawal address whitelist.


The next steps go beyond your CoinZoom account and tackle general security procedures. Take these steps as well.


5. Make sure that your Internet connection is secure. Checking for the security of your connection extends to multiple fronts, from your Internet service provider and how you are connected to them, to any software and/or services in between. Avoid connecting to public Wi-Fi networks and other shared connections, as these expose a risk for attackers that may want to intercept the data that you transmit. 


6. Install antivirus software and trust only secure apps/programs. It pays to be sure that the apps you use and the files you access or download are not infected with viruses, malware, or anything else that may compromise your information. Ensure that all of your devices are protected with the latest version of your preferred anti-virus software and that regular scans are scheduled. Always download apps/programs from trusted, official sources, and avoid accessing links or software shared by someone you do not know and trust. For extra security, you may consider a dedicated device strictly for your sensitive account(s).


7. Put a lock on your phone. There’s a big chance that you use your phone for 2FA and other sensitive activities. Knowing this, it’s a no-brainier that you need to keep your phone protected. Whether it’s via password or fingerprint, any additional layer of security is helpful. 


8. Use a secure password manager. Multiple secure and different passwords are, unfortunately, not easy to remember. Password managers make it easier for you to keep track of these complicated passwords across multiple accounts, and many of these services have sophisticated encryption mechanisms that make password storage more secure. Of course, the password you choose for your password manager should be as complex as possible.


9. Use Two-Factor Authentication (2FA) methods, such as SMS and Google Authenticator.


10. Identify and avoid phishing attempts. Always check the emails you receive and the websites you log in to. Many successful attacks involve fake websites and forms that masquerade as exact replicas, or giveaways, for websites you have accounts with. Make it a habit to check the address bar of the websites you visit for accuracy, as well as the details regarding the source of e-mails you receive.