How OQEX Global protects its customers
As cryptocurrencies spread, the issue of storage security becomes more and more pressing. To ensure security, OQEX Global provides various methods of users' funds protection:
- Cryptocurrency storage in the physical cold wallets;
- Two-factor authentication;
- Custodian services for secure storage.
When you choose the exchange first of all it is necessary to take into account its reliability: how secure users's funds are kept. Protection of funds is a two-way operation. Therefore, the exchange must provide its customers with all the necessary tools:
- Two-factor authentication;
- Trading passwords (when trading derivative instruments);
- Withdrawal confirmation with a confirmation code, etc.
OQEX Global securely stores users' funds
The crypto exchange provides its customers with a complete package that allows them to ensure complete security of users ' funds and confidential information.
Multi-signatures
Private keys are also stored on offline secure servers. Moreover, the servers use a 2 out of 3 multi-signature system. This means that you need at least 2 keys to access the private keys. Keys are stored by different people. Even if an attacker manages to get hold of one key, they will still not be able to access the wallets.
Custodial services
There are special services for storing cryptocurrencies and other digital values. These services are called Custody - they are owned by private companies. Servers are reliably protected from external intrusion and are carefully guarded.
In addition, custodial services provide account insurance in case of hacking, although this has not yet happened. Users' funds are insured for $50 million.
Two-factor authentication
To get access to your account you have to go through two stages:
- Enter the password;
- Enter the code that is generated every 30 seconds on the your mobile device.
In this case, a cybercriminal will not be able to hack your account and withdraw funds without access to your mobile device. As you can see, with the OQEX Global crypto exchange, your funds are always safe.
How to enable 2FA
Method 1. Google Authenticator
First, you have to download the Google Authenticator app to your Android or iOS mobile device. Then you have to go to the exchange account settings and enable the corresponding option. When connecting, a 2FA code and QR code will be generated, which must be saved for recovery in case of loss of the smartphone.
Go to the app and add the code (➕Button). Read the QR code using the Google Authenticator app or enter the code manually. After adding the second factor, you have to confirm the new device by entering the generated code from the app. Now 2FA is enabled. A cybercriminal now has almost no chance of gaining access to your account without physical access to your smartphone, if you do not fall for phishing. But we'll talk about this later.
Method 2. Via email.
You must also go to your account settings on the exchange and open the Confirmation via email option. You will receive a code that you need to enter or a link to click to enable the second factor, to your email. Hackers will not be able to access your account without both a password from it and from mail.
The safest way to combine both methods is to confirm transactions both by mail and via Google Authenticator.
How hackers hack accounts
There are many methods of phishing and infecting your computer with malicious code that hackers can use to gain access to your account. Let's list the most popular methods of stealing authorization data.
Getting access to email via cookies
Attackers can intercept your cookies using malicious code or through public networks when you connect to a public Wi-Fi network. After receiving cookies, they can restore the session on their computer and access your mail. Many services are protected from repeated use of cookies, including during an active session, but not all of them are. For example, this vulnerability is still relevant for Netflix and Amazon. Gmail is protected from repeated use of cookies, but Yahoo mail is not. It is safest to use Google mail and additionally connect 2FA via the app.
Fake links
You may receive a false email from the exchange Manager. For example, it may have the following content: “your account is logged in. If you didn't do it, click the link immediately and change your password.”
A risk factor can play a role here: a person does not hesitate to click on the link and enter authorization data (username and password). The spoof site looks identical, so the victim doesn't suspect anything. But after entering the data, nothing happens - username and password were just sent to the hacker. Your account has been compromised.
Emails or calls from technical support
The scheme works in a similar way. But they will write or call you on behalf of the customer support service. You will be asked to provide your password or payment information. This method is often used to steal bank card data.
Piece of advice. Always check the site domain in the browser and do not tell anyone your account passwords and private keys. Legitimate support never asks such data.
Banners with phishing sites
Hackers substitute the address and disguise the site as a real exchange. The banners display the same labels as the original one, but the site itself is fake. When you click on the link, you are redirected to a phishing page. During Telegram Open Network ICO, hackers managed to get more than $3 million under the guise of selling GRAM tokens before advertising platforms blocked banners of cybercriminals.
Be vigilant, follow the security recommendations of the crypto exchange and do not disclose your personal data to anyone. OQEX Global will take care of everything else.