KuCoin aims to protect users’ privacy and assets from infringement. Our security team has constantly been improving related mechanisms and performing periodic reviews to protect users’ privacy and assets.
Please take the necessary protective measures below to ensure the security of your personal information and accounts. Meanwhile, please follow our guide to understand the common fraud tactics in the industry, as detailed below:
Part 1. Restrict login IP
We recommend that you turn on this feature. When your login IP changes, the account protection mechanism will be immediately triggered and you will be logged out automatically.
Part 2: Anti-phishing Safety Phrase (Email/Login/Withdrawal Safety Phrase)
In order to avoid phishing emails and phishing websites, please set a security anti-phishing safety phrase (such as a motto, etc.) on your KuCoin account. When you log into the website or receive an email, it will display in the email from KuCoin or the login window. If the safety phrase is not displayed or incorrect, it means that you are on a phishing site or have received a phishing email, then please do not proceed any further.
Part 3. Official Media Verification
To prevent any fraud in the name of KuCoin, you can confirm an official KuCoin contact or domain by entering the telephone number, email, WeChat, Telegram, Skype, Twitter, or website address in the search bar.
Part 4. Phishing Sites
In a phishing scam, the attacker tries to disguise themselves as a trustworthy entity in order to trick you into giving them sensitive information that can be used to gain access to your devices and accounts and steal your money. It is, therefore, important that our clients be very careful and learn good habits to help avoid these scams. Here are some important things to remember that can help keep your KuCoin account secure from phishing scams:
What should I look out for?
- Every time you log into your account, we recommend double-checking that you are visiting the correct KuCoin website - https://www.kucoin.com. You should bookmark it right away.
- Check the URL address. It should start with https://
- Check the Site Certificate to see whether a website is safe to visit. If you are using Google Chrome, you can check the security status in the left part of the web address (a green lock indicates that the website is secure). If you are using a different browser, please look at how to view the Site Certificate in your browser’s settings.
- When typing ‘KuCoin’ into a search engine (i.e., Google) or any link sent to you from an external source or website, please double-check if the URL is legitimate.
- When clicking on Google Ads, ensure that you check the URL is legitimate as phishing sites have been known to place fake advertisements.
- Check the sender address when clicking on any email that looks like it has been legitimately sent from KuCoin. Scammers often send emails with links that look real but actually redirect you to a fake site. Further information on spoof emails is detailed in point 4 below.
Part 5. Fake KuCoin Support Phone Numbers/Phishing - Email
1 Fake KuCoin Support Phone Numbers: Some sites have been known to list a 'support' number for KuCoin. These numbers are not legitimate support numbers as WE DO NOT CURRENTLY OFFER SUPPORT VIA PHONE. Scammers regularly set up these numbers, and when users called, they are trying to obtain their personal account details to access their KuCoin account.
- Never call any number that claims to offer KuCoin support.
- Never disclose any of your personal information to support personnel over the phone who claim to be a member of the KuCoin support team.
- Be aware that KuCoin support staff will never contact you via phone. If you receive a call from someone claiming to work for KuCoin support, we recommend you hang up straight away and block the caller from your device.
Phishing Email: Recently, there have been a lot of scam emails under the name of "KuCoin Team". When you receive such emails, please make sure to talk to our admins in the Telegram group chat to verify these emails.
Below is an example of a scam E-mail
What should I look out for?
- KuCoin will never ask for payment via emails.
- KuCoin will never ask you to send payment to a specific address via email.
- KuCoin staff will never ask you for your password or two-factor authentication details.
Part 6: Scammers on Twitter/Telegram
Twitter: It is always a great idea to keep up to date with KuCoin via Twitter. However, always be sure you are on the official KuCoin Twitter page. Copy accounts will duplicate everything they can to seem like the real deal. However, always double-check that you are in the official KuCoin Twitter page with @kucoincom username.
What should I look out for?
- It is a good idea to bookmark the official KuCoin Twitter page or access it through our website.
- The only KuCoin account on Twitter is @kucoincom. Anything else is a spoof.
- Always make sure both name and username match the official account.
- Spotting a fraudulent account:
Telegram: Remember that we will never ask you to send money to any address for any reason. If someone asks you to do this, they are trying to scam you, and they should be ignored. Report these users to an administrator privately.
Below are some examples of a Telegram scammer
Part 7: Other Security Tips
- We recommend you change your KuCoin password regularly and use a password you do not use anywhere else.
- Activate or upgrade your 2FA to dynamic code, for example, Google Authenticator.
- Regularly check to see if your email has been compromised. Go to: https://haveibeenpwned.com/ or https://hacked-emails.com/verified_leaks.
- Enable 2FA on your email account.
- Regularly change your email account password.