Your security is always our priority

Our security team is continually focused on improving our end-to-end security measures.

Security certified
Our primary mission is to give our customers the ultimate trading experience with your security as our top priority.
Reinforcing our reputation for upholding high information security standards, Bitfinex obtained a SOC 2 Type 1 Certification based upon security, availability and confidentiality, demonstrating rigorous policies and procedures in accordance with the AICPA Trust Services Criteria.
Learn more
aicpa soc2
security of funds and info
Secure by default
Two-factor authentication (2FA)
Two-factor authentication (2FA)
Add an extra layer of security to your account and protect sensitive operations such as logging in, generating API keys, and withdrawing. Configure two-factor authentication using Google Authenticator, or a U2F Security Key.
Advanced API key permissions
Advanced API key permissions
Create API keys with advanced read/write permissions on a per-feature basis. Unleash the full power of the platform through our REST and WebSockets APIs.
Universal 2nd factor (U2F)
Universal 2nd factor (U2F)
Use a physical Security Key to take advantage of the ultra-secure FIDO Universal 2nd Factor (U2F) open authentication standard.
Advanced verification tools
Advanced verification tools
  • Login data is saved and analyzed for unusual activity.
  • Intelligent system detects IP Address changes to prevent session hijacking.
  • Email notifications report logins and include a link to instantly freeze your account if you suspect malicious activity.
  • Limit access to your account based on IP address.
OpenPGP Email encryption
OpenPGP Email encryption
Want more protection? Encrypted email communication (PGP) adds an extra layer of privacy and security.
Withdrawals protection
Withdrawals protection
  • Security system monitors withdrawals by IP address and other user behavior patterns, triggering manual admin inspection on withdrawals that appear unusual.
  • Withdrawal confirmation step that is immune to malicious browser malware.
  • Define an address whitelist to ensure no withdrawals can go anywhere else.
Cryptocurrency storage
The overwhelming majority of system funds are stored in offline, multi-signature cold wallets. Only approximately 0.5% of crypto assets are accessible in hot wallets for day-to-day platform operation. As an added protection, the cold wallets are not available from the platform or the platform servers.
Always up-to-date Linux systems to host the platform
Always up-to-date Linux systems to host the platform
Our servers network is protected using always up-to-date software and the best possible practices
Automatic real-time backup of the database
Automatic real-time backup of the database
The platform database is backed up in real-time on encrypted hard-drives and is replicated in several geographical locations.
Protection from DDoS attacks
Protection from DDoS attacks
We are protected by automatic Distributed Denial of Service protection to prevent trading to be halted by outside attacks.
Start trading today
One of the longest running exchanges, trusted by professionals.
Copyright ©️ 2013-2023 iFinex Inc. All rights reserved