Is it safe to use the WhiteBIT exchange?

WhiteBIT prioritizes safety, transparency, and constant development. Our main work priority is the safety of our customers' personal data and security of their funds.

What are the security measures on our exchange?

We use advanced methods and technologies in the security field. We implemented:

  • Two-factor authentication (2FA): to protect your account from unauthorized access.
  • Passkey: is a unique identifier that is used to confirm the legitimacy of your actions on our platform. It serves the same purpose as 2FA and can be used as its alternative to ensure security of your account.
  • Anti-phishing: helps to ensure the reliability of our exchange.
  • Identity verification and AML checks: to ensure the transparency and security of our platform.
  • Logout time: automatic logout from the account in the absence of activity.
  • Address management: allows you to whitelist the addresses you use for withdrawals
  • Device management: you can cancel both one specific session and all active sessions from all devices at the same time

How secure are users’ funds?

We have an AAA rating and are in the top 3 most secure crypto exchanges according to and the top 2 most secure exchanges in the world based on an independent Hacken audit.

In addition, we:

  • Store 96% of the digital assets on cold wallets and use WAF to detect and block hacker attacks. The assets stored on the cold storage are protected with the multisignature access system.
  • Have an insurance fund to protect users’ assets, it is replenished with contributions from transaction fees. The fund currently insured the assets on the WhiteBIT's cold storage under the coverage plan, which amounts to 30 million U.S. dollars.


What is 2FA, and why is it important?

Two-factor authentication (2FA) is an additional way of protection for your account. It ensures that you are the only one who can access your account, even if a hacker knows your password. Once 2FA is activated, when logging into your account, you will need to enter a six-digit authentication code in addition to your password, which changes every 30 seconds in an authenticator app.


What is Passkey?

Passkey is another method for two-factor verification and functions on the same level as TOTP (Time-based One-Time Password) authentication, which works with Google Authenticator or another similar application.
Instead of using the authenticator application for 2FA verification, you can choose to enable Passkey on our platform. Various types of devices or platforms can act as a Passkey. Each device or platform generates two keys: private, which is used for confirmation and public —  a unique identifier of the authenticator and is used to identify the key within the service on which it will be used.


How does anti-phishing feature work?

Anti-phishing allows you to add your own anti-phishing code, which will be attached to system emails sent from the domain and to system emails regarding KYC etc. from the email address: 


What is the identity verification procedure like on our exchange?

Identity verification on our exchange is called “KYC” verification. It is the abbreviation for “Know Your Customer” or “Know Your Client”. It helps to secure accounts and keep funds safe. Furthermore, it is worth remembering that online verification shows the reliability of the exchange. Identity verification also prevents money laundering, terrorist financing, etc.


Can I use the exchange services without identity verification?

A user without KYC can only use Demo tokens.

Please note: alternatively, Passing the KYC verification on WhiteBIT brings the following benefits to our users:

  • access to deposits, withdrawals, and the Buy crypto option;
  • creation and activation of WhiteBIT Codes;
  • account recovery in case of 2FA code loss.


What are AML checks?

Anti-money laundering (AML) checks allow you to check the address for involvement in money laundering. Our users can check the address of the following currencies: BTC, LTC, TRX, USDT(ERC20), ETH(ERC20) and BCH (forks, if the address format is the same, can also be checked).

Has our company been independently audited?

Our company has passed Penetration cybersecurity tests and is in the top 3 on

Also, we have passed ISO 27001 standardization and are currently being audited by PCI DSS.


In case of any questions related to the functionality of our exchange, you can:

  • Leave a request on our website;
  • Write to the support email:;
  • Write to the chat using the button in the lower right corner of the screen (in the WhiteBIT app, go to “Account”—“Support” in the upper left corner).

Was this article helpful?

2 out of 2 found this helpful