Security

We provide an environment where all customers can trade crypto assets (virtual currency) with peace of mind. We will continue to do our best to ensure that we maintain both ease of use and strong security.

Security measures for account registration and login

1. ID verification to protect customers

In order to prevent crime and terrorism, we carry out identity verification procedures (KYC: Know Your Customer) at the time of account registration. To ensure a smooth and secure ID verification, we offer quick ID verification, which allows customers to complete ID verification online by simply authenticating their identity documents and face with a smartphone. Click here for more information.

2. Complete security measures with strong password settings

We recommend that you use a sufficiently strong password. Frequently used character strings are prohibited. Do not use the same password on multiple services. Click here for more information.

  • Passwords must be at least 9 characters.

  • Contains at least 2 of the following: Lower case characters, upper case characters, numbers, and special characters.

3. Account lock function to protect against unauthorized logins

If you enter an incorrect password more than a certain number of times when logging in to your account, your account will be locked. We can not unlock it manually, so please wait a while and try logging in again. Click here for more information.

4. Multi-factor authentication to strengthen account security

By adding a verification code for authentication to your login password, it further strengthens the security of your account. The verification code changes over time and each time you log in, making it difficult for a malicious third party to break into your account even if they manage to steal the ID and password. Click here for more information.

Security system for the secure management of crypto assets (virtual currency)

1. Multi-signature

Multi-signature (multisig) is an authentication technology used on blockchains that increases security. Unlike regular Bitcoin addresses, multisig addresses require multiple signatures to send currency. You can build a highly-secure wallet with multiple signature keys. Click here for more information.

2. Cold wallet

Regarding the crypto assets held by our company and those held by customers, only the minimum amount necessary for exchange and transfer is held in hot wallets that are connected to the networks. The rest, which is nearly 100%, are stored in cold wallets that are isolated from the networks. Numerous physical security locks and 24-hour surveillance ensure that your wallet is well protected and disconnected from the network environment.

3. Clear separate management of customer crypto assets (virtual currency)

Our customers’ crypto assets (virtual currency) and financial assets such as JPY that are deposited to us are clearly separated from our own assets.

Cyber attack countermeasures

1. Plans to prevent viruses and hacking attacks

In addition to checking the file systems for viruses with antivirus software, we conduct virus scanning on all incoming data. Regarding countermeasures against hacking, we are constantly working with outside organizations to understand all attack patterns, including the latest attack techniques, and are constantly implementing countermeasures.

2. Countermeasures against phishing emails

Attack emails (phishing emails) that target employees to be used as gateways for hacking into companies, including ours, are constantly incoming. To prevent damage from phishing emails, we have adopted a system that prevents the alteration of email content and sender spoofing. We also conduct regular drills to ensure that we recognize and properly respond to distrustful emails, and we protect our customers' information from hacking into our internal systems.

3. Phishing sites

Phishing sites pretending to be our company (sites that try to steal customer information) have been set up, but we are continuously searching to detect such phishing sites and prevent losses in advance. In addition, to avoid becoming a victim of phishing scams, customers are advised to take the following measures on their own.

  • Before clicking on a URL, always make sure the URL begins with https://bitflyer.com/ (make sure the URL is prefixed with a key symbol).

  • Bookmark the official HP in advance and do not access it from suspicious emails or URLs written on Internet bulletin boards.

  • If you receive an email from a sender claiming to be bitFlyer and requesting you to follow unusual login procedures, do not simply comply.

  • We recommend that you set up two-factor authentication in case you enter your password or other information on an unauthorized website.

Click here for more information.