1.Take the first step in protection now: Security Settings Multi-Factor Authentication (MFA)

Login Password

• Use a strong password that combines uppercase letters, lowercase letters, numbers, and special characters.
• Avoid using the same password across multiple websites; modify it appropriately instead.
• Keep account passwords and access credentials strictly to yourself.
• Regularly update your password, ensuring each new password is complex and unique.

Multi-factor authentication

• Enhance account security by binding your phone number and using biometric passkeys or GA (Google Authenticator) to better protect your assets.
• Never share any verification codes with others.

2.Enhance Hazard Prevention, Build a Fortress of Safety: Advanced Settings

Trusted Device Management

• When logging into your HashKey account from multiple devices, be sure to select devices you trust.
• The interface displays the model, name, and last login time for the three most recently logged-in devices.
• If you notice an unusual device login, we recommend changing your password and updating your MFA.

Anti-Phishing Code

• Enable your anti-phishing code to have emails sent by HashKey include a unique code of your choice.
• This helps you quickly and easily verify whether an email originates from a trusted platform.

3."Security Mindset" and Good Habits That Must Be Cultivated: Fostering User Security Awareness

Official Website Access

• Always obtain software through the official website or official app stores (e.g., Google Play, App Store) to avoid downloading suspicious installation packages.
• Bookmark the official website in your browser and always access it via bookmarks to prevent accidentally landing on phishing sites through searches.

Environment Check

• Avoid accessing your HashKey account over public Wi-Fi networks; only access it through trusted networks.
• Ensure security settings and logins occur on private, secure devices and in secure environments.

API Keys

• Safeguard your API keys and never share them with untrusted third parties.
• Remove all unused or unnecessary API access permissions.
• Please ensure you fully understand the intended purpose of the API key before creating it. For highly sensitive operations involving asset transfers (such as withdrawals), it is recommended to create a dedicated key isolated from other functional permissions.

4.Embed Security into Every Aspect of Use: User Recommendations

• “There's no such thing as a free lunch.”Exercise extreme caution toward any opportunity promising high returns at zero cost.
• Be wary of any unsolicited emails requesting personal information or payment through online/offline channels. Platform customer service will never proactively contact you privately to request sensitive information or demand transfers. Remain vigilant against any phone calls, emails, or social media messages asking for sensitive details. If uncertain, promptly verify with customer service.
• If you encounter any phishing activity using HashKey's name, report it immediately to our team. We will promptly take action to ban such accounts.
• Set up notifications to stay informed about account activity changes or suspicious transactions, protecting your data.

5.Emergency Measures for Abnormal Account Activity: Respond to crises and promptly minimize losses.

If your account shows suspicious activity indicating potential compromise, such as unauthorized login attempts or transactions, email/password changes, or disabling multi-factor authentication...

• You should immediately contact customer support to freeze your main account or take action yourself by changing your password and resetting MFA. Our risk team will also promptly freeze user accounts upon detecting abnormal activity.
• Please report the incident through HashKey's official customer service channels and provide relevant evidence.
• You are responsible for your account security. HashKey cannot be held liable for any losses resulting from failure to properly safeguard your account information.

Security is not a feature, but a habit. Account security is not a single configuration setting, but an ongoing security requirement throughout the entire account lifecycle.During virtual asset management, any operation or authorization action may directly impact asset security. Maintaining essential risk awareness and consistently implementing the security controls provided by the platform are crucial prerequisites for safeguarding your assets.

Disclaimer :

This material is for general information purposes only. It does not constitute, nor should be interpreted as, any form of solicitation, offer or recommendation of any product or service. It does not constitute investment, tax or legal advice. In no event should any news release be considered as recommendation of a particular type of digital asset.This material may include market data prepared by HashKey Exchange or data from third party sources. While HashKey Exchange makes reasonable efforts to ensure the reliability of such third-party information, such information may have not been verified. Graphics are for reference only. We make no representation or warranty, express or implied, to the timeliness, accuracy or completeness of the information in this material. Information may become outdated, including as a result of new plans, regulations or changes in the market. In making investment decisions, investors should not solely rely on the information contained in this material. The risk of loss in trading digital assets can be substantial and is not suitable for all investors.Any forward-looking statements in this material is subject to several conditions, uncertainties and assumptions. We undertake no obligation to update or revise any forward-looking statements.The English version shall prevail if there is any inconsistency between the English and Chinese versions.