The Ultimate Checklist for Securing Your New Bybit Account

Setting Up Two-Factor Authentication

1. After creating your Bybit account, immediately enable two-factor authentication (2FA) through the security settings. This adds a critical layer between your funds and potential intruders.

2. Use an authenticator app like Google Authenticator or Authy instead of SMS-based 2FA. App-based methods are less vulnerable to SIM-swapping attacks.
3. Store your recovery QR code and backup key in a secure offline location such as a password manager or encrypted USB drive.
4. Test the 2FA login process at least once after setup to confirm it functions correctly without locking you out.
5. Never share your 2FA codes with anyone, including individuals claiming to be from Bybit support.

Securing Your Email and Password

1. Choose a strong, unique email address dedicated solely to your cryptocurrency activities. Avoid using personal emails tied to multiple services.

2. Create a complex password with at least 12 characters, combining uppercase letters, lowercase letters, numbers, and special symbols.
3. Never reuse passwords across different platforms, especially between exchanges and social media accounts.
4. Enable login alerts on your email so you’re notified of any unauthorized access attempts.
5. Regularly check your email provider’s security settings and ensure recovery options are updated and protected.

Whitelist Withdrawal Addresses

1. Access the withdrawal settings in your Bybit profile and activate the address whitelist feature.

2. Only add wallet addresses you fully control and have previously tested with a small transaction.
3. Each time you add a new address, the system will enforce a waiting period—typically 24 hours—before allowing withdrawals to that destination.
4. Review your list of whitelisted addresses monthly to remove any outdated or unused ones.
5. Disable withdrawals entirely if you're not actively trading, reducing exposure during periods of inactivity.

Device and Network Safety

1. Only access your Bybit account from trusted devices that have up-to-date antivirus software and operating systems.

2. Avoid logging in over public Wi-Fi networks. If necessary, use a reputable virtual private network (VPN) to encrypt your connection.
3. Clear browser cache and cookies after each session, especially when using shared computers.
4. Install ad blockers and anti-phishing extensions to reduce exposure to malicious websites mimicking Bybit’s interface.
5. Regularly monitor active sessions in your account dashboard and log out unknown or suspicious connections immediately.

Phishing and Social Engineering Prevention

1. Memorize the official Bybit URL and avoid clicking links from emails, messages, or search results.

2. Be cautious of unsolicited DMs on Telegram, Discord, or Twitter offering support, promotions, or investment advice.
3. Bybit will never ask for your API keys, seed phrases, or 2FA codes—any such request is fraudulent.
4. Verify the authenticity of customer service channels by only using the contact options listed in the official help center.
5. Report phishing domains and fake accounts to Bybit’s security team to help protect the broader community.

Frequently Asked Questions

What should I do if I lose access to my 2FA device?Immediately use your backup recovery key to regain access. Contact Bybit support with proof of identity if you cannot restore access through standard recovery procedures.

Can I disable the withdrawal whitelist once it's enabled?Yes, but doing so increases risk. Disabling this feature allows withdrawals to any address without delay, making your account more vulnerable to theft.

How can I verify a legitimate email from Bybit?Check the sender’s email address carefully. Official communications come from domains ending in @bybit.com. Look for consistent formatting and avoid clicking embedded links until confirmed.

Is it safe to store funds long-term on Bybit?While Bybit employs advanced security measures, it's recommended to keep large holdings in cold wallets under your control rather than on any exchange.