5 Layers of Your Total Security on Bitsgap
Bitsgap has made the safety and security of your funds and personal data its top priority. This article will tell about how secure Bitsgap is.
Bitsgap has been built by traders for traders, so we fully understand your concerns over the safety and security of the platform. Considering the number of scams in the crypto space, it’s no wonder that trust has become a significant issue for many.
Bitsgap has gone above and beyond to ensure the safety of your funds and personal data. From the very beginning, we’ve made your protection our top priority by embedding cutting-edge security measures and data protection controls into the platform.
We continue to find innovative ways to protect you and regularly update the platform with extra security features. In this article, you can learn how Bitsgap is committed to your security.
1. Encrypted API: No Access to Funds and Personal Data
Bitsgap connects to your exchanges via encrypted API keys and has zero access to withdraw or transfer funds. In fact, any API key that comes with enabled permission to withdraw funds will be automatically rejected by the system.
👉 All Bitsgap needs access to is your trade history, balance view, and trading. Rest assured, your funds are secure because they don’t leave your exchange.
Since we don’t have access to funds, we don’t have KYC or collect any other personal data. So leaking information is impossible — we have nothing to tell anyone about you.
And if you’re concerned about your email, you can create a separate email address dedicated to Bitsgap only.
2. Advanced API Protection: Everything to Keep Scammers Away From Your Data
As fraudsters become increasingly sophisticated, so does Bitsgap. To protect you further from unauthorized access to your API keys, Bistgap has introduced a series of extra security measures that serve as a powerful shield against bad actors and suspicious activity.
But sometimes, your security depends on you. Therefore, every time you log into Bitsgap, ensure it’s the correct website: https://bitsgap.com — and not some other variation of that name (Pic. 1).
Scammers can use different mirror websites or even mobile applications to trick you into revealing your data, like a password and email, before transferring you to a legitimate Bitsgap interface. That’s why it’s essential to be all eyes and ears when you enter your data.
1 Account = 1 API Key Rule
As the first extra security measure, we’ve ensured that the same API key cannot be added to more than one Bitsgap account. This update makes it absolutely impossible to add a compromised (stolen) API key to Bitsgap.
👉 When someone adds a key, the system automatically scans the entire database of API keys to see if it has already been added.
If a system detects a duplicate, it immediately rejects the key and sends an email to the user (Pic. 2) informing them that someone tried to add the same API key twice. To add a key, a user will have to return to the exchange and create a new one.
“One account, one API key” is an extra layer of protection for all existing users and a real testament to how seriously we take security at Bitsgap.
An API key allows for trading in a high-security environment without the ability to withdraw funds from your account. Nonetheless, as attackers continue to circumvent security measures with new deceptive tactics, the term ‘countertrading’ has recently gained notoriety.
How does countertrading work? It typically involves an unpopular cryptocurrency trading pair with a small trading volume.
For example, bad actors buy a coin from their account and then buy the same coin using someone else’s funds from the spoofed API keys, increasing the price of the coin. After tempering the price, all that remains for bad actors is to sell those coins at a much higher price and get away with it.
Attackers can also play out a different, reverse scenario — having gained access to a victim’s private keys, they sell out the user’s funds at a meager price and then buy back the same amount from their accounts.
Bitsgap automatically detects such malicious activity and blocks it. If your key was compromised on some other platform or leaked by mistake, hackers might try to perform countertrades to take advantage of your account on Bitsgap.
However, Bitsgap’s security algorithms make countertrade virtually impossible, even on a new account.
👉 If bad actors still try to, repeating the operation (even on a different trading pair) will take so much of their time that it will become unreasonable for them to continue, and they will abandon Bitsgap in a jiffy.
The bottom line is that our countertrading protection is a safeguard that not only prevents trading at a loss but also increases the security of API keys and blocks the exploitations of previously unknown keys through the Bitsgap platform.
API Key IP Whitelisting
When you create an API key at your exchange, you can specify an IP whitelist (Pic. 3).
The IP whitelist can be used to restrict the API key to certain IP addresses, thereby blocking any trading activity outside Bitsgap (Pic. 4).
Again, the created API key can’t be added to any other account on Bistgap, which makes any attempt to steal API keys pointless, as they can’t be used.
Finally, we have “fingerprinting” — a sophisticated technique that tracks and blocks users trying to perform a malicious activity or abuse the platform.
The algorithm alone might not be 100% efficient (as hackers can use different devices). However, together with other security measures and updates, it would render any malicious activity inviable and make it downright impossible for bad actors to take advantage of Bitsgap.
3. OAuth: Fast and Secure Connect Between Bitsgap and Exchange
Leading exchanges give extra thoughtful attention to the safety of their customers and work alongside Bitsgap to develop and implement new security methods.
With some exchanges, like Binance, OKX, and Kucoin (and more coming), Bitsgap has partnered to ensure another layer of protection — OAuth, which is many times safer than conventional methods.
So, What Is OAuth?
OAuth, or open-standard authentication, is an authorization framework that allows applications to request secure delegated access to third-party systems.
To put it shortly, with OAuth, users can grant applications access to their information on other applications without revealing important credentials like passwords.
👉 If you’ve ever logged into an application through Facebook or Google or given access to your camera to any web app, you’ve used OAuth.
How Does OAuth Work on Bitsgap for Binance and OKX?
OAuth greatly improves trading security by only allowing trading from authorized API addresses. Advantages are plenty:
- It's fast and convenient with a one-click setup via Fast API Connect (Pic. 5).
- There are no setup errors.
- The key is protected by Bitsgap’s IP addresses, with all trading going through the Bitsgap servers.
- The API key is not transmitted anywhere except between the exchange and the platform in encrypted form.
4. 2048-bit RSA Encryption: Stronger Security Than in Your Online Bank
What might positively surprise you is that Bitsgap is safer than many internet banking apps. All information delivered to our servers is encrypted with 2048-bit standard protocols and stored on a secure network protected by a firewall.
👉 2048-bit encryption is inarguably the best technology for internet security. Crack time? Around 300 trillion years.
What exactly is this RSA 2048?
2048 refers to an encryption algorithm in which the key length is 2048 bits long. RSA stands for Rivest-Shamir-Adleman, the inventor of public-key cryptography in 1977.
Designed to address vulnerabilities in earlier forms of RSA encryption, RSA is now the industry standard for securing transmissions over the Internet. The most crucial feature of RSA 2048-bit encryption is its size: it has an unusually large key length that makes it difficult to crack using brute-force methods.
Wait, but that’s not all. It’s not like Bitsgap encrypts everything with just one key. In fact — every user account is encrypted with its own, separate RSA-2048 key.
5. Two-factor Authentication: Additional Level of Safety at Your Fingertips
Not enough? Data security is in your hands too. By enabling two-factor authentication (2FA) as an extra layer of security, you make sure that it’s you who is signing into your account and no one else (Pic. 6).
2FA helps protect your account by requiring two sources of confirmation of your identity to sign in to your Bitsgap account: something you know (password) and something you have (a code sent to your phone or email).
👉 Such two-level protection makes it extremely hard for a bad actor to access your account — not only do they need your password but also your email or phone.
You can never go too far with protecting yourself, can you? Luckily, you can even use hardware security keys for 2FA, such as Yubikey. In this case, an attacker will really have to go the extra mile to get to that magic USB. The good news is that they most probably won’t.
2FA is still one of the most effective methods to deter hackers. Like any system, it does not guarantee 100% protection at all times, but it definitely helps. So, take that extra measure to protect yourself.
Bottom Line: You’re Safe with Bitsgap!
The measures we take (encrypted APIs, advanced API protection, 2048-bit, 2FA) are a real testament to our commitment to user protection.
The result: in its seven years of existence, Bitsgap has never been hacked, nor have there been any serious security breaches.
You can be sure that you're absolutely safe with Bitsgap, and we'll continue to follow the trends so that you can be confident in the platform's security.