KuCoin — Defender Checklist: Login Hardening & Phishing Defense

Immediate steps

1. Set a unique password via a password manager; enable auto-fill only for bookmarked domains.
2. Enable app-based 2FA; register a hardware security key if available.
3. Store backup codes offline (paper in a safe or a safety deposit box).

Ongoing hygiene

Review active sessions weekly; revoke stale or unknown devices. Harden your browser by disabling or removing unnecessary extensions and prefer a fresh profile for trading. Keep your system patched and run periodic malware scans with reputable tools.

Phishing identification

1. Check sender domain and email headers for inconsistencies.
2. Look for urgent language paired with a link — treat it suspiciously.
3. Never share one-time codes; KuCoin support won’t ask for them in chat or email.

Incident response quick plan

If you suspect a compromise: change your password, revoke API keys, disable withdrawals (if available), rotate 2FA, and contact support through your saved support route. Collect timestamps and screenshots to accelerate the investigation.

Note: This is a security checklist for educational purposes and is not affiliated with KuCoin.