Security operation

banner banner

Common Safety Issues and Precautions

See all articles

HashKey Global Team

How to Avoid SMS Spoofing
  • Do not click any link from SMS before verifying the sender.
  • Cross check with HashKey Global's website to confirm the URL
See more
icon

HashKey Global Team

How to Avoid Phone-based attacks
  • Be aware of calls from unknown numbers.
  • Subscribe caller identification services to prevent spam/ junk call.
  • HashKey will never ask you to share the password or 2 factor authentication digits on any channel.
See more
icon

HashKey Global Team

How to Identify URL Spoof Phishing
If the URL is embedded in email, please refer to the How to identify phishing emails section.
  • Cross check with HashKey Global's website to confirm the URL.
  • Do not click on URL from social media like X, facebook, Youtube other than HashKey official channel. Attackers can create fake websites or redirect you to it to obtain your personal information.
  • Verify the Protocol - The URL from HashKey is started with Https:// with is secure protocol.
See more
icon

HashKey Global Team

How to Identify phishing emails
  • Check the email address of the sender. HashKey will only send information to Client via @hashkey.com email domain.
  • Hover over the link and check whether the URL is matched with the URL you want to access. If the URL is not matched, it is a characteristic of phishing. Sometimes, attackers might use short links, i.e. blt.ly and it is easy to hide malicious links.
  • Do not click on any attachment before verifying the sender.
See more
icon

HashKey Global Team

How to Prevent phishing attacks
Here are some general tips to present phishing attacks:
  • Be careful of message related urgent reply - These messages usually claim that you must reply to the message or call back immediately to obtain a reward or prevent loss.
  • Pay attention to infrequent senders/callers - It is a signing of phishing if you receive a message from an unknown person, especially if it is the first time receiving a message from the sender.
  • Keep doubt on incorrect domains - It is a common characteristic that the message/email claims to be our company or very similar to our company, also called 'typosquatting ' For example:
--support.gl0bal.hashkey.com, the 'o' replaced by '0', the email sent from @gmail instead of @hashkey.com.
--A Dash between www & hashkey.com
  • Do not click on any malicious link and attachments - HashKey will not ask clients to access any website other than HashKey Exchange - Global for information input. The link below is one of phishing websites sent by attackers via SMS/email.

image (15).png

If you are in doubt whether you are facing a phishing attack, it is suggested to check on HashKey Official Channel Verification Guidelines to verify whether the message comes from HashKey.
See more
icon

How to Use a Personal Wallet for Message Signing?

See all articles

HashKey Global Team

How to use your personal wallet to perform sign message?

Frequently Asked Questions - User Guide

 
These User Guidelines (hereinafter referred to as ''these Guidelines'') may be modified from time to time for informational purposes only and are not to be considered professional advice.
HashKey Global makes no representations or warranties as to the accuracy or completeness of the contents of these Guidelines, and assumes no liability for loss or damage arising from the omission, insufficiency or inaccuracy of the contents of these Guidelines.
 

How to use your personal wallet to perform sign message

 
During the process of adding a personal wallet withdrawal whitelist, you will need to sign message the specified signature text with your personal wallet to prove the ownership of your wallet.
 
Generally, there are no restrictions on your wallet type, as long as it supports the sign a message function, The sign message process may vary slightly between different brands and versions, and this guide will focus on how to sign messages using the most commonly used wallets.
 

  1. Software wallet - Electrum (BTC)

  • Software Wallet - MyEtherWallet (ETH)
  • Hardware wallet - Ledger Nano S (BTC)
  • Hardware wallet - Ledger Nano S (ETH)
  • Hardware wallet - Trezor (BTC/ETH)
 
If you encounter any problems when trying to sign message using other wallets, you can contact our customer service and provide relevant screenshots and information so that our customer service representative can assist you with the process.
 

Software Wallet - Electrum (BTC )

 
You can refer to the following link to complete the sign message process using your Electrum Personal Wallet for the specified text in the HashKey Global address verification page
https://bitcointalk.org/index.php?topic=2517791.0
 
Copy and paste the signature result into the designated area on the address verification page and follow the instruction to complete the address verification process.
 
 
 
 
 
Software Wallet - MyEtherWallet (MEW) (ETH cryptocurrency)
    1. Unlock your MyEtherWallet, go to the wallet main page, click on [Message] in the left menu bar and choose [Sign Message].
     
    1.PNG
     
    1. Once you have entered the sign message page, copy and paste the specified text from the HashKey Global address verification page into the "Message" area and click on the [Sign] button, the wallet will sign the input "message" with the private key corresponding to the address.
    2.PNG
     
     
    3. After the signature is completed, the signature result will be shown in a pop-up. Then copy the content of "sig" (Note*) in "Signed Message" and paste it into the corresponding area of the HashKey Global address verification page for subsequent address verification process.
     
    * When copying, you only need to copy the text in quotation marks below the word "sig". Take the following screenshot as an example, you only need to copy the 1ef75291b26087f4a77e2710c69fe24356c1fdab4480ae341ff85a238172f060173d6cae7f2dbdad0677d0541eb7296b8e5223356e89566de5588640d42502251b
    section and pasted into the designated area of the HashKey Global address verification page
    3.PNG
     

    Hardware wallet - Ledger Nano S (BTC coin)

    The Ledger Nano S is a hardware wallet. When using the Ledger Nano S to sign a message, you will need to use the software wallet to perform the sign message operation. The following steps are illustrated using the Electrum software wallet as an example.
     
    1. Install the Electrum wallet software. If you have already installed this wallet software, please proceed directly to step 2.
     
    1. Connect your Ledger Nano S device to your PC, enter your password, and unlock your wallet.
     
    1. Open the Electrum wallet software, follow the instruction to create a new wallet, choose [Standard Wallet] and click [Next]. If you have already installed the wallet software, please enter the wallet software and choose [File] → [New/Recover] to enter the installation process as below.
     
    4.png
     
    1.  
    5.png
    choose [Use a hardware device] as the Keystore and click [Next].
     
     
    1. Once the Ledger Nano S hardware wallet device has been detected by the software, click [Next].
     
    6.png
     
    1. Depending on the type of BTC address used to generate the address on the Ledger device (the table below provides a brief comparison and description of the 3 types of BTC addresses), choose [script type and derivation path], choose the "native segwit (p2wpkh)" as the address type.
    Address format
    Address
    form
    		 Brief description
    Transaction
    Fee
    Legacy (P2PKH)
    "Beginning
    with 1"
    Legacy address, generated
    using P2PKH (Pay-to-Pubkey Hash)
    		 High
    P2SH-SegWit(P2SH) "Beginning of 3"
    Possible multi-signature address, segregated witness compatible address, generated using P2SH
    (Pay-to-Script-Hash) script, which can send BTC to addresses starting
    with 1 and bc1, widely supported
    		 Medium
    Native-SegWit "Beginning with bc1"
    Native-SegWit address is generated by P2WPKH or P2WSH, with a different style and smaller QR code than 1 and 3 addresses, and backward compatible with addresses starting with 1 or 3 to transfer to each
    other
    		 Low
     
     
    7.png
     
    1. Check [Encrypt wallet file] and click [Next].
    8.png
     
    1. Go to the Electrum Personal Wallet main page, click on [Tools] and choose [Signature/Verify Message].
     
    9.png
     
    1.  
    10.png
    Once you have entered the sign page, copy and paste the specified text from the HashKey Global address verification page into the "Message" field and enter the "Address" information. Then click the [Sign] button.
     
     
    1. Sign the entered "message" with the private key corresponding to the address by operating the navigation button of the Ledger Nano S hardware wallet device.
    11.png
    12.png
     
     
    1. Once the message was signed, the signature result will be displayed in the "Signature" section of the Electrum wallet.
     
    13.png
     
    1. Copy and paste the signature result into the designated area on the HashKey Global address verification page for subsequent address verification operations.
     

    Hardware wallet - Ledger Nano S (ETH)

    The Ledger Nano S is a hardware wallet. When using the Ledger Nano S for sign message, you need to use the wallet software to perform sign message. The following procedure is illustrated using the MyEtherWallet (MEW) software wallet as an example.
     
    1. Connect your Ledger Nano S hardware wallet device to your PC via USB, enter your password and unlock your wallet.
     
    1.  
    14.png
    Open the MyEtherWallet (MEW) website and click on [Wallet Actions] → [Sign Message].
     
     
    1. Once you have entered the Sign Message page, click on Hardware Wallets and choose Ledger.
     
    15.png
     
    1.  
    16.png
    choose the wallet derivation path "Ethereum-Ledger Live" and click on [Unlock wallet].
     
     
    1. After unlocking the wallet, choose the address you need to sign in the address list, tick to agree to the terms, and click on [Access My Wallet].
    17.png
     
     
    1. Once you have entered the main MyEtherWallet wallet interface, click on [Message] in the left-hand menu bar and choose [Sign Message].
    18.png
     
    1. Once you have entered the signature page, copy and paste the specified text from the HashKey Global address verification page into the "Message" section and click the [Sign] button.
     
    19.png
     
    1. By operating the navigation button on the Ledger Nano S hardware wallet device, the private key corresponding to the address is used to sign the input "message".
     
    1. Once the signature is complete, the signature result will pop up. Copy the contents of the "sig" section (note*) of the "Signed Message" and paste it into the designated area in the HashKey Global address verification page for subsequent address verification operations.
     
    * When copying, you only need to choose the text inside the quotation marks below the word "sig". Take the following screenshot as an example, you only need to put
    1ef75291b26087f4a77e2710c69fe24356c1fdab4480ae341ff85a238172f060173d6cae7f2dbdad0677d0541eb7296b8e5223356e89566de5588640d42502251b
    section and paste it into the designated area of the HashKey Global address verification page.
     
     
     
    Hardware wallet-Trezor (BTC/ETH)
     
    1. Trezor is a hardware wallet, you can use your Trezor personal wallet to sign message with the specified text in the HashKey Global address verification page by referring to the following link.
    https://trezor.io/learn/a/sign-verify
    2. Copy and paste the signature result into the designated area on the HashKey Global address verification page and perform subsequent address verification process.
     
See more
icon