RISK DISCLOSURE

Before performing any crypto exchange you should carefully consider whether such is suitable for you. Bitfi does not provide investment or exchange advice, and will not condone statements representing Bitfi published on third-party platforms, such as Twitter or similar medium, which may persuade an investment or swap decision.

Buying/selling assets with Bitfi 2

We are excited to introduce a secure, end to end solution for buying and selling digital assets. With the rising value of Bitcoin and other prominent cryptocurrencies, security issues are causing elevated anxiety. A ten-fold increase in value also leads to a ten-fold increase in the probability of being targeted by criminals.

Although users have total and infalible protection for assets that are secured by Bitfi 2, major risks and vulnerabilities arise when users need to inevitably move funds to exchanges to either liquidate or acquire additional assets. Exchange risk is greatly underestimated. What is reported in the media are exchange hacks where the exchange itself is the target and loses its reserves. What is almost never reported are the individual account hacks affecting only specific individuals. Due to our work in digital assets security, we encounter stories almost daily about someone experiencing some type of loss.

Worse yet, is that if a user's exchange account gets emptied there is absolutely no recourse and no way to prove that there was a hack. The best that a user can hope for is an appology and often the exchange may even comment that they have no way of verifying whether the account has been emptied due to a hack or if the user has withdrawn the funds and is pretending to have been hacked. If dealing with an unscrupulous/criminal organization, we have even seen cases where the exchange staff themselves empty a user's account and leave the user to believe that the account was hacked. These cases rarely make the headlines but sadly they are occuring at an alarming frequency.

The other risk of using exchanges is that all activity occurs online via a website. This is prone to attack either locally via malware on your computer, in routing of data, and on the exchange web portal itself. The user cannot fully trust the content being displayed. For example, when making a deposit to an exchange the page that is displaying the deposit address could be altered by an attacker and the user can't have absolute certainty that funds being sent are actually going to the exchange.

The integration with the Changelly API for trading assets with your Bitfi 2 hardware is a complete solution to nearly all of the above challenges and eliminates these risks entirely. It is unlike any other hardware wallet integration with an innovative security mechanism that is only possible with Bitfi. The first obvious advantage is that funds are never left on any exchange; during the trade your funds are routed through exchanges for severeal seconds just long enough to complete the trade (Changelly's API routes your trade through an assortment of exchanges after determining where it will get the lowest execution price).

However, the foremost security innovation is that the Bitfi 2 hardware guarantees that you are really sending funds to the Changelly API and that the address specified for payout instructions to Changelly will always reflect addresses your salt & phrase can spend. Therefore the possibility of sending funds to an attacker is eliminated and likewise there is no possibility of the assets you purchased of being sent to any address other than the one you control (either due to an attack or user error).

Other hardware wallets that are integrated with Changelly and other similar APIs do not provide any additional security; there is no meaningful difference between using the hardware wallet for the trade or the Changelly website. This is due to the fact that the address displayed on other hardware is the same as what is displayed by your browser (these devices have no ability to communicate with Changelly) and have no means of checking if you are sending to a valid address or an address that has been substituted by an attacker. Bitfi 2 sends details for swap txn directly to Changelly and validates Changelly’s response. Bitfi 2 will then calculate the necessary payout address so Changelly always gets something calculated by your seed. For example, if swapping USDT for BTC, the Bitfi 2 device will calculate both. USDT because without that calculation you can’t spend, and BTC because if the wallet cannot derive your private key then something other than your hardware is providing the instructions. We believe that this is an important milestone in security that protects users from a common attack vector that results in countless victims.

We strongly encourage users to avoid using exchanges whenever possible due to the myriad risks that are associated with their use. Even savvy investors and traders often underestimate the risks involved in handling digital assets with security breaches being the primary reason for poor portfolio performance as losses greatly exceed appreciating value of underlying assets. Performing trades within your Dashboard using the Changelly engine will provide a complete peace of mind and eliminate anxiety that comes with dealing with custodial exchanges and moving funds out of your custody (except for a few seconds needed to process the trade).

Please stay safe and remain diligent. A rising value of your investmement is meaningless if the asset is lost due to poor security. If you have any questions regarding the Bitfi/Changelly trading API please contact support@bitfi.com.