Security on Nexo: a quick refresher.
14 May 2026, 15:10
Security on Nexo: a quick refresher
A reminder of how security works on Nexo, both what runs in the background and what's available for you to enable.
Running in the background:
π‘ Anti-scam engine. Runs on every withdrawal, analysing transactions in real time and flagging anything suspicious before funds leave the platform. Always on.
π Encryption. AES 256-bit SSL across the platform.
π Audited infrastructure. SOC 2 Type 2, SOC 3, ISO 27001/17/18, CSA STAR Level 1, all renewed annually.
At your disposal:
π 2FA via authenticator app. A second factor on login, also required at sensitive actions (withdrawals, Address Book edits, settings changes). Authenticator apps are stronger than SMS-based 2FA, which is vulnerable to SIM swaps.
βοΈ Anti-phishing code. A personal code in the footer of every legitimate Nexo email. No code, not from us. Set it under Profile, Security & Settings, Anti-phishing code.
π Channel validator. Verify any email, handle, or URL at nexo.com/channel-validator.
π Address whitelisting. Locks withdrawals to pre-saved addresses (up to 500), with a configurable delay before new ones can be used.
Good to know:
Nexo will never ask for your password or 2FA code, request transaction authorisation via chat/email/text, or send a login link via SMS. If anyone does, it isn't us.
Suspicious message? Report them to
Fuller overview: Common security threats and how to mitigate them.