
Guides
5
min read
At Firefish, we’re committed to empowering Bitcoin holders, investors, and institutions with a secure, trust-minimized lending marketplace. Our platform leverages Bitcoin’s native security — and builds on it with on-chain escrow and multi-signature contracts to prevent rehypothecation and keep your assets safe.
But security isn’t static and goes beyond the tech. It’s also staying vigilant, particularly so given the instances of growth phishing scams and impersonators in the space. In this blog, we’re sharing our top security practices to help you protect your funds and peace of mind.
Remember, scamming attacks are getting sophisticated, and there will never be a fool-proof defence to security. So, it's important you stay informed and vigilant.
Whether you’re borrowing against your BTC or lending fiat, these tips are your first line of defense.
1. Firefish will NEVER ask for these — and neither should anyone else
Let’s set the record straight: In no instance will any member of the Firefish team ask you for your
private keys,
seed phrases, or
sensitive personal details via email, Discord, or any other channel.
If someone claiming to be us requests this info, it’s a red flag. 🔴
Scammers often impersonate our team, and we ask you to stay vigilant.
Remember, if you're in any doubt, email us at hello@firefish.io and we'll get to the bottom of it.
Please stick to our official channels of communication:
Email: hello@firefish.io
Website: https://firefish.io/
2. Lock it down with strong passwords and 2FA
Your Firefish account is your gateway to Bitcoin-backed lending and investing. Keep it safe.
Here are some suggestions:
Use a strong, unique password (think long, random, and nothing you’ve used elsewhere).
Enable two-factor authentication (2FA) in your account settings. It’s a simple step that adds a powerful layer of protection, ensuring that even if someone guesses your password, they’re locked out without your second factor.

💡 Tip: avoid SMS-based 2FA if possible. Opt for an authenticator app for extra security.
3. Top up collateral (like a pro)
If this year is anything to go by, market volatility is part of the Bitcoin game. But it doesn’t have to catch you off guard.
If you’re borrowing against your BTC, keep an eye on your collateral’s value. A significant dip in the price of Bitcoin could trigger a liquidation risk, but you can stay ahead by topping up your collateral when needed. It’s a proactive move that keeps your loan secure and your Bitcoin safe.
Here's a video on this:
💡 Tip: On Firefish, our Collateral Health Indicator (CHI) is a metric used to assess the sufficiency of collateral securing a loan. A CHI of 100% signifies a fully healthy status, indicating that you have sufficient collateral. However, as the CHI approaches 0, it's advisable to consider adding more collateral to avoid potential liquidation. When the CHI reaches 0, the collateral is subject to liquidation.
4. Send Bitcoin only through the Firefish Browser App
Only send Bitcoin using the Firefish Browser App on firefish.io.

Remember, we will never ask you to send BTC via email or any other method. If you receive such a request, it’s a scam. Always verify you’re interacting with our legitimate app to keep your funds safe.
5. Don't trust. Verify…..Verify, Verify
We can't stress this enough.
It's important to note here:
Scammers love to spoof websites and emails. Before you click or log in, double-check you’re on the real firefish.io.
Official emails from us come from addresses like hello@firefish.io. Anything else is suspect.
On Discord, beware of impostors mimicking our team. If in doubt, reach out via the platform’s chatbot or by email at hello@firefish.io.
A quick verification can save you from a costly mistake.
6. Never share your seed phrase
We may be repeating ourselves from the first point in this article. But that's just how crucial this is.
Your Bitcoin seed phrase is the key to your wallet. It falls into the wrong hands, and your Bitcoin is gone forever. So, treat it with a lot of care. Firefish doesn’t need it, and neither does anyone legitimate.
If someone asks for it, they’re trying to steal your funds. Store it offline and keep it private.
💡 Tip: This isn’t just a Firefish rule. It’s Bitcoin 101.
7. Stay vigilant on socials and beyond
Our community on Discord and social platforms are amazing, but scammers lurk there too. They might slide into your DMs pretending to be Firefish support or offering “deals”. Don’t fall for it.
Official support or communication only through hello@firefish.io. If you see suspicious activity, like a cloned profile or shady link, let us know so we can deal with it.
Why this matters (now, more than ever)
FYI. All of the points listed above have always mattered.
However, we are growing fast. While this is a win for the space of Bitcoin-backed lending, it also puts us on scammers’ radar.
By following these best practices, you’re not just protecting yourself — you’re helping us keep the ecosystem safe for everyone.
Have other security tips or risks you’ve spotted? Drop us a line at hello@firefish.io. We’d love to hear from you.