If you suspect unauthorised activity in BE Custody, stop and escalate immediately.
Do not approve transactions, governance changes, address changes, API activity, or any other request that appears unexpected, suspicious, or inconsistent with your organisation’s internal process.
What may indicate unauthorised activity?
Unauthorised activity may include:
- An approval request you do not recognise
- A transaction request that was not expected
- A destination address you cannot verify
- A transaction amount that does not match the intended instruction
- A request to bypass normal approval or quorum processes
- A governance, role, or permission change you do not recognise
- An API key, webhook, or integration issue that appears unusual
- Login, device, or authentication behaviour that appears suspicious
- A request for passwords, PINs, seed phrases, private keys, API secrets, or other sensitive information
Treat anything unusual or inconsistent with normal process as a potential security concern until it has been reviewed.
What should I do first?
If you suspect unauthorised activity:
- Do not approve the request
- Do not submit any related transaction
- Do not use the affected address, API key, device, or workflow until reviewed
- Follow your organisation’s internal security escalation process
- Contact an appropriate administrator, security contact, or control function
- Contact Bitpanda Enterprise Custody Support through the approved support channel if support is required
If the concern relates to a pending approval request, each approver should independently stop and escalate rather than assuming another approver has already checked it.
What information should I collect?
Where available, collect relevant information such as:
- Your organisation name
- The affected user or users
- The affected wallet or sub-wallet
- The asset and network
- The transaction ID or transaction hash, if available
- The destination address, if relevant
- The type of approval, governance change, or request involved
- The approximate date and time
- Screenshots, if useful
- A short description of why the activity appears suspicious
Do not include passwords, PINs, private keys, seed phrases, API keys, API secrets, access tokens, or other sensitive authentication information in a support request.
What if a transaction has already been approved?
If a transaction has already been approved or submitted, escalate immediately.
Blockchain transactions are generally irreversible once confirmed. Fast escalation may still be important for investigation, internal containment, audit records, and any follow-up control actions.
What if credentials or API keys may be compromised?
If credentials, API keys, access tokens, or approved devices may have been compromised, follow your organisation’s credential compromise process immediately.
This may include internal actions such as disabling access, rotating API credentials, reviewing recent activity, removing affected users or devices, and checking recent approvals or transactions.
Contact Bitpanda Enterprise Custody Support through the approved support channel if support is required.
What should I avoid?
Do not:
- Approve the request to “complete quorum”
- Rely only on informal confirmation from an unverified channel
- Share credentials or secrets with anyone
- Attempt to reverse or correct the issue through unauthorised actions
- Ignore the request because another user has already approved it
- Continue using an affected device, API key, or workflow before review