• Forgot password

    Resetting your password is extremely easy on Paxful. First, go to your account security settings or click here. You will then be taken to a few fields you’ll need to fill out:

    • Current password. To be able to change your password, you’ll have to input your old password as proof that it’s really you changing it.
    • Enter a new password. This is the field where you put your new password. Make sure to make this as secure as possible and make sure that no one else knows this password. This is the first line of defence when it comes to the protection of your account and money.
    • Verify the new password. This is to make sure that you’re correctly typing your intended password. 

    If you ever get a message that says “Password reset token is invalid”, try checking your email and check the latest email that was sent by Paxful for password reset. A link should be attached and you can reset your password there.

    “I forgot my password! What do I do?”

    If you’ve forgotten your password, click on the login button on the home page and then click “Forgot your password?” at the bottom right. It will then ask for the email address that’s linked to your Paxful account. Paxful will then send an email with a link attached. That link will lead you to to the screen that will help you reset your password. Note that each link is only valid for 60 minutes and if you requested for a link multiple times, the last link that was sent will be the one that should work.

  • How to enable 2-Factor Google Authenticator on my account?

    Taking a little bit of extra time to enable 2-Factor Authentication (2FA) can mean a big difference in terms of security.


    Although you can also enable 2FA via SMS, we highly recommend using Google Authenticator as it is the most secure option out of the three. SMS is not reliable because of a hacker tactic called “SIM swapping”, where hackers can get a hold of your SMS messages.

    How to enable 2FA using Google Authenticator:

    1. First, download the Google Authenticator app for your phone. (Apple/Android)

    2. Go to your account settings on the security page of your profile.

    3. Under login authenticator, choose Google Authenticator.

    4. After you’ve selected Google Authenticator, you will see a QR code (a square-like pattern).

    You will have to open your mobile app to scan it, then enter the 6-digit number your phone will produce.

    1. Once you’ve entered the 6-digit code, click “Update login 2-factor” and you should be finished with securing your account.

    Congratulations! Remember to use 2FA for login AND bitcoin send outs. Just bring out the app every time you want to login or send bitcoin out. It may be a bit of a hassle, but it goes a long way in terms of the security of your account.

  • Security guide

    Bitcoin, as a technology, is extremely secure but sometimes the way we use it is unsafe.

    Hackers and scammers are always looking to take your bitcoins because once they have them, it’s irreversible. With a few simple precautions, you can keep your account and your money safe.  

    Here are a few ways to secure your account further:

      1. Have a strong password - Only you can create a strong password for your online accounts. When creating a password, use both upper and lore case letters, as well as numbers symbols if you really want to up the ante. Also, use different passwords for different online or social media accounts to keep the hackers off your back. 
      2. Don't use the same password for your email and your Paxful account.
      3. Configure your security questions - Set up questions that only YOU know the answers to. This will prevent people from attempting to enter your account without your knowledge. If you’re a forgetful person, write down the question and answer on a piece of paper and hide it somewhere only YOU can find it.
      4. Enable 2-factor authenticator - Enabling Authy or Google Authenticator is recommended instead of SMS as hackers have a tactic called “SIM swapping” to get a hold of your SMS messages. SMS receiving can also work intermittently in some countries. Authy or Google Authenticator will add an extra layer of protection to your account and will ward off any uninvited guests.
      5. Please hide your Email address that is linked to your Paxful account and never give it to someone you don't know in trades or private chats. Hackers can target your Email box to get access to your account or to your personal information that it can contain.
      6. Enable 2-factor verification to your email account.
      7. Verify your account - Verifying your phone number and email will not only indicate you’re a safe trade partner but verifying your account with further Identity documents will also help you to restore account in case if you will lose access to it.
      8. Never enter your details any phishing site. Avoid using websites that looks like Paxful. Check your address bar https://paxful.com  before enter your account details. HTTPS SSL certificate is important.
      9. Never share the contact information in trade chats - as scammers can try to cheat you in off-site trades, they can try to impersonate you or show that you had traded with them off-escrow.
      10. Don't try to buy Paxful account from someone else, most likely seller is trying to cheat you and get into account after you load coins on it. Furthermore, this is a violation of Paxful Terms of Service and such accounts will be banned.

    What do I do if someone logged into my account without my knowledge? 

    If someone logged into your account without your knowledge, you should receive an email saying that the account was accessed on a different device or location. On that email, there is an option to have the account locked until you can secure it further.

    If you decided to lock your account, you can then contact support to unlock the account. Just explain the situation to the moderator and once the moderator has unlocked your account, remember to follow the tips above to make your account safe from any more hackers.

    So I think it's better to try to prevent your account. We can do some change on our profile and mail in order to prevent our account.

  • What to do if someone logged into my account?

    Unauthorized access is a serious thing, so remember to make sure you have a good password and all the security measures enabled.

    If you think someone has gained access to your account or you suspect that your login details have been compromised, then you must do the following steps immediately before even contacting support. Enabling 2-Factor Authentication is a good way to prevent this from ever happening.

    If someone logged into your account but you still have access to it:

    1. Usually, if someone logs into your account we are sending an email about that if you can't recognize this device you can click on COMPROMISE link in the email. The faster you act, the higher is the chance to save coins.
    2. The first step is to download Google Authenticator or Authy (iPhone/Android).
    3. Turn on 2FA on Paxful here and scan the code with your phone. Remember to turn 2FA on for BOTH login and withdrawal as it will make your transactions more secure. We recommend using Google Authenticator or Authy over SMS 2FA as Google Authenticator is more secure. Just bring up the app and get the code every time you want to login or send bitcoin.
    4. Change your password to something secure (a password that you have NOT USED on other sites or emails). Be sure to remember to make a good password and remember it!
    5. Make sure none of your other settings has been changed such as your email or phone number. If they have been changed, change them back.
    6. Go to your active sessions (Settings -> Security -> Active Sessions) and log out all sessions by clicking on X.
    7. Log out of your account.
    8. Log back in using your new password and 2FA.
    9. Set your security questions and write them somewhere. You’ll need them if you ever lose your phone and need to reset your 2FA.
    10. It is advised that you change passwords to any other accounts you have online as hackers normally gain access by getting into your email or other accounts.
    11. If the support team can trace the hacker and recover any funds, we will contact you. Hackers often cover their actions very well and it is not possible to track them down to reverse bitcoin transactions.

    If you can’t log in to your account:

    1. Contact support and provide your username, email, phone number, and security questions and answers to prove that the account is actually yours. Once it’s verified that you are the account owner, inform support that you need an ACCOUNT LOCKDOWN.
    2. Support will see if there is enough data to prove you are not the hacker (and will try to give you access to your own account).
    3. Once it is verified that you are the victim and rightful account owner, account access will be restored.
    4. As soon as you log in, immediately follow the eleven steps described earlier.

    How did this happen and how can I prevent it from happening again?

    With the bitcoin address and the IP address of the thief, you now have some information, but please be aware, that usually, it is not possible to track them down. Support does not have the resources to assist with a further investigation. Hackers take advantage of the anonymity of bitcoin and utilize VPN.  Due to this, it is nearly impossible to find a trace of your funds, so try your best to make your account as secure as possible.

    To prevent this from happening again, it is recommended that you don’t use the same password across websites and that you have 2FA with Google Authenticator enabled.

    So where did the bitcoins go?

    • Check your account activity to see who logged into your account. Take note of their IP address.
    • Check your wallet ledger to see the bitcoin address they sent your coins to.

    With the bitcoin address and the IP address of the thief, you have some information but it is often impossible to track them down. Support does not have the resources to help you investigate further because hackers often use VPN’s and the anonymity of bitcoin. It is nearly impossible to track them down, so try your best to make your account as secure as possible.

  • How to enable 2-Factor Authy on my account

    Learning how to secure your account further builds an extra wall of protection for your finances and everyone should learn how to do it to prevent their accounts from being hacked.

    Although there is a 2FA option that uses SMS, it is highly recommended that you use Google Authenticator or Authy. SMS may not be the most reliable form of verification as “SIM swapping” is a tactic that some hackers use to get your SMS messages.

    The first step to enabling Authy is to download the Authy app. Next, go into your account settings and click on “security”. Under “Login Authenticator”, click on the button that says Authy. After clicking that, a QR code should appear and all you have to do is to use your mobile app to scan it and then enter the 6 digit number your phone will produce inside the app.