Why did I receive an unexpected email to confirm a new device?

If you have received an email to confirm a new device but if this is not due to your own actions, it means that a third party is trying to log in to your account using your login data (and 2FA code). When this is the case, immediately carry out the following steps:

  1. Contact Bitvavo
    Contact the support department of Bitvavo immediately by sending an email to support@bitvavo.com. Name the subject "Urgent". Your request will be prioritized and your account will (temporarily) be blocked as soon as possible.
  2. Change your password
    Change the password of your Bitvavo account. You can do this as follows:
    1. Login to your Bitvavo account.
    2. Click your name at the top right and choose "Settings".
    3. Click "change password".
    4. Enter your current and desired password.

A detailed explanation can be found here.

  1. Enable 2FA (if you did not already have one)
    2FA is an additional security layer, in addition to your credentials, for your Bitvavo account. You can enable Two-Factor authentication as follows:
    1. Login to your Bitvavo account.
    2. Click your name at the top right and choose "Settings".
    3. Go to the heading "Safety settings".
    4. Click the "Enable" button next to "Two-factor authentication".
    5. Enter your password.
    6. Download the Google Authenticator or Authy app.
    7. Scan the QR code with the Google Authenticator or Authy app.
    8. Enter the code displayed.

A detailed explanation can be found here.

  1. Check your IP activity
    You can review from which IP addresses an attempt to log in has been made as follows:
    1. Login to your Bitvavo account.
    2. Click your name at the top right and choose "Logs".
    3. Click the most recent login attempt.
    4. The most relevant IP address is now displayed. If one of the IP addresses does not look familiar, you are strongly advised not to confirm the email regarding the new device.

A detailed explanation can be found here.

  1. Change your password from your e-mail account
    In order to ensure that a third party can not confirm the email concerned, it is strongly recommended to (temporarily) change your password for your email account.


How did we do?