HTX Incident Playbook — Recovery & Response for Account Compromise

Immediate containment checklist

1. From a trusted device, change the account password and rotate any shared secrets.
2. Revoke all active sessions and sign out everywhere.
3. Revoke API keys with withdrawal permissions and generate scoped replacements where required.
4. Disable withdrawals (if the platform provides the option) to limit financial exposure.

Evidence capture & escalation

Capture screenshots, timestamps, and any error messages. Record IP addresses and geolocation information if available. Escalate to HTX support via preverified channels and provide the documented evidence to assist in forensic review. Maintain a chain of custody for any logs or exported evidence.

Recovery and post-incident hardening

After containment, perform a full credential rotation, reissue and test MFA devices, re-audit third-party apps, and conduct a post-incident review to identify root cause and policy or control gaps. Consider transferring high-value balances to cold storage while the environment is being revalidated.

Note: For educational use only — this is not an HTX support page and does not collect personal data.