KuCoin has launched its second annual Anti-Phishing Month campaign, rolling out a fresh push to strengthen user protection through education, real-time security tools, and incentive-based learning. The initiative comes as May brings several global cybersecurity awareness observances, giving the crypto exchange a timely platform to reinforce one of the most persistent risks facing digital asset users: phishing.
The exchange said the campaign is designed to make security a more active part of the user experience rather than a background feature. In recent years, KuCoin has seen a steady rise in phishing attempts targeting its users. Smishing and email phishing are emerging as the most common attack methods. Together, these forms of fraud account for more than 90% of the incidents the company has tracked. Beyond the immediate financial damage, KuCoin said these attacks can also erode confidence and leave a lasting mark on how users perceive platform safety.
That threat landscape is part of what pushed the company to make anti-phishing efforts a more central part of its broader security strategy. With cybersecurity awareness events such as World Information Security Day, World Password Day, and initiatives supported by the International Telecommunication Union taking place in May, KuCoin is using the moment to encourage stronger self-protection habits across its global user base.
Edwin Wong, Head of Risk Management at KuCoin, said the company sees security as a shared responsibility between the platform and its users. “In today’s threat landscape, relying solely on technical safeguards is no longer sufficient. Effective security requires both strong platform capabilities and informed user behavior,” Wong said. “Through Anti-Phishing Month, we aim to make security a daily habit, something users can understand, engage with, and actively practice, ultimately strengthening long-term trust between the platform and our users.”
Security-as-a-Service
KuCoin describes its approach as “security-as-a-service,” a framework that blends technology, education, and proactive defense mechanisms. At the center of that approach is a phishing detection engine that the company says can identify and block suspicious login attempts and unauthorized withdrawal activity in real time. KuCoin said the system prevents more than 5,000 high-risk access attempts every day, making it the first barrier between malicious actors and user accounts.
The exchange also said it has expanded its alert systems and multi-factor authentication protections across key account actions, including logins, withdrawals, and API binding. These layers are meant to make users aware of potentially risky activity before it can cause harm, while also adding friction that can help stop unauthorized access.
Education remains another major part of the campaign. KuCoin said it regularly publishes security guidance, phishing case studies, and risk-awareness materials through its platform and app. It also uses a built-in Security Score feature to help users measure how well they are protecting their accounts and to encourage them to improve over time. The company believes that raising awareness is just as important as deploying technical defenses, especially in a sector where social engineering remains one of the most effective tactics used by scammers.
The new campaign is being launched through an interactive Learn-to-Earn format, giving users a chance to strengthen their security knowledge while also earning rewards. Participants are encouraged to learn anti-phishing basics, complete a short quiz, and enable additional protection tools such as Anti-Phishing Codes. Those who finish the program will be eligible for exclusive rewards.
KuCoin said the second edition of Anti-Phishing Month marks its first large-scale attempt to combine security education with incentive-driven participation, a model the company hopes will make the campaign more engaging and more effective. By turning security awareness into an active user experience, the exchange is aiming to reach people before they become victims of phishing schemes, rather than responding only after damage has already been done.
Founded in 2017, KuCoin said it now serves more than 40 million users across 200-plus countries and regions. The company continues to position itself as a user-first crypto platform with deep liquidity, broad asset coverage, and a focus on compliance and security. It also pointed to its SOC 2 Type II, ISO/IEC 27001:2022, and ISO/IEC 27701:2019 certifications, along with regulatory milestones such as AUSTRAC registration in Australia and a MiCA license in Europe, as part of its growing global compliance foundation.
With phishing still among the most common entry points for crypto-related fraud, KuCoin’s latest campaign reflects a broader industry shift toward preventative security. Rather than treating user protection as a one-time warning, the exchange is trying to make it a habit, one that begins with awareness and carries through every interaction on the platform.
