Is bitfinex.com legit?
This cryptocurrency exchange appears to be mostly safe, backed by a solid technical infrastructure and strong security headers. However, it raises concerns due to the lack of clear contact information and incomplete legal pages, along with its reliance on non-reversible payment methods common in the crypto space.
Crypto average: 79/100 · based on 25 sites
Checked: April 27, 2026 at 12:24 PM UTC
Is bitfinex.com a scam? Here's what we found.
The site uses modern TLS 1.3 with a valid certificate and enforces HTTPS, along with robust content security and clickjacking protection, passing Google Web Risk checks. However, the mention of non-reversible payment methods and numerous external scripts introduce moderate security considerations.
The domain is well-established, over 13 years old with a clear registrar and reasonable expiry date, indicating a stable and long-term online presence.
The site boasts moderate global traffic and is clear of DNS blacklists. The absence of a Trustpilot profile is a neutral factor; however, the inability to check Web Archive activity prevents a more comprehensive historical review.
While displaying complete branding and social media links, the critical absence of easily discoverable contact information on the homepage hampers the site's transparency regarding user support or inquiries.
A significant concern arises from the partial legal pages, as either a privacy policy or terms of service is missing, which is a fundamental requirement for user protection and regulatory adherence.
The site demonstrates a strong infrastructure foundation with proper DNS resolution, robust email authentication (SPF, DMARC), and a well-configured robots.txt and sitemap. The DNSSEC status is unsigned which is a minor gap, but otherwise the technical setup is sound.
Signals Detected
This site has moderate global traffic
No structured data markup found
Mentions non-reversible payment methods: bitcoin
Excessive number of external scripts — may indicate malicious injection
Domain created 2012-10-11T08:41:11Z (13 years, 8 months ago)
Registered through Name106, Inc.
Expires in 1627 days
DNSSEC status from WHOIS
This business has no Trustpilot presence — not unusual for smaller or newer companies
Valid certificate, expires in 49 days
Certificate issued by Google Trust Services
Connection uses TLS 1.3
Resolves to: 104.16.164.90, 104.16.166.90, 104.16.167.90, 104.16.165.90, 104.16.168.90
Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., aspmx2.googlemail.com., aspmx3.googlemail.com.
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: rick.ns.cloudflare.com., vera.ns.cloudflare.com.
robots.txt has 22 directives and references a sitemap
Site maintains a proper sitemap with 168 indexed pages
Site has custom branding and social media metadata
Site enforces HTTPS via HSTS
Site has Content Security Policy configured
X-Frame-Options: deny
Web server: cloudflare
No threats detected by Google Web Risk
crt.sh returned status 429
Website is live and responding
No obvious contact information found on homepage
Website is missing either privacy policy or terms of service
Website links to one social media platform
Not found on any DNS blacklists
Could not query Wayback Machine
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.