Your security checklist: practical steps for Hercle clients
A quick-reference guide | Hercle VASP — Crypto & FIAT Transfer, Custody and Administration
This checklist consolidates the most important security practices for clients using Hercle's crypto custody, fiat transfer, and asset administration services. Keep it accessible and review it regularly.
Before any transfer or transaction
Confirm the request originated through official Hercle channels — not an unsolicited call or message.
Verify the destination wallet address character by character. Never rely on copy-paste alone.
If someone is asking you to act urgently, stop. Verify independently before proceeding.
If a call or message claims to be from Hercle, hang up and call back using a number you sourced independently.
Remember: Hercle will never ask you to transfer funds to a 'safe account' or third party without a documented instruction you initiated.
Protecting your accounts and credentials
Use a unique, strong password for every platform. Do not reuse credentials.
Enable multi-factor authentication wherever possible.
Never share passwords, PINs, security codes, seed phrases, or private keys with anyone — including Hercle staff.
If you believe your credentials have been compromised, change them immediately across all platforms.
Keep your device software and antivirus up to date.
Identifying suspicious contact
Legitimate Hercle contact | Likely fraudulent contact |
|---|---|
Initiated by you through verified portal or known contact | Unsolicited call, email, or message requesting action |
Never requests passwords, PINs, or credentials | Asks for passwords, seed phrases, or security codes |
No urgency or pressure to transfer funds immediately | Creates urgency; threatens consequences if you delay |
Never requests remote access to your device | Asks you to install software or share your screen |
Uses verified, official contact details and domains | Uses slightly different URLs, email domains, or phone numbers |
If you think you have been targeted
Stop immediately. Do not send further funds or share more information.
End contact with the suspected fraudster and block them.
Contact Hercle via your verified relationship manager or official portal.
Change all passwords — not just the one that may have been compromised.
If crypto assets are at risk, move remaining funds to a new secure wallet and revoke any suspicious smart contract permissions.
Report to the police and your national financial authority.
⚠️ Be alert to recovery scams: anyone contacting you to 'recover lost funds' for a fee is almost certainly a further scam.
Hercle security note
Hercle's security team monitors for anomalous activity across client accounts. If we detect anything unusual, we will contact you exclusively through your pre-registered communication channels — we will never ask you to act on unsolicited instructions.
Your security is a shared responsibility: Hercle provides the infrastructure; these practices help you hold the line on your side.
Useful verification resources
ESMA register for EU-authorised crypto providers: shorturl.at/zZwVI
IOSCO I-SCAN list of flagged entities: iosco.org/i-scan
Your national financial supervisory authority website for warnings and blacklists
Joint ESA warning on crypto-asset risks: link.europa.eu/hcFpGj
Still have questions? Contact our team through the official Hercle portal or reach out to your relationship manager directly. You can also contact us at matteo@hercle.com or risk@hercle.com.