XTB introduces a single-tap emergency lock that freezes all account activity instantly when clients suspect unauthorized access.
XTB introduces a single-tap emergency lock that freezes all account activity instantly when clients suspect unauthorized access.
XTB rolls out an emergency account lock that lets clients freeze all financial activity instantly to prevent unauthorized access.
Key Points:
XTB, the Warsaw-listed investment app, rolled out an emergency lock feature that lets clients freeze all financial activity on their account with a single tap when they suspect unauthorized access.
Activating the lock simultaneously halts trading across all financial instruments, freezes withdrawals from every currency account, and cuts off eWallet transactions entirely. Restoring access requires a password change followed by a facial recognition scan, ensuring the account’s rightful owner — not an attacker who may still hold a device — regains control.
The launch follows months of public pressure over XTB‘s account security practices. A Polish client alleged losing roughly 150,000 zlotys ($38,000) in what appeared to be a sophisticated breach, describing how an attacker executed thousands of rapid trades on low-liquidity securities to drain a portfolio without triggering a direct withdrawal.
The case spread across Polish financial forums and prompted XTB to tighten security protocols and make two-factor authentication mandatory — steps the company took only after the story reached national media.
XTB subsequently pledged to reimburse all clients who suffered losses from cyberattacks, maintaining that the total payout would not materially affect its finances. The company’s own data showed that cybercriminal attacks accounted for just 0.017% of its client base, and that every affected account lacked 2FA at the time of the breach.
A client who notices an unfamiliar login or an unexpected transaction taps a single button, cutting off all trades, withdrawals, and card payments at once. Restoring access then requires both a password reset and a facial scan, which XTB says ensures only the legitimate account holder can unlock the platform.
The lock also covers eWallet transactions — a detail that carries growing weight as XTB pushes beyond CFD trading into multi-currency payments, ATM withdrawals, and broader digital finance services. The higher the volume of financial activity the platform handles, the greater the consequences of a compromised account.
The alleged breach reignited a broader debate about whether optional security measures adequately protect retail investors’ funds. Cybersecurity experts argued that 2FA should be mandatory across platforms, not buried in settings most users never open. At the time, other major brokerages including Robinhood also relied on optional 2FA, pointing to a gap that extended across the industry.
XTB, which holds licenses from the FCA, CySEC, and Poland’s Financial Supervisory Authority, now serves more than 2.1 million clients across 17 global offices. The company has been expanding into new geographies, with Indonesia among its more recent targets as it works toward broader client growth.
Also, visit the Stock Broker Talks website for more insights and Reviews.
Subscribe to our newsletter and be up-to-date with all the recent Stock Broker news releases and updates.
Copyright © 2025 Stock Brokers Talk. All Rights Reserved.
