At XTB, we are introducing new standards of security and responsibility in the financial sector. Following the implementation of advanced cybersecurity solutions and the announcement of further technological and educational initiatives, we have decided to provide special protection to investors who have fallen victim to cybercriminals.
The XTB Group’s sustainability is driven by all actions and decisions taken over the years, as well as by our transparent communication. Our parallel development in the areas of society, environment and corporate governance supports the implementation of our ESG Strategy, but also enables us to respond thoughtfully and responsibly to identified needs, opportunities and threats. The safety of our clients is the foundation of trust and an absolute priority for our business. Therefore, in the face of growing threats, we have decided to take further strategic steps to strengthen client trust.
In addition to implementing security measures based on new technologies, collaborating with security experts and conducting an educational campaign, we have decided to compensate investors for all funds lost due to cybercriminals. In the coming weeks, XTB will be contacting clients directly who have filed complaints regarding the loss of funds due to cybercriminals to ensure they receive their full funds back as quickly as possible.
Our strategy is to offer the best investment app for both passive and active investment management. We want our clients to have the confidence that they can safely invest with the XTB app in mind, with long-term goals or an additional retirement fund in mind. Building relationships based on trust is paramount to us, which is why we’ve decided to compensate all our clients who fell victim to cybercriminals. We see this as a valuable lesson for us, individual investors, and the community at large. We believe that the topic of cybersecurity will not only appear in the news as sensational news, but will instead evolve into a long-term educational campaign.
– says Omar Arnaout, CEO of the Management Board of XTB S.A.
According to XTB data, cybercriminal attacks affected only 0.017% of customers, and none of the affected customers had two-factor authentication (2FA) enabled, which provides effective protection against unauthorized account access. XTB has been offering 2FA since 2024. Initially, authentication via SMS was offered, and in July 2025, a second method was added – TOTP (Time-based One-Time Password). This allows users to generate one-time codes in apps like Google Authenticator, Microsoft Authenticator, and Apple Passwords.
To raise awareness of cybersecurity, we are also co-creating the second edition of the Scamming Out campaign with Puls Biznesu and Bankier.pl, educating people on how to recognize financial fraud, how to protect their data, and how to avoid being scammed.
We recognize that the financial industry must be distinguished by the highest standards of security and trust. After all, institutions like XTB are where clients’ money works. Cybersecurity is our priority, and this isn’t just lip service – in 2024, the budget of the Security Department at XTB increased by 48% year-on-year, and we assume that these investments will steadily grow in the coming years.
– adds Omar Arnaout.
In the coming months, we plan to implement further solutions aimed at increasing the security of client funds. These include the ability to immediately log out of all sessions and block accounts via the mobile app, as well as ongoing analysis of investor behavior on the platform. Furthermore, the Security Department at XTB regularly collaborates with the CSIRT team of the Polish Financial Supervision Authority and CERT Polska.
Check out our cybersecurity site HERE.