diff --git a/src/main/java/fr/xephi/authme/security/HashUtils.java b/src/main/java/fr/xephi/authme/security/HashUtils.java
index c4fb4edf..946af52b 100644
--- a/src/main/java/fr/xephi/authme/security/HashUtils.java
+++ b/src/main/java/fr/xephi/authme/security/HashUtils.java
@@ -67,6 +67,17 @@ public final class HashUtils {
         }
     }
 
+    /**
+     * Return whether the given hash starts like a BCrypt hash. Checking with this method
+     * beforehand prevents the BcryptService from throwing certain exceptions.
+     *
+     * @param hash The salt to verify
+     * @return True if the salt is valid, false otherwise
+     */
+    public static boolean isValidBcryptHash(String hash) {
+        return hash.length() > 3 && hash.substring(0, 2).equals("$2");
+    }
+
     /**
      * Hash the message with the given algorithm and return the hash in its hexadecimal notation.
      *
diff --git a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT.java b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT.java
index 4a4f92f3..aae6b910 100644
--- a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT.java
@@ -1,6 +1,7 @@
 package fr.xephi.authme.security.crypts;
 
 import fr.xephi.authme.ConsoleLogger;
+import fr.xephi.authme.security.HashUtils;
 import fr.xephi.authme.security.crypts.description.HasSalt;
 import fr.xephi.authme.security.crypts.description.Recommendation;
 import fr.xephi.authme.security.crypts.description.SaltType;
@@ -36,7 +37,7 @@ public class BCRYPT implements EncryptionMethod {
     @Override
     public boolean comparePassword(String password, HashedPassword hash, String name) {
         try {
-            return hash.getHash().length() > 3 && BCryptService.checkpw(password, hash.getHash());
+            return HashUtils.isValidBcryptHash(hash.getHash()) && BCryptService.checkpw(password, hash.getHash());
         } catch (IllegalArgumentException e) {
             ConsoleLogger.warning("Bcrypt checkpw() returned " + StringUtils.formatException(e));
         }
diff --git a/src/main/java/fr/xephi/authme/security/crypts/IPB4.java b/src/main/java/fr/xephi/authme/security/crypts/IPB4.java
index 95a3bfd2..0eede2a2 100644
--- a/src/main/java/fr/xephi/authme/security/crypts/IPB4.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/IPB4.java
@@ -1,6 +1,7 @@
 package fr.xephi.authme.security.crypts;
 
 import fr.xephi.authme.ConsoleLogger;
+import fr.xephi.authme.security.HashUtils;
 import fr.xephi.authme.security.RandomString;
 import fr.xephi.authme.security.crypts.description.HasSalt;
 import fr.xephi.authme.security.crypts.description.Recommendation;
@@ -34,7 +35,7 @@ public class IPB4 implements EncryptionMethod {
     @Override
     public boolean comparePassword(String password, HashedPassword hash, String name) {
         try {
-            return hash.getHash().length() > 3 && BCryptService.checkpw(password, hash.getHash());
+            return HashUtils.isValidBcryptHash(hash.getHash()) && BCryptService.checkpw(password, hash.getHash());
         } catch (IllegalArgumentException e) {
             ConsoleLogger.warning("Bcrypt checkpw() returned " + StringUtils.formatException(e));
         }
diff --git a/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java b/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
index c3487f31..a20ee65a 100644
--- a/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
@@ -1,6 +1,7 @@
 package fr.xephi.authme.security.crypts;
 
 import fr.xephi.authme.ConsoleLogger;
+import fr.xephi.authme.security.HashUtils;
 import fr.xephi.authme.util.StringUtils;
 
 import java.util.regex.Matcher;
@@ -29,7 +30,7 @@ public class XFBCRYPT implements EncryptionMethod {
     @Override
     public boolean comparePassword(String password, HashedPassword hash, String salt) {
         try {
-            return hash.getHash().length() > 3 && BCryptService.checkpw(password, hash.getHash());
+            return HashUtils.isValidBcryptHash(hash.getHash()) && BCryptService.checkpw(password, hash.getHash());
         } catch (IllegalArgumentException e) {
             ConsoleLogger.warning("XfBCrypt checkpw() returned " + StringUtils.formatException(e));
         }
diff --git a/src/test/java/fr/xephi/authme/security/HashUtilsTest.java b/src/test/java/fr/xephi/authme/security/HashUtilsTest.java
index c7ef1ccd..5c1fda22 100644
--- a/src/test/java/fr/xephi/authme/security/HashUtilsTest.java
+++ b/src/test/java/fr/xephi/authme/security/HashUtilsTest.java
@@ -113,4 +113,14 @@ public class HashUtilsTest {
         assertThat(digest.getAlgorithm(), equalTo("MD5"));
     }
 
+    @Test
+    public void shouldCheckForValidBcryptHashStart() {
+        // given / when / then
+        assertThat(HashUtils.isValidBcryptHash(""), equalTo(false));
+        assertThat(HashUtils.isValidBcryptHash("$2afsdaf"), equalTo(true));
+        assertThat(HashUtils.isValidBcryptHash("$2"), equalTo(false));
+        assertThat(HashUtils.isValidBcryptHash("$2aead234adef"), equalTo(true));
+        assertThat(HashUtils.isValidBcryptHash("#2ae5fc78"), equalTo(false));
+    }
+
 }