Keeping your crypto in an exchange wallet comes with added risks, so storing your cryptocurrency there for a long period of time is not a good idea.
A brief look at the history of Bitcoin and cryptocurrencies reveals why it is dangerous to leave your crypto funds in an exchange. Since 2011, over $2 billion worth of crypto assets have been stolen, and the numbers are getting bigger every year.
Aside from hacks, trouble may arise from within the exchange. Any exchange may mismanage, lose, or even participate in fractional reserve banking. You may have heard of a recent QuadrigaCX controversy, whose owner had passed away with all the private keys, allegedly losing access to $190 million of user funds. Or maybe you’ve heard about the notorious Mt. Gox exchange, whose founders were oblivious of ongoing hacks that lasted for more than two years while the exchange lost 650,000 BTC.
Exchanges are enticing hacker targets because they have billions of dollars worth of cryptocurrency. Quite frequently it’s much more profitable to hack a crypto exchange than a bank vault.
Too many people get into Bitcoin without fully understanding the difference between an exchange and a wallet, and the importance of private keys.
Especially during the hype of November 2017, when Bitcoin broke through the $10,000 mark and everyone and their mom was passing around Coinbase referral links, newbies just focused on buying and “getting in”, rather than learning about crypto safety.
Many of them still have those Bitcoins in their Coinbase account to this day (unless they panic sold them by February 2018…) Besides receiving that initial referral link, though, they didn’t receive any education on how to keep their Bitcoins safe.
Here are five “stupid” reasons why not to hold anything in Exchange.
1. Exchanges can get hacked
2. The owner of an exchange can die and take the private keys to his grave
3. Your exchange may delist your coins
4. Your exchange might suddenly ask you to hand over all your personal details
5. It might turn out that your exchange has been working with teams of hackers that sold their users’ data to third parties
This all reads like it unbelievable. But it happened in the past.
The first scenario happened with New Zealand exchange Cryptopia. More than a year in, while the Cryptopia team is diligently working on resolving this, it’s still not clear how many customers lost some or all of their funds. but not only Crryptopia was hacked. Here is short list of hacks:
1. Allinvain – The First Hack 2011
2. Mt. Gox – The Largest Bitcoin Heist
3. Bitfinex 2016
4. Coincheck Hack 2018
5. Bithumb 2018
7. QuadrigaCX 2018
8. Binance 2019
9. QuadrigaCX 2020
10. Coincheck 2020
Some of them return funds from their pocket but mostly all traders lost their funds.
Second is one of the most bizarre stories in crypto history: Gerald Cotten, the owner of Canadian exchange Quadriga, recently died on a trip to India. Customers lost access to their funds because Cotten was the only one, apparently, who knew the password.
That’s not only unprofessional and stupid but also so negligent that it seems almost impossible.
The third is something normal, which happens when it becomes unprofitable for exchanges to carry certain coins because there is simply not enough trading volume.
Fourth is what Poloniex did in the past. Without any prior announcement, they just froze all accounts and forced their customers to fulfill the KYC requirements by verifying their identity and fully registering all their details.
Store on Cryptocurrency Exchange
Investors that require liquidity to capitalize on profitable trading opportunities can choose to keep their money on centralized exchanges like Binance, Huobi, or Bitfinex.
- Access to liquidity
- Simpler custody option compared to personal offline wallets
- Open to exchange credit risk
- Obvious target for hackers
- Little transparency about the security of the exchange
This option is best for investors who demand immediate access to the markets, such as traders, market makers, and people who are not comfortable with self-storage options.
How To Recognize A Secure Exchange
There’s no guarantee that you won’t become a victim of another high-profile hack but choosing a reputable and highly secure exchange significantly reduces your chances. The best and most reliable platforms are open about the level of security they provide and give you a plethora of tools to secure your account. Here are the most common security practices to look for when choosing an exchange.
HTTPS. Secure exchanges have a valid HTTPS certificate. Your browser will automatically confirm it by displaying a lock in the address bar. HTTPS is an encrypted version of the HTTP protocol. It prevents capturing and changing data you’re sending to a web server. Every reputable cryptocurrency exchange should have it.
Secure password. Good exchanges don’t allow you to set a weak password. A secure password asks you to use a mix of regular and capital letters, symbols, and numbers, thus ensuring that no one can brute force it.
Two-Factor Authentication (2FA). Having your accounts protected by 2FA is critical. Most exchanges offer multiple 2FA methods including software, SMS, and hardware devices. If there is no option to secure your account with 2FA, then the platform is quite insecure. Also, hackers can counterfeit your phone number, so the weakest form of 2FA is SMS authentication. Try to avoid it whenever more secure options are available. The most common practice is to set up two-factor authentication via Google Authenticator. It is a simple, yet safe, and effective approach.
Cold Storage. Check if the exchange uses cold storage to store user funds. It is much more difficult to steal funds that are locked offline than those which are held in a hot wallet.
Ability to Whitelist IP & Withdrawal Addresses. See if you can whitelist specific IP addresses for connecting to your exchange account. If enabled, it automatically blocks logins from other locations. Alternatively, some exchanges offer an option to whitelist your withdrawal addresses. If you can do so, the exchange will allow your funds to be withdrawn only to the previously approved addresses.
Other precautions. Exchanges employ many other security tools like multi signatures, suspicious behavior alerts, email encryption, phishing protection, and others. Extra security measures certainly won’t hurt you, and as long as they are well implemented, they make exchanges quite safe temporary storage for your cryptocurrencies.
Funds Insurance. Cryptocurrencies are still wildly unregulated, so most platforms have no obligation to follow FDIC reporting regulations or securities investor protection procedures. Yet, some exchanges take extra precautions and ensure their funds from theft. Although that is a great marketing point, most of these insurance policies do not protect individual accounts and apply only to exchange as a whole.
Option 2: Personal Cold Wallets
Investors can choose to keep their crypto in personal offline wallets, meaning they are not exposed to the risk of exchange hacks. By using paper wallets or hardware wallets, like Trezor or Ledger, investors eliminate the risk of a cyberattack by disconnecting from the internet. Note: hot wallets such as MyEtherWallet are still exposed to cyber attacks.
- Zero exchange credit risk
- No immediate access to liquidity, useless custody option for active traders
- High potential for user error
- Legal restrictions limit many institutions from self custody
This method is best for long term investors or “HODLers”, as they have no need to access the markets to trade on a regular basis. However, the investor must be comfortable storing their own private keys offline.
Not every coin has the option to be stored on a hardware wallet. LanaCoin isn’t supported on any of them. But we are doing everything that it be in a near future.
Another option is a mobile wallet on your phone on your PC, MAC, or paper wallet in your vault.
Regardless of all the security measures that exchanges employ, it’s still foolish to trust them unconditionally. As the history of the exchanges shows, no platform is hackproof, and issues always occur when you expect them the least. Therefore, it’s better to take matters into your hands and fix yourself a private digital wallet. As renown crypto analyst and security entrepreneur Andreas Antonopoulos says:
“Your keys, your Bitcoin. Not your keys, not your Bitcoin.”