Back to posts

Security

Is my crypto exchange safe?

Things to consider when holding and trading crypto assets on an exchange

Samantha Adams

Mon Nov 21 2022

Right now it’s the question on everyone’s lips but how do you know if your assets are safe on your exchange?

Not your keys, not your crypto

After the collapse of FTX we’re hearing more of the old saying, but what does it really mean? The phrase refers to self-custody; suggesting that a user's crypto holdings are only truly theirs if they hold their own private keys. Generally, exchanges act like a middle man holding wallets and keys for their users. As a society we have accepted this approach and put our trust in exchanges. Users can invest in crypto but don’t have to do too much research, understand the technicalities or manage wallets. Exchanges make interacting with crypto easy and this ease-of-use has boosted crypto adoption into the mainstream.

But this convenience comes at a price, this reliance on the exchange begs the question does the user truly own their assets? Not your keys, not your crypto says no - because at any point that exchange can deny you access to your crypto holdings. This is what has happened in the case of FTX, as soon as they faced liquidity issues they halted withdrawals and users lost access to their crypto.

We should not tar all crypto exchanges with the same brush!

The FTX meltdown has left a lot of trustworthy exchanges mopping up the mess - we’re seeing a lot of very honest responses as they try to undo the damage. There are some rightfully brutal words, posts to confirm policies, regulation and compliance in great detail and what I feel is a pretty heartfelt and powerful statement from Coinbase, simply asking for us to trust them. Coinbase-Trust-Us-Statement

Can we trust crypto exchanges with our assets?

On the whole, yes, but it’s important to DYOR first. Make sure they are compliant and that you understand their values and agree with how they work. Here are some key things to look out for when deciding if an exchange is safe:

  • Regulation and Compliance

    Obviously having a recognised certificate, like FCA approval in the UK proves that the exchange has the stamp of approval but are they equipped long-term? Get a good understanding of their product, are there any technical limitations and is it fit to continue meeting regulatory requirements?

    You could also check out the exchange’s about and team pages to find out about the company itself - do they have a big legal team, employees working within compliance, auditing, risk management? These are the people running security checks, completing audits, looking for suspicious activity - all the things that ensure you are protected, and on a daily basis.

    Do they abide by local and global regulation? You should be able to find their Know Your Customer (KYC) and Anti Money Laundering (AML) policies easily.

  • The Exchange’s Balance Sheet

    Customer assets should always be kept separately from an exchange’s own and never be lent or staked without permission. Also check how the exchange stores customer assets. For security, many will use cold/offline storage for the majority leaving a small proportion stored online to allow users quick access to their funds. It’s likely they’ll use a third party for this and will also be protected by insurance. Coinmarketcap have just introduced a new feature showing exchange reserves. Simply click the icon next to each exchange and you'll be directed to a page showing all of their details. Although this does rely on a third party to keep it up to date, it is a good start.
    CoinMarketCap-Exchange-Reserve-Data

  • A Secure Product Infrastructure

    A good exchange takes security seriously, with solid preventative plans in place as well as a contingency plan just in case anything should go wrong. As a user, immediate things to take note of are 2-Factor Authentication and KYC.

    On a more technical level, their servers will be widely distributed and under constant surveillance, they’ll regularly perform security checks internally as well as inviting external auditors on (probably) an annual basis - think big firms like PwC and Deloitte. Most exchanges will also offer bounty rewards for members of the community who find vulnerabilities.

  • Trustworthy and Experienced Leaders

    Finally, think about who is leading the exchange. If you haven’t heard of them, then you should be able to look them up and find out about them. Most will have some kind of crypto or finance background and should be very knowledgeable on risk and regulation.

Own your crypto!

Still not convinced on the reliability of exchanges? Then take ownership of your crypto and move your funds off exchanges into your own wallets when you aren't actively trading. This reduces risk should there be any issues.

Cold (offline) wallets like Ledger offer high security and are great if you tend to hold your assets, whilst hot wallets like Trust Wallet are more practical for active traders as they're online.

Recap gives users self-custody of their crypto data

At Recap we’re serious about privacy and the app is built with client-side encryption meaning that your account is only accessible by your keys. Unless you choose to share your data, you are the only person who can ever see it.

We believe users should always own their data and take steps to ensure that that's always the case. You keep your Recap encryption keys so you keep your data.

Can a disaster as big as the current FTX meltdown arise from a crypto accounting service? Maybe not - but data breaches are possible and can lead to big issues for individuals.