Over the last few years, cryptocurrencies are increasingly being adopted and have rapidly shifted into mainstream discourse. While regulatory clarity remains outstanding in many parts of the world, one of the more unique challenges of digital asset investing relates to custody – how do you securely store your digital assets, and who do you trust more – yourself or a third party like a crypto exchange?
Web3 turns the traditional custody model upside down. Instead of relying on third parties such as banks to look after your digital assets, one of the benefits (and risks) is that you can effectively “become your own bank” by taking custody of your assets yourself.
Many though either choose not to or prefer having their crypto held by an exchange – a Web3 version of a bank. These companies offer a wide variety of services including trading, crypto-backed loans and most commonly, custodial services.
However, purists argue that leaving your crypto on an exchange violates one of the fundamental tenets of crypto:
“Not your keys, not your coins”
In fairness though, having your crypto stored on an exchange certainly has some benefits as many people are more inclined to trust third parties than they do themselves. To each their own. There are pros and cons to self-custody, as there are for leaving one’s crypto on an exchange.
But this isn’t an article on the pros of cons of either approach. Instead it’s intention is to highlight the risks of self-custody for those who elect to go that route.
With that said, let’s dig into the risks of leaving digital assets like Bitcoin or Ethereum on an exchange.
What is a crypto exchange?
A crypto exchange is a regulated platform that allows users to buy and sell cryptocurrencies. They provide an easy way for investors to deposit fiat currency and invest in digital assets. Think of it as an on-ramp and off-ramp from fiat currency into digital assets.
More often than not, exchanges also provide a means of storing the crypto assets on behalf of the user. When the time comes to cash out from crypto to fiat currency, the exchange facilitates the sale and generally holds the cash balance for the user to deposit the proceeds into a chosen bank account. Some of the more sophisticated crypto exchanges provide additional services, such as futures trading, crypto-backed loans, interest accounts and a range of other products.
The ease of use and wide variety of financial services offered by crypto exchanges has resulted in many investors conducting all crypto activities on a single exchange – including custody. However, while crypto exchanges provide a fast and easy option for investors looking to trade crypto, storing crypto in an exchange account does come with some risks that must be considered.
How to store your cryptocurrency
Cryptocurrencies are digital assets– you can’t therefore hide them in your sock drawer or under your mattress — you must store them digitally.
When it comes to storing cryptocurrency, there are two main categories: custodial or non-custodial. Custodial storage solutions rely on trusted third parties, much like a bank, whereas non-custodial is more akin to you being your own bank.
To expand the explanation further, you can think of both custodial and non-custodial storage solutions as a “wallet” for your crypto – this isn’t technically correct but to keep things simple, let’s run with that.
You can then further subdivide wallets into being “hot” or “cold”. “Hot” wallets are connected to the internet and are inherently more vulnerable to security breaches than a “cold” wallet which is offline. Going further:
- Hot wallets are usual software applications on desktop or mobile (as is the case with Exodus or Coinbase), but they can also be browser-based (such as MetaMask).
- Cold wallets are typically hardware portable devices (like a USB stick) and include the likes of Ledger and Trezor.
The vast majority of crypto exchanges are custodial, meaning the user is reliant on the platform to securely store their crypto. For many people, this is convenient and offers a simple user experience, but there are risks involved.
Before going down that road, one other important thing to be aware of is that crypto wallets contain a public key, often called a wallet address, and a private key – best reviewed as your ‘master password’. To draw an analogy, your home address may be public but only you have the keys to the front door – the same applies with crypto wallets.
Going back to the distinction between storage solutions earlier, custodial wallets require you to trust third parties with your crypto’s security since they hold your private keys. A common saying amongst crypto purists is is ‘not your keys, not your coins’, which is technically accurate – if someone else is looking after your private keys, you have an IOU to your crypto, much like you do with your bank.
What are the risks of putting crypto in an exchange?
By keeping crypto on an exchange, users are effectively trusting a third party to keep their assets safe. They’re no longer the sole controller of their assets, the exchange is. If something goes wrong with the exchange, the user’s crypto can be at risk. Put differently, the exchange holds the user’s private keys – “not your keys, not your coins” illustrated.
There have been numerous examples of crypto exchanges being hacked, losing investor tokens or just disappearing altogether throughout crypto’s short history.
Even in the recent months, crypto investors have seen exchanges engage in risky behaviour with their funds, ending in bankruptcy for the business and leaving investors without their assets. Whilst it is possible to mitigate the risks of keeping crypto on exchanges – utilising established, regulated and reputable companies only – there is always a risk (however small) because unlike bank deposits which are insured by the federal government, crypto deposits are not.
Exchanges are a form of centralised finance, and most are private companies. This means that storing cryptocurrency on an exchange requires trust that it will not get hacked, that they will hold the assets securely and that the crypto will always be available for the user to withdraw. In addition, you’re also trust that they will remain solvent and legally compliant. Evidently, the key word here is ‘trust’ – a lot of it is required.
Centralised exchanges provide an easy way to store cryptocurrencies which suits many people who do not wish to custody their own crypto assets. Since there are plenty of stories of people who lost their private keys and therefore access to crypto, some prefer to trust exchanges.
If security is your main concern and you’re comfortable holding your own private keys, best practice is to take your assets off an exchange and store them in a secure hardware wallet. It ultimately comes down to a question of trust – who do you trust more, a regulated and reputable exchange or yourself?
What to look for in a crypto exchange
Due to the explosion in popularity of crypto in recent years, crypto exchanges are now a dime a dozen. While new exchanges appear regularly, a small number have disappeared, leaving their users high and dry.
Finding a credible exchange that provides all necessary services while also maintaining a high level of security requires careful research. However it is well worth the time spent as one’s selection might be the difference between keeping your digital assets safe or losing them forever. Google is your friend.
How to recognise a secure crypto exchange
Choosing a secure crypto exchange can drastically decrease the chances of your funds being lost or stolen. The key is to find an exchange that is reputable or credible, as it is more likely than not to take security seriously. What are you looking for? Trust.
These are some of the most important factors to consider in determining the credibility (and by extension, the security) of an exchange:
- The information regarding the exchange’s security practices is easy to find, clear and comprehensive.
- It has a large number of good reviews on reputable review platforms spanning several years.
- The exchange has a valid HTTPS certificate in the URL address bar (a little lock image).
- It has a legitimate business address and the company is easy to contact.
- It conducts security audits (for example a SOC 2 compliance certificate).
- It prompts best practices when setting up an account – a strong password, 2FA, whitelist withdrawal addresses or whitelist IP address (nice to have).
- It utilises cold storage for the majority of funds.
- It provides a live attestation of reserves.
- It has insurance for user funds.
- It does not have any of the following:
- Questionably high yields for simply depositing;
- Promises of wealth or high returns;
- Poorly laid out website interface; or
- Agents who contact you to sell a trading program or provide investment advice.
If you find an exchange that ticks most of the boxes chances are it is reputable and secure. The more research you do, the better. Read reviews, speak to people in the industry and to stress the point, there isn’t such thing as too much research.
However, it is important to remember that even the largest, most “secure” exchanges have been victims of hacks in the past. These days that is far less of a problem than it was in years gone by but the key thing to remember is that while the risk can be mitigated, it will always be there in some form (even if negligible).
Cryptocurrency exchange facts
As noted previously, exchanges offer convenience and ease of access to buy and sell crypto. They are an important piece of infrastructure for crypto markets as they provide a gateway for crypto investors to trade between crypto and fiat currency. As discussed, storing crypto on an exchange does introduce some risks and utilising other solutions can help ensure the safety of your assets.
As the values of cryptocurrencies have skyrocketed over the past decade, they have become a target for hackers. The prevalence of hacks and malicious attacks has been on the rise. The current value for cryptocurrency stolen from exchanges has exceeded US$12 billion, and these hacking risks remain an issue in 2022.
In the past, numerous exchanges have promised an attractive return for investors who deposit their assets on the exchange. Some were engaged in risky behaviour to generate this yield, using unaudited decentralised protocols. This behaviour ended in tears for many, with the infamous Terra ecosystem collapsing in May 2022.
In addition, many exchanges have failed and have been forced to close due to insolvency. Most exchanges have a clause in their terms of disclosure that states user funds can be used to cover legal fees and costs if required. If an exchange collapses, one’s crypto might not be safe.
This all sounds like doom and gloom but it needn’t be. Critically, reputable exchanges with a solid track record, who properly secure user funds and who don’t engage in risky behaviour are easy enough to find.
Much like any industry there are A-grade businesses with a strong market presence and then there are D-grade companies who are looking to take a slice of the action. It’s usually the lower quality businesses that engage in speculative or risky behaviour to lure new users (more so than the established players). Do your research. Once again, Google is your friend.
What are the risks of a cold wallet?
To highlight an earlier comment, the primary benefit of cold wallets (or cold storage as it is often called) is that they are not connected to the internet. This makes them inherently less vulnerable to a hack or exploit. Put differently, they offer a higher grade of security over mobile or desktop wallets for those wanting to take custody of their own crypto. However, “being your own bank” comes with significant responsibility and necessarily introduces risks.
“With great power comes great responsibility”Spider-Man
What is that risk? Well, part of it is you.
Since you “are the bank”, if things go wrong there is no customer service to call. If you lose your hardware wallet that stores your private keys, that could be a serious problem unless you have backed it up with a seed phrase.
There have been countless instances of people who have accidentally thrown away, destroyed or lost their device without properly backing up their wallet. One of the most egregious examples is a guy who threw away a hard drive with 8,000 Bitcoin. He is now battling with a local council to obtain rights to search the rubbish dump for the proverbial needle in a haystack.
And of course, hardware isn’t infallible. It can break and fail, however if you have properly backed up your wallet with your seed phrase, you should still have access to your crypto.
How to reduce the risk of putting crypto in an exchange – software vs hardware wallets
Non-custodial software and hardware wallets eliminate the need to trust third-parties to securely store one’s crypto. It is important to note that each has its own unique benefits and drawbacks. Both options require users to take responsibility for the safety of their assets – they must ensure they don’t connect to unknown sites or confirm random transactions, and most importantly, they must keep their recovery keys safe and secure.
Hardware wallets not only remove the need for a trusted third party, but they also provide further security by keeping your wallet keys offline. This is done by having your private keys stored on a physical device away from malicious sites. To access your crypto, you will require access to the physical hardware device, but this can be difficult when travelling or if you are away from home.
On the other hand, software wallets store the keys in encrypted form on the local device, allowing users to access their crypto using only their phone or laptop. The downside to this convenience is that since they are connected to the internet, they are inherently more vulnerable to attackers.
For those who wish to be extra cautious, it is recommended to use a hardware wallet. This is not without some technical learnings, but for best practices, it is worth the time spent. Over the years,there have been numerous examples of software wallets being hacked, allowing user funds to be drained without approval.
For additional security, multi-signature access can be used, which essentially requires approval from multiple entities for funds to be accessed. This requires a more sophisticated set-up and is designed to store large quantities of crypto. It does however provide the most significant degree of security when used in conjunction with multiple hardware wallets.
How to reduce custody risk
Returning to an earlier point made, the issue of whether to store one’s crypto on an exchange or yourself (whether hot or cold wallet) comes down to trust – do you trust yourself more than a third party professional?
For many people, the answer quite reasonably is that they prefer to keep their crypto on an exchange. Particularly when the amount relative to one’s net worth is trivial, the convenience and user experience arguably outweighs the benefits of self-custody.
The best way to reduce the custody risk of storing assets on crypto exchanges is to take custody of your assets by using either a software or (ideally) a hardware wallet. If you must store your crypto with a custodial service such as an exchange, you can reduce the risk in many ways:
- Only trust well-established, reputable exchanges.
- Ensure the exchange is legally compliant with your country of residence.
- Keep your account secured with a strong password and use two factor authentication (2FA) through an authenticator app (not SMS).
- Bookmark the legitimate exchange website.
- Do not store substantial quantities of assets with a single entity. Spread risk among 2-3 reputable exchanges.
- If you hear any mention of the exchange having financial difficulty, legal problems or notice anything out of the norm, remove your assets from that exchange immediately.
- Whitelist one of your hardware wallet addresses as the only permitted destination for the withdrawal of your funds. This ensures that even if your account on the exchange is compromised, the hacker cannot send your funds to an unapproved wallet.
- Ensure the exchange uses cold storage for a significant portion of held assets.
- Where possible, favour exchanges that provide a live auditable attestation of reserves to ensure it is financially healthy.
Of course, even after taking all these precautions, you are still ultimately trusting the exchange to safeguard your investment. And that risk will remain as long as the assets are held by the exchange.
Cryptocurrency risks and benefits
Finally, let’s touch briefly on risks and benefits more generally.
Investing in digital assets comes with some risks. Aside from the volatile price action and the risk of the cryptocurrency failing or being proven to be a scam, you also have the unique risk relating to custody. As outlined above, crypto exchanges and custodial crypto wallets are an option for storage but necessarily require trusting a third party. Using non-custodial software or hardware wallets also present their own risks, such as securely storing the wallet’s recovery phrase – however, at least these risks are entirely within the investor’s control.
The benefits that come from digital assets can outweigh the risks if they are mitigated correctly. This emerging asset class provides significant potential upside for investors who can stomach 24/7 volatility. It also unlocks the potential for participation in an entirely new financial system. Some citizens from developing countries in particular are also using cryptocurrencies for transactions and savings, as they increasingly become better stores of value than their native fiat currency.
Digital assets and blockchain technology is unlocking the potential for innovation as programmers from around the world work together on digital products, services and organisations that have never previously existed.
Crypto is arguably paving the way for a new financial paradigm with equal access to all, and despite the risks, there is potential for these digital assets to benefit the world as a whole.