The FTX collapse took with it 8 billion of customer funds. How can we be sure your crypto is safe on a centralized exchange?
In November, FTX imploded, taking with it billions of dollars in crypto locked up in its custodial wallets. Ever since, crypto traders have been on edge, wondering if — or when — it will happen again.
The criminality at FTX appears to be unprecedented. In January, we discovered Sam Bankman-Fried had instructed FTX co-founder Gary Wang to create a “secret” backdoor so that his trading firm Alameda could borrow $65 billion from users. Trust in centralized exchanges (CEXs) hasn’t been the same since then.
The exchange FUD (fear, uncertainty, doubt) hasn’t just been because of FTX. In the final weeks of the year, Binance kicked off a round of panic with its patchy “proof of reserves” “audit.” (Spoiler: it wasn’t an audit or a true proof of reserves report. It also later emerged that the Big Four accountancy firms refused to audit the exchange.) Since then, the Big Four have distanced themselves from the entire crypto industry.
While the FUD has calmed down since, the question remains: how safe are your funds? Well, there are a lot of things to be concerned about.
Poor Security and Transparency
As we have seen, one of the enduring risks of centralized exchanges is their lack of openness. At times, transparency in centralized exchanges has been like looking through a brick wall. The industry has responded and has placed more of a premium on proof-of-reserves. (Proof of reserves is a way that exchanges verify that the claimed assets are actually there.)
The industry has said that it is not enough. “In the wake of the FTX incident, transparency and security are emerging as key differentiators for exchanges,” says Gracy Chen, Managing Director at Bitget. “Exchanges ought to be committed to guaranteeing the value of their users’ funds, regardless of the market price. Some of the features for customers to look out for in a safe exchange platform are top-notch security and risk management measures that include the separation of hot and cold wallets, multi-signature wallets, zero-trust security architecture, and proof-of-reserves.”
There are multiple sites and third-party tools you can use to help evaluate whether an exchange is right for you. Many analysts will have rankings that you can compare. CoinGecko and CER are two examples, but there are many more. “Not all crypto exchanges are identical,” continues Chen. “The difficulty for customers lies in choosing a secure exchange that they can trust.”
There Is Always a Risk of Exchange Hacks
Since the earliest days of crypto, hackers have been a major concern with centralized exchanges. Mt. Gox, a Tokyo-based exchange launched in 2010, was the first to suffer a major hack. In 2011, the platform lost $8.75 worth of BTC, but it failed to learn its lesson. The exchange was attacked for $615m three years later, becoming one of the largest crypto exploits of all time.
Examples of exchange hacks are numerous. Another Japanese exchange, Coincheck, founded in 2012, was hacked for various coins and tokens worth $534m. At the time, it was the largest cryptocurrency theft to date. Regulators in Japan were quick to mandate additional cybersecurity regulations after the debacle.
“Many crypto exchanges have suffered from hacking that leads to the loss of millions in crypto assets,” says David Kemmerer, co-founder, and CEO at CoinLedger. “The exchanges have a massive target for hackers due to the value held on their platforms. Hackers capitalize on small bugs and weaknesses to infiltrate their systems.”
Non-custodial wallets aren’t immune to hackers either. But, unless you are technically naive and publicize your well-stocked wallet, there is less chance your wallet will be targeted deliberately.
Tech-Savvy Users Have Fewer Reasons To Worry
The level of safety also depends on how technically advanced the user is. One of the benefits of a centralized exchange is that their wallets are relatively easy to use. Non-custodial wallets—where users control their own keys—carry many risks, but they are usually harder to master.
“I think amateurs and beginners are, in fact, safer when using centralized exchanges and not self-custody wallets, as the cases of losing crypto stored in self-custody are extremely common, and they happen due to inappropriate backup techniques,” says Max Sapelov, CTO and Co-founder at CoinLoan. “The main risk of holding your crypto on centralized exchanges is facing an FTX-like scenario where you do not expect it.”
Incidents like FTX are freak events that do not happen often. Although, when a similar event does occur, the likelihood is that you won’t expect it. In the case of FTX, a report by CoinDesk’s Ian Allison precipitated Binance liquidating all FTT from its books. That was the first big sign of trouble.
On November 8, only two days later, FTX stopped withdrawals, and millions of traders’ crypto were trapped. That’s the problem—before you know your crypto is unsafe, it is usually already too late.
“Frankly speaking, you can never be 100% sure your funds are safe on an exchange, taking into consideration all the extremely rough event happening in the industry last year,” continues Sapelov. “Self-custody is safe, but it needs knowledge and self-education… Experienced investors, though, are safe with self-custody in the long term.”