Why It Is Risky To Leave Your Cryptocurrency In Exchange

A brief look at the history of Bitcoin and cryptocurrencies reveals why is it dangerous to leave your crypto funds in an exchange. Since 2011, over $1.65 billion worth of crypto assets have been stolen, and the numbers are accelerating on a...

Keeping your digital assets in an exchange wallet is comes with added risks, so storing your cryptocurrency there for a long period of time is not a good idea.

Here's why.

Why Cryptocurrency Exchanges Are Unsafe

Risks of Leaving Cryptocurrency in Exchange

A brief look at the history of Bitcoin and cryptocurrencies reveals why it is dangerous to leave your crypto funds in an exchange. Since 2011, over $1.65 billion worth of crypto assets have been stolen, and the numbers are getting bigger every year. According to Hackernoon, that amounts to a jaw-dropping $12.6 billion loss when values are adjusted for inflation.

All time stolen crypto
Source: Hackernoon.

Aside from hacks, the trouble may arise from within the exchange. Any exchange may mismanage, lose, or even participate in fractional reserve banking. You may have heard of a recent QuadrigaCX controversy, whose owner had passed away with all the private keys, allegedly losing access to $190 millions of user funds. Or maybe you've heard about the notorious Mt. Gox exchange, whose founders were oblivious of ongoing hacks that lasted for more than two years while the exchange lost 650,000 BTC.

Exchanges are enticing hacker targets because they have billions of dollars worth of cryptocurrency. Quite frequently it's much more profitable to hack a crypto exchange than a bank vault. It’s like a pot of gold at the end of the rainbow, except instead of a leprechaun they must outsmart security measures of an exchange. As a result, exchanges are incredibly prone to experiencing highly sophisticated cyber attacks.

Consider these facts:

  • Exchanges lose $2.7 million every day on average, and this figure is set to increase in the future.
  • The hacking attacks are becoming increasingly elaborate. It's a highly-rewarding activity; therefore it pays for ever-increasing time and effort spent on plotting hacks.
  • Exchanges are not cybersecurity enterprises. They run financial marketplaces first, and experience has shown they can’t guarantee top-notch security.

With large sums at stake, cryptocurrency hacks, schemes, and elaborate attacks are unlikely to go away. In the words of Moscow based cybersecurity firm Group-IB:

"In 2019, cryptocurrency exchanges will be a new target for the most aggressive hacker groups usually attacking banks. The number of targeted attacks on crypto exchanges will rise."

However, sometimes you can’t help but use one. In that case, it’s better that you use a proven, secure service, rather than an unknown, insecure, or simply irresponsible platform.

How To Recognize A Secure Exchange

There’s no guarantee that you won’t become a victim of another high-profile hack but choosing a reputable and highly secure exchange significantly reduces your chances. The best and most reliable platforms are open about the level of security they provide and give you a plethora of tools to secure your account. Here are the most common security practices to look for when choosing an exchange.

HTTPS. Secure exchanges have a valid HTTPS certificate. Your browser will automatically confirm it by displaying a lock in the address bar. HTTPS is an encrypted version of the HTTP protocol. It prevents capturing and changing data you’re sending to a web server. Every reputable cryptocurrency exchange should have it.

Crypto Exchanges Unsafe HTTPS
For example, you can see that your connection to Cryptonews is secured with HTTPS by looking at the address bar.

Secure password. Good exchanges don’t allow you to set a weak password. A secure password asks you to use a mix of regular and capital letters, symbols, and numbers, thus ensuring that no one can brute force it.

Two-Factor Authentication (2FA). Having your accounts protected by 2FA is critical. Most exchanges offer multiple 2FA methods including software, SMS, and hardware devices. If there is no option to secure your account with 2FA, then the platform is quite insecure. Also, hackers can counterfeit your phone number, so the weakest form of 2FA is SMS authentication. Try to avoid it whenever more secure options are available. The most common practice is to set up two-factor authentication via Google Authenticator. It is a simple, yet safe and effective approach.

Cold Storage. Check if the exchange uses cold storage to store user funds. It is much more difficult to steal funds that are locked offline than those which are held in a hot wallet.

Ability to Whitelist IP & Withdrawal Addresses. See if you can whitelist specific IP addresses for connecting to your exchange account. If enabled, it automatically blocks logins from other locations. Alternatively, some exchanges offer an option to whitelist your withdrawal addresses. If you can do so, the exchange will allow your funds to be withdrawn only to the previously approved addresses.

Other precautions. Exchanges employ many other security tools like multi signatures, suspicious behavior alerts, email encryption, phishing protection, and others. Extra security measures certainly won’t hurt you, and as long as they are well implemented, they make exchanges quite safe temporary storages for your cryptocurrencies.

Funds Insurance. Cryptocurrencies are still wildly unregulated, so most platforms have no obligation to follow FDIC reporting regulations or securities investor protection procedures. Yet, some exchanges take extra precautions and insure their funds from theft. Although that is a great marketing point, most of these insurance policies do not protect individual accounts and apply only to exchange as a whole.

Known platforms that insure their funds are Coinbase and Coinbase Pro, Circle, Gemini, and Xapo.

The Most Secure Crypto Exchanges of 2021

So which exchange should you trust? According to the Icorating’s Exchange Security Report, the top secure cryptocurrency exchanges are:

  1. Kraken (security grade - A)
  2. Cobinhood (A)
  3. Poloniex (A-)
  4. BitMEX (A-)
  5. Bitfinex (A-)
  6. Bitlish (A-)
  7. BitMart (A-)
  8. BtcTurk (A-)
  9. Coinbase Pro (A-)
  10. GOPAX (A-)
  11. HitBTC (A-)
  12. KuCoin (A-)

You can find the full report Exchange Security Report 2.0 here.

Regardless of all the security measures that exchanges employ, it's still foolish to trust them unconditionally. As the history of the exchanges shows, no platform is hackproof, and issues always occur when you expect them the least. Therefore, it’s better to take matters into your hands and fix yourself a private digital wallet. As renown crypto analyst and security entrepreneur Andreas Antonopoulos says:

“Your keys, your Bitcoin. Not your keys, not your Bitcoin.”

Your keys your bitcoin cryptocurrecy safety andreas antonop

So where should you keep your cryptocurrency? Well, there are multiple types of private wallets to choose from.

Continue reading: How To Store Cryptocurrency Safely in 2021