8 Commandments for Crypto Exchange Users

While cryptocurrency exchanges offer many security features, they are still vulnerable to hacks, fraud, and other criminal activity. Remember, no online platform can guarantee 100% protection for your funds. Follow these eight key rules to reduce your risks.

Rule #1: Don’t Believe in the Myth of Absolute Exchange Security

Even the largest and most seemingly secure cryptocurrency platforms have fallen victim to hacks or internal misconduct. The reality is that advancements in cybersecurity often parallel advancements in hacking techniques.

The logic is simple: any code that can be written can also be broken. In addition to safeguarding their software and hardware, exchanges must address vulnerabilities caused by human factors, such as information leaks, employee poaching, and social engineering.

Here are some notable examples of major breaches:

1. Mt. Gox (2014): One of the most infamous hacks in crypto history, Mt. Gox lost approximately 850,000 BTC. This incident highlighted the significant vulnerabilities of even the largest exchanges.
2. QuadrigaCX (2019): The Canadian exchange lost access to its cold wallets following the reported death of its CEO, Gerald Cotten. Some speculate Cotten faked his death and stole customer funds, with losses estimated at $200 million.
3. Cryptopia (2019): The New Zealand exchange was hacked, reportedly by internal insiders, after a series of disputes and public scandals among its leadership. Approximately 900,000 users collectively lost $15.6 million. 

Gerald Cotten, founder of QuadrigaCX. Source: independent.co

Rule #2: Be Prepared for an Exchange Collapse 

Instead of asking, “Could it happen?” it’s more prudent to ask, “When will it happen?” This mindset helps you stay prepared for the unexpected and ensures you don’t keep more funds on an exchange than you’re willing to lose.

Consider the 2022 collapse of FTX, once one of the largest cryptocurrency exchanges. Its failure sent shockwaves through the crypto market, leaving countless users unable to access their funds. The fallout didn’t stop there—it triggered a domino effect among FTX’s partners, leading to the collapse of major institutions like Silvergate, Silicon Valley Bank, and Signature Bank.

Sam Bankman-Fried, founder of FTX. Source: Х

Rule #3: Only Store Funds on an Exchange When Necessary

Exchanges are not designed for long-term storage of your assets. Experienced traders recommend using them exclusively for trading and withdrawing your funds immediately after completing transactions. Exchanges know this and often offer enticing incentives to encourage users to keep their assets on the platform.

For long-term investments (holding), always use cold wallets, which provide a significantly higher level of security. 

When choosing an exchange, prioritize platforms that store at least 75% of client funds in cold wallets. However, a closer look at terms and conditions reveals that such “proactive” exchanges are rarer than you might expect.

Remember, users who kept their coins on Mt. Gox or FTX could only envy those who stored their assets in personal wallets, avoiding the catastrophic losses caused by these exchange collapses.

Cold wallets are your best defense against hacks. Source: Medium

Related: Hot Wallets vs Cold Wallets

Rule #4: Pay Attention to Red Flags

Forced password resets, withdrawal delays, unexplained verification requests, or discrepancies in your account balance—these are all potential warning signs of trouble on an exchange. Whether these issues stem from technical glitches or malicious intent, the important thing is not to ignore them. Withdraw your funds immediately while you still can.

If it turns out to be a false alarm, no harm done. But failing to act and losing your hard-earned assets is a much greater risk.

Before QuadrigaCX collapsed, users reported unusual withdrawal delays and unresponsive customer support. In hindsight, these were clear indicators of the problems to come.

Be alert and stay cautious when using exchanges. Source: sscsecurityguardtraining

Rule #5: Verification Doesn’t Guarantee Safety

Registering in reputable jurisdictions, holding licenses, and having public-facing owners do not guarantee the security of your funds. History has shown that even exchanges with these credentials can prove unreliable.

Conversely, some less transparent platforms have demonstrated greater responsibility. For example, in 2017, BTC-E—despite its opaque operations and alleged criminal ties—returned a significant portion of client funds after its servers were seized by U.S. authorities.

However, many users, reassured by the return of their funds (and failing to learn from the experience), quickly migrated to WEX. Promoted as a regulated, transparent successor to BTC-E, WEX ultimately saw its founders vanish, taking users’ funds with them.

Related: The Arrested BTC-e Founder Formally Indicted

Rule #6: Always Enable 2FA

Two-factor authentication (2FA) adds a critical layer of security, making it significantly harder for hackers to access your account, even if they have your password. It’s a fundamental safety measure that should never be overlooked.

Ensure that 2FA is enabled not only on your exchange account but also on the email address linked to it. Your email is a vital part of your security chain—losing access to it could mean losing access to your account entirely. Whether the cause is phishing attacks or data breaches, the result is the same. 

2FA helps prevent these scenarios.

Choose exchanges that support 2FA for enhanced security when trading. Source: NatPay

Rule #7: Don’t Expect Full Refunds After an Exchange Collapse

When an exchange shuts down, scammers are quick to surface, offering “help” to recover lost funds. These scams often promise “guaranteed” refunds in exchange for a fee—an immediate red flag. The truth is, no one can guarantee the recovery of funds after an exchange collapse.

Some scammers also use these schemes to gather personal information, which can later be exploited for criminal purposes.

Never trust promises of guaranteed refunds, and avoid sharing your personal details with unverified individuals or organizations. Be realistic: the likelihood of fully recovering your funds is, unfortunately, very slim.

Mt. Gox users have been waiting years for refunds. Source: Reddit

Rule #8: Be Prepared for AML Procedures

All crypto exchanges are required to comply with AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) regulations. This means exchanges have the authority to monitor transactions to prevent cryptocurrencies from being used for illegal activities.

At any time, you may be asked to verify the legitimacy of your funds. AML departments may request:

• Proof of income (e.g., salary statements, tax returns)
• Bank account statements
• Documentation of cryptocurrency purchases (e.g., receipts, transaction records from other exchanges)
• Evidence of mining operations, such as proof of hardware ownership and electricity bills (if applicable)

Failing to provide these documents can lead to account freezes, especially if you’re handling large transactions or dealing with questionable counterparties.

AML/CFT compliance is a requirement for most crypto platforms. Source: tookitaki

By following these simple guidelines, you can significantly reduce the risks of trading on crypto exchanges. Always remember: funds stored in an exchange wallet are technically under the exchange’s control, not yours. Ultimately, the responsibility for protecting your assets lies with you.Related: 3 Crypto Exchanges That Have Never Been Hacked (2024)