If you’ve been watching the news for Bitcoin- and cryptocurrency-related stories, you’ve likely heard about the massive heists robbing exchanges of millions—and sometimes hundreds of millions of dollars. Back in January, the well-known crypto exchange Coincheck was victim to a cyber attack, costing its investors more than $530 million in cryptocurrency. That news broke just a month after the popular exchange NiceHash fell prey to a similar $60 million cryptocurrency hack. Crypto exchanges are common platforms for crypto investors, so all these stories beg the question—are crypto exchanges really safe?
The short answer is that they can be, but there are some important security measures you’ll need to take to protect yourself.
How Crypto Exchanges Work
First, let’s go over what crypto exchanges are, and how they operate. Exchanges are websites or apps that allow individual users to exchange traditional currency (like US dollars or Euro) and cryptocurrency. For example, there are:
- Crypto brokers. Crypto brokers have access to cryptocurrency and will sell it to you in exchange for traditional currency. They set their own prices.
- Trading platforms. Trading platforms enable exchanges between buyers and sellers, while the exchange takes a small fee for each transaction.
- Direct trading platforms. Direct trading platforms allow exchanges between individual users, where each user sets their own exchange rate.
- Hybrid platforms. Hybrid platforms offer multiple types of functionality at once.
Most exchanges require you to deposit money first, much like a bank account or a brokerage platform. From there, you can buy or sell currency, and withdraw the money when you want/need to.
Points of Vulnerability
There are several potential security risks when using a crypto exchange, some of which are the same as any online platform or service involving money, and some of which are unique to crypto exchanges:
- Fraud and user exploitation. In some cases, a crypto exchange might be fake or fraudulent, though this is rare. In these cases, the crypto exchange façade is a ruse, intended to swindle consumers out of traditional currency in exchange for nothing.
- Forceful cyberattacks. Crypto exchanges are becoming popular targets for hackers due to the enormous potential payout and the anonymity provided by cryptocurrency, with new attack methods like TrickBot attempting to exploit exchanges specifically. These attacks intentionally try to get past crypto exchange security measures in an effort to steal cryptocurrency.
- In-exchange security holes. Exchanges may also fall victim to exploitation or theft if an internal error makes them vulnerable. For example, an employee who accidentally makes their password public information might have their account compromised, leading to a vulnerability throughout the exchange.
- Device and network attacks. Don’t forget, the devices and networks you’re using to access the crypto exchange are also vulnerable to attacks. Smart devices are notoriously easy to spy on and hack (that is if you haven’t taken the time to improve your security). And if you’re using a public network or an otherwise unsecured one, it becomes easy for cybercriminals to gain access to your account.
- User errors. Your crypto exchange account can also be compromised if you make a mistake with your own security measures. For example, if your password is easy to guess, or if you stay logged in on a public computer, a cybercriminal or opportunist could easily exploit your account for the money.
What to Look for in an Exchange Platform
Some exchanges are going to protect you better than others. So what should you look for in the “ideal” crypto exchange?
Reputation within the community.
Integrate yourself into the crypto community. Forums like Crypto Compare, news sites, and social media are all promising opportunities you can use to be a part of the conversation. Pay attention to which exchanges other people are using and which ones they’re staying away from. Chances are if an exchange has a good reputation, there’s a reason.
What kind of fees does this exchange charge you? This is important to know for managing your own financials, but the exchange platform’s openness and transparency can also tell you a lot about the brand. If it’s hard to find clear information on the site, consider it a red flag.
Available payment methods.
What types of payment methods does the site accept? Most crypto exchanges will take PayPal, credit cards, and most conventional forms of payment. If the exchange in question demands wire transfers only or is suspiciously picky about how you can send payments, it’s a sign to stay away.
Authentication and verification standards.
Look for an exchange with high standards for authentication and verification. A rigorous onboarding process that requires you to verify your identity multiple times is a sign of an exchange with good security. Similarly, high-security measures like two-factor authentication can reduce your risk.
History of operation.
How long has the exchange been running? This isn’t the best way to gauge the reliability of a platform, but in general, newer platforms come with higher risk because they’ve had less time to prove themselves.
Shop around and look at the exchange rates offered by different exchange platforms. While most of the major players will offer similar rates, you may find a better deal somewhere else—or you might find an exchange rate that’s suspiciously lower than market value.
Commitment to security.
Finally, look at the brand and the people running the company. How committed are they to maintaining high levels of security? Do they clearly explain what measures they take to keep their platform secure? Are there new updates on an ongoing basis? Is there a refund policy for users whose crypto funds are stolen?
Other Measures to Protect Yourself
Beyond that, you’ll want to take the following personal security measures to protect yourself (and your account):
Choose a strong password.
Strong passwords are much harder to guess and will make your accounts more secure. Choose sequences of upper-case letters, lower-case letters, numbers, and symbols, and try not to include any decipherable patterns (like common words).
Change that password regularly.
It’s not enough to pick one password and be done with it. If you’re going to use this crypto exchange for months or years in the future, you’ll need to be prepared to change that password regularly.
Avoid going all-in.
It’s a bad idea to go all-in on any one exchange (or any one type of cryptocurrency). Spreading your funds across multiple investments and locations will help you stay even more secure. This is good advice even if you’re using the most secure crypto exchange in the world; cryptocurrency is still a volatile commodity with unpredictable price swings.
Never give your personal information away.
Never give away your username and password for any site, even if it appears that someone from the exchange is asking you. Phishing attempts are still a major cybersecurity concern, and they’re one of the easiest schemes to avoid.
Always use secure, encrypted connections.
Whenever you access your account, make sure you’re using a secure, encrypted connection. Don’t rely on public Wi-Fi hotspots to do your crypto trading.
Crypto exchanges aren’t perfect, but neither is any other online platform. It’s on you to do your research and find a reputable exchange, then commit to best practices in your own life and investments to double down on that protection. Do your due diligence and you won’t be any more at risk using a crypto exchange than a comparable brokerage platform for securities.