Security on cryptocurrency platforms: are exchanges safe?

Bitcoin has proven it has staying power. It’s been 11 years since it first launched – inspiring thousands of other coins. But there’s one major hurdle that’s stopping these assets from going mainstream: security standards on cryptocurrency platforms. It seems as if there’s a new report of a major cyber attack every week. In some cases, innocent users have had their funds wiped out – and businesses have gone bust.

So: is it safe to store your coins and tokens on a cryptocurrency exchange platform? What are the things you should be looking for when deciding which cryptocurrency website to use? Are there alternative methods for protecting your digital assets? We’ll be answering all of those questions and more in this article.

What is a cryptocurrency exchange?

The primary purpose of these cryptocurrency platforms is to serve as a middleman – paving the way for Bitcoin, Ethereum, Litecoin and other major coins to be bought and sold. While one cryptocurrency website may specialise in supporting consumers who want to exchange fiat currencies such as pounds and dollars, another may focus on delivering access to lesser-known coins and tokens.

There are two main types of exchanges out there. Centralised cryptocurrency platforms are the most common. Just like you trust a bank to keep your money safe, these services often offer digital wallets in which coins and tokens can be deposited. One of the biggest benefits of this is that you will still be able to access your assets even if you forget the password to your account – with other methods of storing crypto, losing a private key or seed phrase can mean your coins are lost for ever.

Alternatively, it is possible to find a cryptocurrency website that is decentralised. Here, coins and tokens are traded directly between everyday users – meaning an exchange has no role in taking custody of the cryptocurrency afterwards. Some in the crypto community believe this approach stays true to the vision that Satoshi Nakamoto set out in his white paper for Bitcoin, where he envisaged electronic cash that “would allow online payments to be sent directly from one party to another without going through a financial institution.”

Fans of decentralised cryptocurrency platforms also argue that they help to protect the anonymity of users, meaning their transactions cannot be monitored. A centralised cryptocurrency website such as Cex.io or Changelly normally enforces Know Your Customer procedures that mean users need to verify their identity before they are able to trade – and even then, they may be subject to spending limits.

Security concerns

As mentioned earlier, security breaches on cryptocurrency exchanges are alarmingly common. One of the biggest incidents – and earliest – involved Mt Gox. In 2014, an estimated 850,000 BTC were stolen in a daring and audacious heist – 750,000 of which belonged to its customers. At current rates, the crypto lost would be worth an eye-watering $837.4m (£647m, €708m). To help understand the scale of this hack, it’s worth remembering that Mt Gox was the world’s market-leading platform at the time – handling 70 per cent of all BTC trades. The funds lost also amounted to 6 per cent of the Bitcoin in circulation at the time, and many victims are still out of pocket. Unsurprisingly, the embattled exchange subsequently went bankrupt.

So… what relevance does a cyber attack that happened six years ago have on the market now? Well, it teaches us a valuable lesson that no platform is too big to fail. Binance, one of the world’s biggest crypto exchanges by market capitalisation, had 7,000 BTC stolen by hackers in May 2019 – thankfully, no customers lost out. Others, such as Bithumb, have been targeted repeatedly to the tune of tens of millions of dollars – reportedly by cybercriminals in North Korea. These incidents just keep on coming, meaning it’s crucial to perform due diligence before you entrust your digital assets with an exchange.

Top tips for ensuring you’re protected when using a centralised platform include selecting one that employs two- or three-factor authentication and enforces withdrawal delays – although this can be inconvenient at times, it can help prevent malicious actors from accessing your funds. You should also investigate how exchanges store the assets in their custody – verifying that they use cold wallets where coins and tokens are kept in an environment away from an internet connection. Hot wallets are necessary for liquidity purposes, but it is increasingly common for exchanges to insure these holdings against theft. Critics argue that this can create an atmosphere of complacency and encourage lax security practices.

What is the best way to store cryptocurrency?

None of this is to say that exchanges shouldn’t be used whatsoever. Crypto assets worth billions of dollars are traded on these platforms every day without incident. It’s just important to understand the security risks, have safeguards in place and exercise due diligence before placing your trust in a company.

There are alternative methods available, each with pros and cons. A desktop wallet is a form of cold storage that isn’t connected to the internet, with private keys only stored on your machine. Although this reduces the risk of your crypto being stolen, it’s imperative to ensure that you shield your computer from malware. Hardware wallets are almost like a USB stick, and they come with reinforced security measures that protect against malware. However, it’s important to keep these devices safe, as you’ll lose your coins for ever if it is misplaced.

Indeed, you could even be old fashioned if you like and write down your private key or seed phrase on a piece of paper – or print it out instead. All you need is a safe place to store it, and to check, double check and triple check that you’ve written down the details correctly.

FURTHER READING: How to choose the best and most secure crypto exchange

FURTHER READING: Navigating the wild west of crypto trading platforms