The honest answer is: it depends entirely on which exchange you use and how you use it. The safest crypto exchanges that are properly regulated, transparent about reserves, with strong security infrastructure, carry risk that is manageable and comparable to using any financial platform. The worst ones have wiped out billions in user funds, sometimes through hacks, sometimes through outright fraud.
This guide explains exactly what the risks are, how to identify exchanges that take security seriously, and what you should and should not keep on an exchange.
The history you need to know
To understand exchange risk properly, you need to understand what has actually gone wrong in the past.
Mt. Gox (2014) was the world’s largest Bitcoin exchange, handling approximately 70% of all Bitcoin transactions globally at its peak. In February 2014, it halted withdrawals and filed for bankruptcy. It had lost approximately 850,000 Bitcoin worth around $450 million at the time, and billions at today’s prices, to a hack that had been ongoing for years without detection. Most users received nothing back.
BitFinex (2016) was hacked for approximately 120,000 Bitcoin. Unlike Mt. Gox, BitFinex survived. It socialised the losses across all users by reducing balances by 36% and issuing debt tokens that were later repaid. Users were eventually made whole, but the process took years.
FTX (2022) was the most important exchange collapse in crypto history. FTX was not hacked, it was fraudulent. Its CEO Sam Bankman-Fried had been secretly transferring billions of dollars of customer funds to his trading firm Alameda Research to cover losses. When a liquidity crisis hit in November 2022, FTX could not honour withdrawals. An estimated $8 billion in customer funds was lost. Bankman-Fried was convicted of fraud and sentenced to 25 years in prison. FTX was, until its collapse, one of the most prominent and apparently legitimate exchanges in the industry, sponsoring sports arenas and celebrity endorsements.
The FTX collapse fundamentally changed how the industry thinks about exchange safety. The problem was not a hack or a technical failure. It was that a trusted custodian was lying about what it held.
The core risk: you don’t own the keys
When you deposit crypto on a centralised exchange, you give up custody of it. The exchange holds your funds on your behalf. You have an account balance that says you own X amount of Bitcoin, but the Bitcoin itself is in the exchange’s wallets, not yours. You have a claim against the exchange, not direct ownership of the asset.
This is called counterparty risk. If the exchange fails through insolvency, fraud, or a hack it cannot cover and your claim may be worth nothing.
The crypto industry has a phrase for this: “not your keys, not your coins.” If you do not hold the private keys to a wallet, you do not truly own the crypto in it. This is not a theoretical concern. It is what happened to millions of FTX users.
This does not mean you should never use an exchange. It means you should understand exactly what you are exposing yourself to and manage that exposure appropriately.
What separates a safe exchange from a dangerous one
Proof of Reserves (PoR) is now the most important transparency standard in the industry. A PoR audit is a cryptographic verification that an exchange actually holds the assets it claims to hold. That for every Bitcoin it owes to users, there is a real Bitcoin in its wallets. Binance, Bitget, OKX, and others publish monthly Merkle-tree PoR reports. FTX did not have PoR. If it had, the fraud would have been impossible to conceal.
Always check whether an exchange you plan to use publishes regular, independently verified PoR reports. If it does not, treat that as a serious red flag.
Cold storage means the majority of user funds are held in offline wallets that are not connected to the internet. Online (hot) wallets are necessary for operational liquidity, allowing withdrawals to process, but the smaller the hot wallet, the smaller the exposure to hackers. Reputable exchanges hold 90–95% of user funds in cold storage.
Regulatory licensing means an exchange operates under legal obligations in at least one major jurisdiction. Licensed exchanges must meet minimum capital requirements, comply with anti-money laundering laws, and submit to regulatory oversight. They cannot simply disappear with user funds. Exchanges operating without any licence have no legal accountability.
Insurance funds provide a layer of protection if something goes wrong. Binance’s SAFU fund and Bitget’s $300M+ protection fund are designed to cover user losses in exceptional circumstances. These are not guarantees. They may not cover losses at scale, but they are meaningfully better than nothing.
Track record matters. An exchange that has operated for five or more years without a major security incident, fraud allegation, or withdrawal problem has demonstrated operational competence in a way a newer platform has not.
Can exchanges freeze your funds?
Yes, and this happens more often than most users realise. Exchanges can and do restrict or freeze accounts for several reasons:
KYC/AML compliance: If your identity verification is incomplete or if a transaction triggers an anti-money laundering flag, your account may be restricted until the issue is resolved. This is a legal requirement, not optional for regulated exchanges.
Regulatory orders: Governments can order exchanges to freeze accounts associated with sanctioned individuals or entities. This has happened to exchanges operating in multiple jurisdictions simultaneously during geopolitical events.
Withdrawal pauses during stress events: When a major market event causes a surge in withdrawal requests, exchanges sometimes temporarily pause withdrawals to manage liquidity. This happened across several exchanges during the FTX contagion period in November 2022.
Suspected security incidents: If an exchange detects unusual activity on your account, it may freeze it proactively to prevent unauthorised withdrawals.
None of these are reasons to panic, but they are reasons to understand that an exchange balance is not the same as money in your own wallet. Access can be interrupted.
What to keep on an exchange vs what to hold yourself
The practical rule is straightforward: keep on an exchange only what you need for active trading. Move long-term holdings to self-custody.
If you are actively trading, having funds on an exchange makes sense. The convenience of instant execution outweighs the custody risk for funds you plan to move regularly.
If you are holding Bitcoin or Ethereum as a long-term investment of months or years, there is no good reason to leave it on an exchange. Move it to a hardware wallet where you control the private keys. The exchange cannot lose it, freeze it, or go bankrupt with it. Our crypto wallet setup guide explains how to do this step by step.
A reasonable practical split: keep no more than 10–20% of your total crypto holdings on exchanges at any one time, spread across no more than two or three reputable platforms.
How to protect yourself when using an exchange
Enable 2FA with an authenticator app. Not SMS authenticator apps like Google Authenticator or Authy are significantly harder to compromise. SIM swapping attacks, where a hacker convinces your phone carrier to transfer your number make SMS 2FA vulnerable.
Use a unique, strong password. Password reuse across platforms is one of the most common ways accounts get compromised. Use a password manager.
Whitelist withdrawal addresses. Most major exchanges allow you to whitelist specific wallet addresses for withdrawals. Any withdrawal attempt to a non-whitelisted address is blocked. This is one of the most effective protections against account takeover.
Be aware of phishing. Exchange phishing attacks. These are fake emails and websites that mimic legitimate exchanges to steal login credentials and these are extremely common. Always navigate directly to an exchange’s URL, never through email links. Check that the URL is correct before entering credentials.
Check PoR reports. Get into the habit of periodically checking that your exchange publishes current PoR data. A gap in reporting or a sudden decline in reserve coverage is an early warning sign.
For a full step-by-step guide to protecting your crypto — covering 2FA, hardware wallets, phishing, and self-custody:
⟶ Crypto Security Practices: Essential Steps to Protect Your Assets ⟶ How to Choose a Crypto Exchange: A Complete Beginner’s GuideThe regulatory picture in 2026
The regulatory environment for crypto exchanges has improved significantly in the past two years, particularly in the U.S. and EU.
In the EU, MiCA provides a passporting framework requiring exchanges to meet minimum standards for reserves, custody, and consumer protection across all member states. Exchanges that cannot meet MiCA standards are being forced to exit the EU market or obtain licences.
In the U.S., the CLARITY Act moving through the Senate in April 2026 would establish permanent federal classification of crypto assets, reducing the legal ambiguity that has historically made exchange regulation patchy.
Regulation does not make an exchange perfectly safe. FTX was operating in a regulated environment and was audited by licensed firms. But it does raise the floor significantly by requiring transparency, reserve disclosures, and accountability to regulators who can act if something goes wrong.
Frequently asked questions
What is the safest crypto exchange? No exchange is perfectly safe, but the largest, most regulated, and most transparent ones carry substantially lower risk. Exchanges with long operational track records, published Proof of Reserves, cold storage policies, regulatory licences in multiple jurisdictions, and no major fraud history are the benchmark. Our best crypto exchanges for beginners guide compares the top options.
Are crypto exchanges insured like bank accounts? No. Unlike bank deposits, crypto exchange balances are not covered by FDIC insurance or any government guarantee. Some exchanges maintain their own insurance funds for example, Binance’s SAFU, Bitget’s protection fund. But these are voluntary and may not cover losses at scale.
What happened to people who had money on FTX? FTX users lost approximately $8 billion in customer funds. The bankruptcy proceedings have returned some funds to creditors, but the process has taken years and most users received significantly less than they deposited. SBF was convicted and sentenced to 25 years. The case remains the clearest example of why exchange custody risk is real.
Is it safer to use a DEX? For custody risk specifically, yes. A DEX never holds your funds. You retain control of your wallet at all times. But DEXs introduce smart contract risk, require more technical knowledge, and are more susceptible to front-running and price manipulation. They are not objectively safer overall, the risks are just different.
This article is for informational purposes only and does not constitute financial advice.
1 Comment
Pingback: How to Choose a Crypto Exchange: A Complete Beginner’s Guide - Dailycoinradar