Why storing on exchanges is popular but risky
For many users, centralized cryptocurrency exchanges are a starting point in the crypto market—quick onboarding, no technical complexities, and access to trading through a convenient interface.
At the same time, newcomers often do not realize that the main feature of this model is the users' lack of private keys. This means that cryptocurrency is effectively stored in the exchange's wallets, which the asset owner does not control.
Users do not manage their assets directly but only gain access to them through the platform's infrastructure. When problems arise—technical failures, attacks, legal claims—access to these funds may be restricted or completely lost.
The most well-known example is the collapse of the FTX exchange in November 2022. The platform, considered one of the largest and most reliable in the market, unexpectedly suspended fund withdrawals and soon filed for bankruptcy. Thousands of users lost access to their assets, with neither technical means to recover them nor legal guarantees for compensation.
Main risks of storing crypto assets on exchanges
Exchanges are a convenient way to store cryptocurrency, especially for active traders. However, behind this comfort lies a number of threats that can lead to total loss of funds.
Hacks and cyberattacks
Centralized exchanges often become targets for hackers due to the large amounts of funds stored in their wallets. Even with modern protection systems—cold storage, multi-factor authentication, activity monitoring—the risk of attacks remains.
For example, on February 21, 2025, the exchange Bybit experienced the largest hack in the history of the crypto market. Hackers, allegedly connected to the Lazarus group, stole about $1.5 billion from the platform's cold wallet. Despite the rapid recovery of reserves and the launch of a reward program for help in returning assets, the incident showed how vulnerable even large market players are.
Bankruptcy or fraud of the exchange
One of the most critical risks is the loss of access to assets in the event of financial problems on the platform itself. Centralized exchanges manage users' funds, and in the absence of proper oversight, they may use them for their own purposes.
An example is the aforementioned collapse of FTX in 2022. The exchange's founder, Sam Bankman-Fried, transferred client funds to the affiliated Alameda Research fund for speculation and financing third-party projects. After the scheme was revealed, the company went bankrupt, and thousands of users lost access to their funds. Later, Bankman-Fried was sentenced to a lengthy prison term for financial crimes.
This case clearly demonstrates that in the event of a centralized platform's bankruptcy, users are left unprotected. Legal processes can last for years, and the chance of full compensation for losses often depends on the platform's jurisdiction.
Regulatory restrictions and blockages
Centralized exchanges must comply with international norms and the laws of the jurisdictions in which they operate, including sanctions and restrictions, especially from organizations like OFAC. Even if the user themselves is not under sanctions, their assets can be frozen simply due to their country of residence or interaction with certain addresses.
In 2024, many Iranian users faced account blocks on international platforms. The reason was suspicions of local exchanges having ties to Iranian state structures. As a result, many clients were unable to withdraw funds, and some exchanges completely ceased servicing users from the region. Such situations can arise suddenly, without notifications and the possibility of appeal.
Technical failures and withdrawal freezes
To ensure instantaneous operations, centralized exchanges use hot wallets and cloud servers. These components are vulnerable to overloads, update errors, software vulnerabilities, and external attacks. When problems arise, platforms often temporarily suspend fund withdrawals.
In 2024, hundreds of Coinbase users were unable to see their balance or withdraw funds. The problem was technical and related to the platform's internal servers, not external attacks.
Although such outages are usually resolved quickly, their occurrence is critical during sharp market fluctuations when active position management and trading are required.
Lack of insurance or compensation
Unlike bank deposits, balances on centralized cryptocurrency exchanges are not covered by government insurance. Even large platforms' compensation funds like Binance SAFU or Coinbase reserves are limited in volume and do not guarantee full coverage of losses in the event of a large-scale incident.
Moreover, such programs often do not cover the actions of the users themselves—such as loss of access to an account, email compromise, or sharing personal data as a result of fraud.
In the absence of an industry-standard insurance and reliable legal regulation, users of centralized platforms remain relatively unprotected. This requires a more careful approach to choosing an exchange and storage methods in general.
Hidden risks that exchanges remain silent about
In addition to the obvious risks that many platforms openly warn about, there are also hidden threats to deposits that rarely make it into public reports. They are directly related to the operational activities of exchanges, so identifying violations is not that easy if the platform refuses to provide data.
Using client funds without notification
Some exchanges may use user deposits to maintain liquidity, internal transfers, or credit operations. Often this happens without the client's explicit consent or is provided for in the rules of use of certain platform services such as 'passive earning' or 'deposits'.
In case of problems on the platform's side—whether bankruptcy, legal disputes, or operational failures—the assets involved in transactions may be the first to be seized or stolen.
Vulnerability of hot wallets
Hot wallets connected to the network 24/7 are a constant risk vector. Even if a large part of the reserves is kept in cold storage, 5-10% remains online to ensure asset withdrawals and liquidity—and these are the targets of attacks more often.
One exploit or phishing attack can lead to massive losses. In recent years, tens of millions of dollars have been stolen through access to hot wallets—often users learned about this only after the fact.
Threats from employees
In May 2025, hackers bribed employees of one of Coinbase's partners to gain access to customer data. As a result, confidential information from tens of thousands of users was stolen, and the perpetrators attempted to extort a $20 million ransom.
Even on large and regulated exchanges, the human factor remains a 'weak link'. Such risks increase when considering the number of partner organizations and contractors responsible for various processes.
Lack of transparency in asset management
As a rule, users do not have access to detailed information about how the exchange manages their funds. Where and in what form are the assets stored? How much is in the hot wallet, and how much in the cold wallet? Are they involved in third-party operations? Answers to these questions are hidden behind marketing generalizations.
The lack of audits and verifiable reports significantly reduces transparency even for reputable exchanges. Most of them publish what is called a Proof-of-Reserve, which reveals only information about the digital assets stored at a specific point in time.
Each of these factors alone is not critical, but together they create a situation in which the user trusts the platform with their savings, without having control or information.
How to minimize risks when using exchanges
If a cryptocurrency exchange remains a priority platform for storing or exchanging digital assets, certain security measures should be observed when using it. This will help reduce losses in the event of a crisis or unforeseen incidents:
Only store trading funds on the exchange. Do not transfer your entire portfolio to the exchange; leave there only the part of the assets you plan to use in the near future. Everything else should be kept in external wallets.
Enable two-factor authentication, anti-phishing codes, and whitelisted addresses. This will significantly complicate unauthorized access to your account even in the event of data breaches, and will help distinguish official messages from fakes, as well as limit fund withdrawals.
Withdraw large sums to hardware wallets. These devices are not connected to the internet and provide the maximum level of security. Even if the exchange is compromised, your assets will remain out of reach.
Check the exchange's reputation and the availability of reports. Use platforms that publish verifiable reserve reports and undergo independent audits. This reduces the risk of sudden liquidity shortages and opaque operations.
No centralized platform provides a complete security guarantee, but adhering to these rules will help minimize vulnerabilities and maintain control over crypto assets regardless of the exchange's level of protection.
Alternative ways to store cryptocurrency
Centralized exchanges are a convenient tool for trading, but when it comes to long-term storage, it is better to use external wallets. Let's examine two key options that allow you to maintain full control over your assets.
Hardware wallets
Hardware wallets like Ledger and Trezor are considered the gold standard for storing digital assets. Private keys remain inside the device and are not transmitted even during transaction signing. This format protects against phishing, hacks, and remote access.
However, this solution is relatively complex and expensive, and losing the mnemonic phrase or the device itself can lead to total loss of assets without the possibility of recovery.
Non-custodial software wallets
Wallets like MetaMask, Rabby, or Trust Wallet allow you to manage cryptocurrency directly—without the involvement of an exchange. The user keeps the keys and signs transactions, which allows for free interaction with DeFi platforms and executing transfers.
Such solutions are cheaper and more convenient than hardware wallets, but they also require adherence to security rules, particularly secure storage of the mnemonic phrase, protection against phishing, and malware.
Exchanges are about convenience. Hardware and non-custodial wallets are about control. Which storage method to choose depends on the user's needs and priorities.
