This week, Russia’s Federal Security Service, the FSB, was linked to the loss of customer funds—worth some $450 million—from the now-shuttered WEX cryptocurrency exchange.
And on November 15, the Shanghai Internet Finance Rectification Agency announced it was cracking down on domestic crypto-exchanges, according to Asia Times.
While exchanges offer good liquidity and security for trading, there are increasing stories of hacks, theft, and exit scams.
Kadan Stadelmann, CTO of Komodo, the project behind decentralized exchange AtomicDEX, told Decrypt the problem runs much deeper: “By its very nature, the centralized exchange model’s biggest problem lies in the immense trust that you have to accept as a user,” he said.
With centralized exchanges, said Stadelmann, users have to trust an exchange’s competence in handling funds, infrastructure, and security systems. Even worse, Stadelmann pointed out how centralized exchanges “can be accessed easily by authorities through court orders and other means of coercion.”
“Not only could users be liable to lose their assets in one fell bureaucratic swoop, but their personal data could come under the ownership of a government with less than ethical objectives...to put it bluntly, in certain places around the world, if you’re using a centralized exchange, you may be putting a massive target on your back,” he said.
In addition, said security researcher Harry Denley, “there is no guarantee the exchange itself is solvent.” Denley pointed to ProofOfKeys day. Every year, on January 3—the date the bitcoin network came into existence and the first block was mined—participants withdraw their funds from exchanges to a wallet they control. The idea: to remind people to consider whether the exchange is solvent, and the maxim: "not your keys; not your bitcoin.”
Of course, “the top reputable exchanges will be transparent and cover losses (usually only those that are a direct consequence of their security policies and not due to individual users being breached),” said Denley.
One option is to use a private wallet. With your own wallet, said Justin Smith, chief technology officer of peer-to-peer protocol SIBEX, “You never have to reveal to anyone else how much money you have on hand, so it's much harder for criminals to target you and for competitors, including exchanges, to take advantage of you. You also have the final say over how and when you move your funds.”
Another safeguard would be to use a decentralized exchange. As Stadelmann said, “In a proper DEX, the users always have full and unfettered control over their private keys and funds.” This, said Stadelmann, makes DEX nodes harder to attack, making them significantly safer.
Whatever you do, Denley reminded us that keeping the majority of your funds with your own keys allows you to “save yourself headaches from exchange breaches”; keep custody and have more pseudo-anonymity; avoid submitting KYC information to get all your funds back, and choose the security policies that protect your funds.