Securing Crypto-Trading or There is No Such Thing as a Safe Exchange
At cryptocurrency trading the user entrusts their funds crypto exchanges and exchangers. Even if cryptocurrency is not long on the exchange, it is still very important for the user to ensure the safety of coins. In general, crypto-exchanges present a monotonous, well-established set of tools, but there are exceptions.
Exchanges and exchangers
Binance (Fig. 1) is one of the key exchanges of the cryptocurrency market (How to Make Money on Cryptocurrency?). The exchange uses a standard set of customer security: hard verification and two-factor authentication (2FA) when registering an account. In addition, the exchange website uses the CryptoCurrency Security Standard (CCSS) to protect accounts.
One of the major crypto exchanges, registered in the United States as Money Services Business, is licensed by the Financial Crimes Enforcement Network (FinCEN). Customers are protected by a level 2 DSS certificate confirming the security of using bank cards. CEX strictly follows KYC/AML security standards, i.e. it prevents the possibility of money laundering. Clients are directly protected by 2FA mechanisms (SMS, Google Authenticator, messengers), SSL certificate, cryptocurrency cold storage wallets.
Unlike many exchanges, the system of tickets, which are attached to individual sections and standardized, works well. The exchange tracks requests on third-party resources, but processing emails and tickets can take up to a week. You can also write directly to [email protected] Exchange representatives also respond to customer inquiries via third-party resources. Processing of tickets and letters in some cases takes 3-4 days, and sometimes a week. Of the pluses - a comprehensive FAQ with detailed instructions, as well as regularly updated blog.
Formally a Russian cryptocurrency exchange (Fig. 2), but the parent company is registered in Estonia, works since 2019 with bitcoin and teaser and rubles and hryvnias. So far it is difficult to judge its security, but two-factor authentication (Google Authenticator) is there.
One of the giants of the crypto industry, but not considered safe. Customers have often found that someone conducted transactions on their accounts, the exchange is known for unstable deposits and withdrawals. Some improvements occurred on the exchange after 2018. Support tickets have been adjusted, which began to answer within 15 minutes at the latest. EXMO representatives work on major crypto resources and monitor customers' criticism.
The exchange has such tools as setting up access to the account from trusted IP-addresses, two-factor authentication, confirmation of withdrawal via email, trading sessions history. This is a bit more than the standard set of crypto exchanges. The exchange informs about the rules of safe behavior of the client, warning that you can protect your account from hacking by setting 2FA on the EXMO registration mail as well. It is recommended to use a complex, unique password, which is recommended to change regularly and not to save it in the browser
A number of very pertinent tips for every crypto-enthusiast is also offered: check the address bar of the crypto-exchange browser, do not provide personal data upon requests in Telegram and other messengers, do not respond to requests to provide access to funds, email, passwords and any details about the account. EXMO provides the following algorithm in case of suspicion of hacking in the user's account or mail: immediately report suspicions to the EXMO support team, indicating the reason for complaint, EXMO exchange username (login), e-mail address where the account is registered, and remind the body of the letter that the hacking of mail is the problem. In the security settings, it is also possible to enable "Trusted IPs", that is IPs from which it will be possible to work on the exchange, - and from any others will not be possible.
The exchange (Fig. 3) is positioned as very secure, e.g., customers' money is stored in a system of hierarchically determined offline wallets (offline), and funds are collected and withdrawn using offline signatures. When transferring funds from wallets, the exchange uses multisignature address schemes, that is, it uses more than one key.
To avoid online tracking and phishing attacks, ByBit's website uses full SSL encryption, which means that all passwords and addresses sent to the exchange are encrypted. To cover the risks associated with the possibility of a shortfall in the settlement of futures contracts, ByBit offers an insurance fund, which is triggered if a trader's position is below the bankruptcy price. Standard two-factor authentication is offered at registration.
Deribit, unlike many exchanges, has never suffered from the actions of hackers, which shows its sufficient protection. According to the crypto-exchange's own data, 95% of users' funds are stored on wallets taken out of the system. A curious feature of the exchange is that it attracts white hackers to check the vulnerability of the exchange, applications, updates and so on. The exchange claims that it constantly and regularly audits and closes junk accounts with insufficient funding. The exchange has a risk control mechanism for derivatives work. Individual security is ensured via an SSL connection, two-factor authentication, a fixed IP address, and session timing.
Coinsbit (Fig. 4) has a sufficiently high level of protection, it has not been hacked, the security certificate was obtained from the company HackControl. The exchange is protected from bots, DDoS-attacks, has a high level of data encryption, users' funds are stored mostly in cold wallets. Nevertheless, on many Internet resources for traders or holders is marked as a scam and questionable activity.
"Tokenized Asset Exchange", Currency. The security of the exchange is based on the GDPR level in the EC. Data is stored on servers in LD4 data center controlled by Equinix, follows the requirements of FATF and the Supervisory Board of the Belarus Hi-Tech Park for Anti-Money Laundering. The exchange supports IP-address filtering, two-factor authentication (2FA), API keys, deposit/withdrawal protection compliant with PCI DSS standards, user data is stored with AES-GCM-256 cryptographic algorithms. The main volume of funds is stored in the cold distributed storage, about 5% of assets are stored in the hot wallets to provide intraday trading. The exchange has also implemented a mechanism to verify blockchain transactions and protect user funds from hacker attacks.
A well-known exchange, is among the most popular. Individual security is provided by two-factor authentication, transactions must be confirmed with a pin code. Among other security features are the regulation of trading session duration, creation of the list of allowed IPs; a unique greeting that cannot be faked in case of phishing; a peculiar verification system; individually configurable email notifications.
Kraken is the oldest crypto exchange and the first to pass a full cryptographic audit, which confirmed its full security. The exchange uses two-factor authentication not only at registration, but also at the beginning of trading. The advantage of the exchange, which increases the level of security of the user (not the exchange and not the regulator) is the possibility not to declassify personal data, at least at once. But the verification is multi-step and complex. However, this exchange is intended for industry professionals, so all its features come from the fact that users are not ordinary enthusiasts.
Binance (Figure 5) is one of the leading players in the cryptocurrency industry. The crypto exchange has an interesting memo for clients, which any crypto-enthusiast would do well to read. In particular, it recommends not to brag about successful transactions, not to tell even about the addresses that were used before, to be careful when mentioning the balance, not to spread information about offline identification, to use encrypted communication channels. Also, the exchange warns that the attackers can be relatives and acquaintances.
Binance supports the need for traders to familiarize themselves with modern methods of fraud. And, of course, strongly recommends using a secure and unique password and 2FA for your account. Users are advised to keep private keys offline and not to keep all money in an exchange account.
In conclusion, users are reminded that security is never absolute and perfect, and it is necessary to improve knowledge and be aware of your potential weaknesses. Interestingly, for all its persuasiveness, verification on the exchange is not required unless large amounts of deposits are to be handled. Ultimately, the crypto exchange is not a paragon of security, in 2019 it was hacked despite all efforts to ensure security.
This is one of the largest, most popular and functional crypto exchanges. It is positioned as an exchange with a high degree of security of traders' funds. However, the verification mechanism is complicated and not fully developed, and technical support is not a leader in responsiveness. In addition, the exchange was hacked and customers who did not pass the two-factor authentication suffered. Now authentication via Google Authenticator is mandatory to ensure the maximum limit on withdrawals. The exchange is laboriously protected from DDOS - you need to confirm often that the client is human.
An exchange that consistently ranks among the various rankings in terms of turnover volume. It is positioned as a very safe exchange, has a rather prestigious NY license under the BitLicense program, which means that the exchange fully complies with KYC and is developing in strict accordance with the norms of regulators. But it also means that no anonymity on the exchange is out of the question. Coinbase assets are insured, which means that theoretically even a successful theft will not necessarily be a tragedy for the victim. When verifying, and sometimes in order to buy and sell, it is necessary to provide identification.
Positioned as "Legendary crypto-assets exchange", it probably means one of the oldest crypto-exchanges. The exchange has a positive reputation, offers a wide range of cryptocurrencies and features. It cannot be called completely safe, there have been security questions about the exchange since its inception. The exchange is broken into, but quickly responds to intrusions, so, users' losses as a result of a hacker attack were compensated. But that was 6 years ago and since then there have been no repeated successful attacks. But two years ago there was a phishing app that was stealing customer data from the exchange, and the app was posted in the public domain. In 2019, there was a massive data breach from the exchange. The crypto exchange offers a standard set of security features, but how secure it is is debatable.
OKEx is one of the key players in the crypto industry. Also, one cannot claim that OKEX crypto exchange is a model of security, just recently, in October, the exchange stopped withdrawal of all assets, with the explanation that one key holder is unavailable and is cooperating with the public security bureau as part of an investigation. What that was, no one understood, but this case well shows that no exchange, even an exchange, which is positioned as "the most reliable exchange" is not such Keep all or even the majority of funds on cryptoexchange is categorically impossible. Only verified users can trade on OKEx, and the level of verification is increasing for the withdrawal of larger amounts. But, in general, the basis is still the same - document verification and Google Authenticator.
An increasingly popular crypto exchange (Fig. 6), about which there is little information. It is known that in summer the exchange was suspected of exoskaming and overstating the real trading volumes, but it did not respond to the suspicions. The crypto exchange offers two-factor authentication and account verification for customer security.
Exchange of two-year age, security is provided by two-factor authentication and mandatory verification for the withdrawal of funds. There is also an opportunity to change the password. Users report problems with two-factor authentication, which works unstable. A plus for security is that the exchange is developed by one team, without the involvement of third-party companies, which increases the level of information security.
Exchange for traders at the intersection of forex, cryptocurrencies and cloud mining. The exchange provides storage of almost 98% funds in cold wallets, hot wallets contain funds for withdrawal. It has protection from DDOS. A plus of the exchange is that the data server has recently been practically rebuilt. Clients are offered two-factor authentication and verification of the account and verification for the withdrawal of funds (trading password).
Despite the fact that Hotbit is already quite famous, many resources warn that the crypto-exchange is questionable in nature. Working with it in this context is at the risk of the user. As for security, there is no verification on the exchange, which on the one hand makes the work of the exchange easier, but on the other hand is a bit alarming. There is a two-factor authentication Google, works on the exchange rather unstable. Directly security of trading on the exchange is provided by GSLB, distributed server clusters, distributed storage and high-speed memory system, and so on.
Existing only one year crypto exchange already occupies the top places in the industry. So far, the exchange has not had time to become famous for something outstanding. Clients are protected on the platform as standard - verification, authentication.
Quite a large crypto exchange, where the client is protected by password, trade password, two-factor identification and Anti-Phishing code. The two-factor password and trading password are needed to withdraw funds from the exchange. Clients are also offered cold wallet storage and multi-signature DKKT. The security architecture is built on multiple clusters and the exchange collaborates with international risk management operator Knownsec, an international high-risk management team.
This is a p2p platform, an exchange in the format of an exchanger, where clients trade with each other, negotiating the terms of purchase/sale. Clients are protected by two-factor authentication, connections are encrypted, and escrow protection against fraud is a feature.
It has been in operation for seven years and can be considered almost an industry veteran. But it is not exactly an exchange, but only a service for buying cryptocurrency. Unlike the vast majority of exchanges, it does not have two-factor authentication, the basis of security - a complex password. On the other hand, it is a justifiable savings, because no money is stored on the platform - clients send it immediately to their addresses.
Extremely simplified format of the crypto-exchange about the sufficient security of which it is difficult to say anything. Some platforms explicitly warn that this exchange is unsafe and a dubious activity in general. Registration on the exchange is very simple, verification is not required, which means that you can trade anonymously on the exchange, someone will be happy about it.
It differs from most modern crypto-exchanges in that it does not practice compulsory KYC procedures, i.e. there is no need to send passport and other documents for verification. But there is two-factor authentication and two wallets - hot and cold, funds are stored in cold wallet, hot wallet is used only for trading. The exchange also maintains a white list of crypto-addresses, which clients fill out.
An exchange operating since 2013, but known much less than much younger crypto-exchanges. The level of security is standard, - Google authentication, KYC-AML standards, impossible transactions without security enhancement, trading password for transactions.
Crypto-marketplace in the format of exchange of cryptocurrencies between people. Protected by 2FA authentication, anti-phishing word, verification of standard complexity.
Decentralized crypto exchange, the basis of security - different passwords, but also offers two-factor and SMS-authentication (need to specify who is currently available SMS-verification). Additionally exchanger represents the password for deposit and withdrawal of funds, anti-phishing code. It should be noted that the exchange does not provide a license from the regulatory authorities, this is not a plus in terms of security.
Bitcoin buying service via bank cards, not the most famous crypto-service. According to the functionality, the service has no hot wallets, only cold ones. The site requires verification, which contradicts the unclear legal status of the service. To call it safe for clients would not be quite right.
Not the most famous cryptoservice, but it has its supporters. Despite the fact that it is a crypto exchange, but the site has the ability to store funds only on cold wallets. Verification at the exchange is not required, but it is necessary if the withdrawal from 1 thousand dollars, you will have to pass it.
Decentralized exchange, which works with the help of artificial intelligence, although it is unknown how exactly the artificial intelligence helps to work, as in general the exchange is usual, with standard functionality. Verification on the exchange is not required, but desirable, if there are plans to carry out large transactions.
A relatively small exchange by modern standards, once one of the largest. Client accounts are protected by SMS verification, or as an alternative - two-factor authentication not only through Google, but also through WeChat, Google. There is also an anti-phishing code and user password for trading operations. Perhaps due to the fact that the exchange is quite old, there are problems with SMS-verification and recorded facts of unauthorized entry into other people's accounts.
This is an exchanger and a cold wallet for storing customer funds, quite popular in Asia at one time. If you intend to trade something other than cryptocurrency, you need to be verified. Clients are protected by two-factor verification. The exchange has a rather weak protection against DDOS and is periodically attacked, but despite that it hasn't been hacked yet, unlike many more advanced exchanges.
The exchange has been operating since 2014, quite popular to this day. BitBay uses end-to-end encrypted SSL connections, fully backed up passwords and data with full encryption. The platform also guarantees the security of user information with full encrypted backups of data and passwords. Client funds are stored in cold wallets and the exchange offers 2F authentication.
The exchange, which has been operating since 2018, while having a real license to conduct financial activities on an international scale. Two-factor authentication and a code for trading operations are used for security. But they can be left out if you plan to trade amounts equivalent to less than two bitcoins. There is protection from bots and DDOS, funds are stored on cold wallets, hot wallets only for trading operations.
Not a single cryptocurrency exchange provides complete security to its clients. Almost all exchanges assure that they use advanced protection methods, but one should not trust these statements, a trader or a holder should be concerned about the safety of their coins. The basics of cryptocurrency security are essentially based on two basic principles - the choice of wallet and vigilance (Cryptocurrency Trading Strategies).
Hot wallets have long been unsuitable for storing cryptocurrencies, as they are very vulnerable to modern hackers. Therefore, funds should be stored only in cold, offline wallets, withdrawing funds from them to hot wallets only just before a trading session. The difficulty with using cold wallets is that you can lose the codeword and password, and this happens regularly. And it means a total loss of funds. That's why you need to write down passwords, but keep them so that no one can see them. As for vigilance, when actively trading on an exchange or having a significant stock of cryptocurrency, there is absolutely no need to spread information about it either offline or online, including among acquaintances. By the way, cryptocurrency insurance has recently been developing. It is offered both by exchanges themselves and by some cryptocurrency exchanges.