The effectiveness of security measures employed by a crypto exchange are useless if the operations are under the control of a dubious CEO.
So, you’ve deposited some cryptocurrency onto an exchange. You expect that these funds will be held in your name as a liability, with safeguards in place to make sure that you can withdraw them when you wish.
However, this is not necessarily the case.
Sitting down with Magazine, Simon Dixon, CEO of global online investment platform BnkToTheFuture, warns that the murky lines between regulations in the crypto industry mean that customers must be extremely cautious about where they stash their crypto.
[The cryptocurrency industry] was created by businesses that want to build financial institutions, and robust financial history has shown that if you leave them to their own devices, they won’t respect client money.”
Take FTX for example. Dixon notes that former FTX CEO Sam Bankman-Fried allegedly treated customer funds as if they were his own, tipping billions into Alameda Research.
“FTX would use those assets for their sister company hedge fund and then find themselves in a position where the hedge fund had lost all of their money,” Dixon says, emphasizing that this led to there being no assets for clients to withdraw.
Dixon has invested more than $1 billion in “over 100” different crypto companies, including Kraken and Ripple Labs. One of the projects BnkToTheFuture raised money for turned out to be one of the biggest crypto disasters in recent times: bankrupt crypto lending platform Celsius.
Before its collapse in July 2022, Celsius was allegedly using money from new customers to pay off attractive yields promised to other existing customers. He says Celsius caught investors and customers off guard by treating their client money “as if it were their own.”
Crypto opponents like United States Representative Brad Sherman characterized this behavior as endemic to the cryptocurrency ecosystem:
So, what are all the other crypto exchanges actually doing with your money? Even if they’re not outright frauds, can you trust exchanges to safeguard your funds?
There are hundreds of crypto exchanges across the globe, spanning from more trustworthy to outright fraudulent.
Crypto market tracker CoinMarketCap tracks 227 of these exchanges, which among them have an approximate 24-hour trading volume in July of around $181 billion (if you ignore accusations of rampant wash trading).
Adrian Przelozny, CEO of Australian crypto exchange Independent Reserve, tells Magazine that consumers should “always be mindful” of the distinction between the business model of an exchange versus a broker.
An exchange usually keeps its customers’ assets directly in its own storage. This means they can’t really use those assets to make extra profit for themselves. Przelozny explains that Independent Reserve has enough liquidity on the platform so that when you place an order on the exchange “you are trading against another customer.”
On the flip side, brokers may entail counterparty risks to other exchanges by holding customers’ crypto assets on the exchange to earn some extra money.
This helps the broker rake in more funds, but it also puts the customer at risk. Przelozny emphasizes that brokers cannot earn a return using clients’ assets without taking a risk.
He warns that with a brokerage-type business model, when you place an order, that platform has to essentially run off in the background to acquire the asset you want.
The platform has to get the liquidity from another exchange, so they place the order on behalf of the customer and then that customer is actually exposed to counterparty risk.”
A counterparty risk is when there is a chance that another party involved in a contract might not hold up their end of the deal. It gets riskier when a broker keeps customer funds or assets on another exchange because if that exchange goes bust, the customer assets could go down the drain as well.
It’s a word that would probably send shivers down the spines of the executives at Australian-based crypto broker Digital Surge, which found itself in hot water right after FTX went down.
The Australia-based broker went into administration after it had transferred $23.4 million worth of its assets to FTX, just two weeks before the whole collapse happened in November 2022.
Digital Surge managed to pull off a lucky escape with a bailout plan; however, it did involve directors Daniel Rutter and Josh Lehman personally chucking $1 million into the mix.
Crypto lender BlockFi and crypto exchange Genesis weren’t so lucky: Both ended up filing for Chapter 11 bankruptcy due to being exposed to the FTX mess.
So, while an exchange has fewer avenues to generate profits compared to a broker, it prioritizes the safety of funds.
Dixon explains that if a crypto broker is storing client assets on another exchange, such as Binance, for example, the broker should be transparent with the client that “if anything were to go wrong” with Binance, the assets would be hard to retrieve.
In the case of the crypto exchange side of BnkToTheFuture, Dixon makes it clear that as a “registered virtual asset service provider,” it has to have disaster recovery, and all clients’ assets need to be distributable at all times, even if the parent company “goes down.”
“We actually can’t use [client assets] in any way shape or form as per our [securities] registration,” Dixon says.
He explains that a securities registration holds an exchange to a higher standard, as it sets policies in place that need to be tested against them regularly.
A securities registration basically requires an exchange to hold those assets and maintain comprehensive records verifying the customer as the real owner of those assets, as well as the exchange being subject to regulatory inspections.
Coinbase’s and Binance’s recent legal troubles with the United States Securities and Exchange Commission stem from allegations of operating as unlicensed securities exchanges, meaning both weren’t held to the recordkeeping and safeguard requirements that a license would mandate.
What happens after I deposit funds into a crypto exchange?
So, what actually happens when you deposit $50 or $50,000 into an exchange and buy some crypto?
In the exchange model, where users trade directly with one another, it’s like a one-on-one deal. When your digital asset order is executed, your money goes straight to the person you’re buying from. The assets stay within the exchange throughout the whole transaction.
When it comes to a brokerage-type model, you’re buying the asset from the broker directly.
So, the money goes into the broker’s trust account first. Then, the broker takes that money and uses it to acquire the assets you want. Essentially, they’re playing matchmaker between your money and assets. The asset is then generally held on another exchange.
Regardless of whether your assets are hanging out on the exchange where you bought them, or with a counterparty linked to the broker you used, they will call home either a hot wallet or a cold wallet.
Hugh Brooks, director of security operations at crypto audit firm CertiK, explains to Magazine that most major exchanges “store customer assets in a combination of hot and cold wallets.”
A hot wallet is a cryptocurrency wallet that is connected to the internet and allows for quick transactions. On the other hand, a cold wallet is stored offline, is secure and keeps your crypto safe from hackers.
While having 100% of customer assets in a cold wallet would be ideal for safety reasons, it is not feasible for liquidity reasons. Brooks says:
While hot wallets provide convenience in terms of easy and fast transactions, they are also more susceptible to potential security threats, such as hacking due to their internet connection. Hence, exchanges usually keep only a fraction of their total assets in hot wallets to facilitate daily trading volume.”
Przelozny says that, in the case of Independent Reserve, “98% is held offline in a cold storage vault” managed by the exchange, and the rest is in a “hot wallet in the exchange.”
James Elia, general manager of exchange CoinJar, tells Magazine that his exchange similarly keeps the “vast majority” of assets in cold storage “or private multisig wallets” and maintains full currency reserves at all times.
He says that CoinJar uses a mix of “multisig cold and hot wallets through BitGo and Fireblocks to store customer funds.”
Crypto.com is unusual in that it offers customers both a custodial and noncustodial option.
“The Crypto.com DeFi Wallet is a noncustodial option,” a spokesman says in comments to Magazine. This means its customers have full control of their private keys. Meanwhile, the Crypto.com App is a digital currency brokerage “that acts as a custodian” and stores cryptocurrencies for customers. The spokesperson says that its crypto assets are “safely held in institutional grade reserve accounts and are fully backed 1:1.”
Further solutions
However, relying solely on accounts that claim to be secure is no longer sufficient in the unpredictable world of crypto.
In line with many other major crypto exchanges, such as Binance, Gemini, Coinbase, Bittrex, Independent Reserve, CoinJar and Kraken, Crypto.com has also adopted a self-custody infrastructure platform called Fireblocks.
Fireblocks focuses on ensuring the exchange securely stores and manages customers’ digital assets in an advanced and secure way. The firm utilizes multi-party technology computation (MPC technology), which is similar to a multisig wallet and is never held or created in a single place.
While the infrastructure custody platform doesn’t hold any assets itself, which remain on the exchange, it can incorporate features such as multisignature authentication and encryption into the exchange. This is done to minimize the risk of fraud, misuse of funds and malicious attacks.
It also makes it a lot harder for a sneaky employee to authorize a dodgy transaction or, even worse, drain customer assets out of the exchange.
Shane Verner, director of sales for Australia and New Zealand for Fireblocks, tells Magazine that initially, Fireblocks will shard the exchange’s crypto wallet private keys into three parts.
Read also
Sell or hodl? How to prepare for the end of the bull run, Part 2
Is Ethereum left and Bitcoin right?
A wallet’s private key is similar to a password or a PIN and is a combination of letters and numbers serving as the sole requirement to sign transactions and manage digital assets.
On the other hand, a wallet’s public key is the address you give for people to send you crypto, like a bank BSB and account number.
One shard of the private key is given to the exchange, while Fireblocks safeguards the other two shards in encrypted hardware in geographically discrete data centers. Essentially, it involves splitting the secret code into three pieces and hiding each piece in a different spot.
Every large transaction on a crypto exchange integrated then requires the three shards to come together to approve the transaction.
The three shards only unite when the exchange fulfills the obligations set out by Fireblocks for the transaction approval process. Verner says this is the “most critical” part of the integration.
Dixon says this manages risk in a “much better way,” as Fireblocks allows exchanges to “write rules into transactions.”
An example of these rules is the exchange setting a required number of employees to sign off on transactions. This can be modified as the customer list grows.
For example, let’s say the exchange used to allow three employees to sign off on transactions of $10,000 and above but then decide that isn’t enough, and they increase the requirement to five employees. The number of employees required to approve a particular transaction depends on the size of the transaction.
Within exchanges, there are then employees assigned with the task of manually approving large transactions. Verner explains that the number of employees in the various “quorums” increases in proportion to the size of the transaction.
“They all register their face ID on their mobile phone. They all put in their authorization code as well. So, it’s two-factor, and everything gets approved,” Verner says.
“Then that goes into the Fireblocks infrastructure, where our two shards have been told that they can come together and authorize the transaction,” he further explains.
While pointing out that every exchange is different, he says that small transactions up to a certain amount of money can automatically go through and do not require human approval.
“It’s entirely at the discretion of the exchange in question, but it’s critical,” says Verner, adding, “They might say every transaction between $100 and $1,000 is automatic.”
The limits imposed by exchanges vary depending on their specific demographic. Exchanges catered to retail investors are going to have lower limits because it wouldn’t expect to see many $10,000+ transfers.
However, if you start sending large amounts, you may find yourself attracting more attention than you anticipated.
The larger the amount, the greater the number of approvals required. For example, for $1 million worth of Bitcoin, you may need a quorum of eight to 10 authorized approvers within the business to enable that transaction.
“If one says no, they all say no,” Verner says.
Effectively, really big amounts are always going to require human intervention because you don’t want somebody taking $1 million off their exchange without a bunch of approvers within your organization approving.”
Fox in the henhouse
Verner warns that none of the above security matters mean anything if a crook runs the exchange.
If the head of an exchange is “prepared to corrupt the governance layer,” then all the security measures put in place become essentially useless.
He runs through a simple example of a dubious CEO controlling all the authorizers in the quorum, and then doing as they please. In such a scenario, the CEO can act freely to his own desires.
In the case of FTX, Bankman-Fried allegedly demanded that his co-founder Gary Wang create a hidden way for his trading firm Alameda to borrow $65 billion of client funds from the exchange without anyone knowing.
Wang allegedly sneaked in a single number into millions of lines of code for the exchange. This sly move created a line of credit from FTX to Alameda without customers ever giving their consent to such an arrangement.
To avoid foul play from someone on the inside, many exchanges are putting more security measures in place as the industry matures.
Elia says that all CoinJar employees must pass a criminal background check before joining the company and are required to take part in ongoing security and Anti-Money Laundering training.
He says that “multilevel data encryption, ongoing security audits and institutional-grade organization security to protect customer accounts” are also employed. CoinJar also uses “advanced machine learning” to recognize suspicious logins, account takeovers and financial fraud.
How do you conduct due diligence on an exchange?
The phrase “do your own research” has become somewhat of a rallying cry in the crypto space when it comes to investment, and many believe the same should apply for choosing your exchange.
Przelozny emphasizes that consumers should always research any exchange before depositing funds and not “expect others” to do due diligence for them.
The United States Commodity Futures Trading Commission advises on its website that you should look to see if the crypto exchange actually has a physical address.
Most countries now require cryptocurrency exchanges to obtain licenses, with regulators providing public info on digital currency exchange license requirements and providing databases of registered entities.
Users can also check social media and independent review websites (not the exchange itself) to see what customers are saying.
Przelozny says that customers should scrutinize the terms and conditions of the exchange meticulously, paying close attention to anything that suggests the exchange will earn a yield on clients’ assets, as that means the exchange has “every right” to do that.
He adds that investors should not flock to an exchange just because their “favorite athlete” is promoting it. The $1-billion lawsuit taken against influencers who promoted FTX and failed to disclose compensation should serve as a cautionary tale.
Dixon similarly advises investors not to get sucked in by the advertising or marketing schemes and instead focus on the fundamentals.
“I think affiliate marketing and financial products should never be combined,” Dixon says, noting he does not sign up influencers or celebrities to promote BnkToTheFuture or online shills. “We won’t actively incentivize people to talk about our business because they’ll get it wrong, and they’ll get us in trouble.”
That said, Dixon finds that authentic word of mouth between friends and family remains an incredibly powerful means of establishing trust in exchanges.
Dixon explains that while there may be uncertainty about how exchanges handle consumer funds, the situation is not fundamentally different from traditional banks: “I think if the banks were doing their jobs, when you deposit the money with the bank, [it would be disclosed that] you’re not the legal owner of the money.”
The banks “can leverage it up and put it at risk,” Dixon emphasizes and warns that there is little disclosure from the banks saying they “may need to go to the FDIC to get a bailout” if the loans go bad.