Bitcoin security bitcoin custody

A practical guide to working with exchanges

by John Tinkelenberg 5 min read

Bitcoiners have a complex relationship with exchanges. On one hand, exchanges play a vital role in helping us upgrade our money from government currency to bitcoin. At the same time, exchanges pose a major security threat to your bitcoin.

In this overview, we’ll cover several basic considerations for buying bitcoin on exchanges, so you can get the most out of them and your self-custody.

Exchanges: Good for buying and selling

Bitcoin originated as a peer-to-peer network, but it’s hard to trade only with peers all the time. Your friends might not always have bitcoin to sell you.

That’s where exchanges come in. Exchanges are platforms and businesses where you can swap government-issued currency, such as euros or U.S. dollars, for bitcoin. Most exchanges also allow you to trade a wide assortment of crypto assets for bitcoin, though the supported assets tend to differ from exchange to exchange.

Most exchanges are centralized institutions and therefore subject to government regulations. To comply with these regulations, exchanges usually require you to identify yourself, and they can prevent you from buying or selling if they suspect you of criminal activity or if your government disapproves of your behavior.

You can think of exchanges as a bridge between your nation’s currency and bitcoin, and this relationship is why exchanges are sometimes referred to as “on-ramps” and “off-ramps.”

Exchanges: Bad for securing long-term holdings

The bitcoin community has a saying: “Not your keys, not your coins.” Whoever has your bitcoin’s private key has control over your bitcoin. To spend your bitcoin, you need to have access to your private key. Until you withdraw bitcoin to your own custody with your own private key, the bitcoin isn’t totally yours and it’s up to the exchange to keep it safe.

This is a problem because exchanges and custodians have security risks, too. They’re simply subject to a different set of risks than individuals. In fact, attackers are more inclined to target exchanges than individuals because a lot more bitcoin passes through exchanges.

Ever since bitcoin was created, exchanges have had a hard time keeping bitcoin safe. In 2014, the popular exchange Mt. Gox lost somewhere between 650,000 and 850,000 bitcoin and filed for bankruptcy, setting off a legal saga that continues to this day. The painful memory of Mt. Gox lives on as a reminder to all Bitcoiners of the dangers of leaving someone else in charge of your money.

‘Trillion Dollar’ Mt. Gox Demise as Told by a Bitcoin Insider
In early 2013, Peter Vessenes was in his Seattle office working on a deal to obtain the North American customer operations of the world’s largest Bitcoin exchange at the time, Mt. Gox, when his phone rang.
BloombergMatthew Leising

Minimize your exposure

If you’re new to bitcoin, now’s a good time to develop some good habits when it comes to exchanges. The best way to protect your bitcoin from exchange hacks is to keep as little bitcoin on an exchange as possible.

It’s up to you to determine an acceptable amount, but gauge it within your overall bitcoin investing strategy. If you do a lot of high-frequency trading, consider leaving only the assets you use to trade on the exchange and transferring your long-term stack to self-custody. Otherwise, if you just want to buy and hold, it may not make sense to leave bitcoin on exchanges at all.

It’s easy to get busy with life and accidentally leave bitcoin on an exchange — out of sight, out of mind. Exchanges often have waiting periods before you can withdraw your purchased bitcoin. Consider setting a reminder when you make a purchase so you can transfer your bitcoin later.

Adopt a robust form of two-factor authentication

Wealth security is about balancing the right amount of access. Passwords allow us to safeguard access behind a key phrase, but technology has grown to a point where we can’t safely rely on passwords alone. If a hacker seizes control of your email address, they can just reset your password 😬

Today, exchanges and financial institutions have adopted two-factor authentication (2FA) as an additional security layer. For instance, when you log into an account, you may receive a SMS text message or email with a one-time passcode.

While 2FA is a positive development, it’s important to take steps to prevent your 2FA method from being compromised. Bad actors can perform a SIM swap attack to seize control of your phone number. This tactic and similar exploits are frequently used to drain exchange accounts. Below is an example of a massive breach.

Hackers rob thousands of Coinbase customers using MFA flaw
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature.
BleepingComputerLawrence Abrams

If you use 2FA to protect your exchange account, choose a strong form of 2FA. We like hardware security keys, such as YubiKeys, for authentication on exchanges that support them. These devices are easy to use and require a level of physical interaction, making it exponentially harder for attackers to commandeer your account from a remote location.

If your exchange doesn’t support hardware security keys, consider using authenticator apps, such as Google Authenticator, for they are also a major upgrade from SMS text messages.

Withdraw early and often

Whenever you set up an account on an exchange, it’s good to test out the basic features ahead of time, such as deposits and withdrawals. That way, if you ever need to withdraw bitcoin quickly, you’re not dealing with a learning curve.

It’s best to withdraw bitcoin to your own custody before it’s obvious that you need to. There’s not much telling when an exchange will disable withdrawals temporarily, close down, or mysteriously go offline.

Go ahead and familiarize yourself with the withdrawal process so your exchange account doesn’t become a single point of failure. You never know until it’s suddenly too late.

Don’t trust — verify (as much as possible)

As a system, bitcoin was designed to give you the most control over your money without having to rely on trusted third parties. That includes exchanges.

Buying bitcoin on a centralized exchange requires some level of trust, but there’s some balance to be found here if you keep your exposure low and don’t leave your bitcoin on an exchange.

It’s wise to research multiple exchanges and their security policies before settling on one. Some exchanges strive to adopt leading-edge security practices. For instance, Kraken curates several helpful security resources and performs Proof of Reserves audits to help customers. While self-custody is the best way to alleviate security concerns, we believe these efforts are a positive step forward.

Being your own bank comes with personal responsibility. With some extra attention and effort, you can greatly reduce the risk of losing bitcoin on an exchange and set an excellent foundation for your bitcoin custody.

Protect your bitcoin for the long HODL

With Casa, you can secure your bitcoin with multiple keys, protecting you from single points of failure like exchanges. The coolest part? It’s free to try for 30 days. Get started with Casa and hold your keys today.




Read more posts by this author

John Tinkelenberg

John Tinkelenberg is the content marketing manager at Casa. As a trained reporter, he is the primary writer and editor for the blog and frequently produces content for other channels.

The link has been copied!
You’ve successfully subscribed to Casa Blog
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.