Anybody who’s into crypto has to deal with an exchange at least once. But, these exchanges come with a wide range of trust issues, uncertainties, risks and of course usability issues. Over the past few days we’ve seen a wide range of news reports all touching the problems that exchanges are facing today… Or, even worse, the problems that users like you and me are facing every single day.
Crypto currencies have long been associated with privacy and trading drugs or weapons on the black market. Nowadays that’s no longer the case. Bitcoin isn’t that private and even Monero isn’t as private as people think it is. When you start trading on exchanges like Binance or Kucoin you need to go through a Know Your Customer (KYC) process, which includes ID-verification. These are required by law. Trading on an exchange in full privacy seems to be something from the past. Unless you want to circumvent your national tax office, this shouldn’t be the biggest problem though. It’s not impossible to stay completely anonymous in the world of crypto currencies, but it’s becoming harder every day.
Centralized exchanges: You’re not in control
The exchanges where you are required to go through a KYC process are completely centralized. These are major companies with millions of dollars of revenue on a monthly or even daily basis. Based on the performance of their listed trading pairs they can de-list them on a very short notice. For example, OKex announced on Thursday 25th of October that it would remove 40+ pairs from its exchange. Coins like Airswap (AST), FirstBlood (1ST) and Monetha (MTH) are no longer available to trade from October 31st. That’s less than one week notice. It’s a business decision of course, but it shows that centralized exchanges make centralized decisions that are not necessarily in your best interest.
Another issue with centralized exchanges is that they are vulnerable to hacks. You’re basically storing your coins on their server and you trust them with your money. However, hackers are aiming exchanges more and more. Monex got hacked in January and is currently not accepting new users while it’s waiting for a government approved license. Mt. Gox is probably the biggest hack on an exchange ever, while 2016 Bitfinex hack is also worth mentioning. There were thousands of BTC stolen, nowadays worth over a billion dollars. Audits and government regulation is supposed to make these exchanges even safer.
It’s not only the big exchanges that get hacked, as late October the Canadian exchange MapleChange fell victim to a hack and had to halt its services. They are trying to pay all their customers back, but they won’t be able to reimburse every customer. You trust your coins to be in safe hands, but they are not.
Decentralized exchanges: Who’s in control really?
The biggest exchanges are the centralized ones like the ones mentioned above, but a far more anonymous way to trade can happen on decentralized exchanges (DEX). On a DEX you own the private keys to your account, which means you’re the only one who has access to it. Your coins are not stored on the exchange when you start trading, but they are connected through smart-contracts. Once triggered, the money will transfer between the selling and buying wallets.
But even decentralized exchanges come with issues: trading bots push the price down to accumulate coins, low trading volumes make for easier manipulation and scammers can place their coins on the exchange quite easily. As decentralized exchanges are often not even registered companies, it’s always a good idea to wonder ‘Do I want to trade here?’ as a scam or hack might always be luring around the corner.
Every centralized solution to a decentralized setup is a possible vulnerability. EtherDelta is one of the oldest decentralized exchanges, but this exchange is using centralized hosting. In December 2017 hackers gained access to EtherDelta’s DNS and replaced the domain with a very sophisticated fake version of EtherDelta. This way at least 308 ETH and hundreds of thousands of dollars worth of tokens was stolen. Even people using Metamask fell victim to the hack. The lesson learned? Never import your private keys into a third party website. Funny thing, according to Bitcoin.com the ETH address associated with the hack is now a YoBit account. While another wallet connected with the EtherDelta hack, shows that the thief sold his stolen goods on Binance.
Not matter whether you’re trading or keeping your coins, you’re responsible for your own security. Bookmark your favorite websites, only use secure wifi, store your coins on a hardware wallet, and is always Do Your Own Research (DYOR). Never trust another person on his or her word, but double check the facts and stay safe.