Centralized Exchanges: How Crypto Markets Work and the Risks of Custody

Buying and selling cryptocurrency requires an exchange—a platform where buyers and sellers meet to trade. Centralized exchanges like Coinbase, Binance, Kraken, and Gemini are companies that facilitate these trades. They're called "centralized" because a single company controls the infrastructure, the user accounts, the trading matching engine, and the custody of assets.

While centralized exchanges are essential for most people to enter cryptocurrency (you can't buy Bitcoin with dollars on the blockchain itself; you need an exchange as the on-ramp), they also introduce new risks. Using an exchange means trusting the company with your money. History shows this trust is sometimes misplaced.

Understanding how exchanges work, what can go wrong, and best practices for using them is essential. Exchanges are tools—good for trading, bad for long-term storage.

Quick definition: A centralized cryptocurrency exchange is a company-operated platform where users can buy, sell, and trade cryptocurrencies for traditional currency or other cryptocurrencies. The exchange holds customer funds in custody while facilitating trades.

Key Takeaways

• Centralized exchanges are on-ramps: For most people, they're the only practical way to convert government currency to crypto and vice versa
• Custody risk: Exchangesholds your assets; if hacked, go bankrupt, or are mismanaged, your assets are at risk
• Counterparty risk: You must trust the company's security, ethics, and solvency indefinitely
• Regulatory protections vary: Unlike banks, crypto exchanges often lack insurance or guarantee of recovery
• Operational differences: Exchanges vary in security practices, geographic reach, fiat support, and fees (0.1%-5% per trade)
• Best practice: Use exchanges for on-ramping (buying) and off-ramping (selling), then move assets to your own wallet
• Real examples: Mt. Gox ($450M loss), QuadrigaCX ($190M loss), FTX ($8B loss) show custody risks are not theoretical

The Centralized Exchange Ecosystem

The major players (as of 2024):

Coinbase (US-focused)

• Headquarters: San Francisco, USA
• Trading volume: ~$100B/month
• Fiat support: USD, EUR, GBP, CAD
• Strengths: Regulated in US, insurance on digital assets, clean UI, beginner-friendly
• Weaknesses: Higher fees (0.6-1.5%), limited altcoin selection
• Best for: US customers, first-time buyers, regulatory compliance
• Public company: Yes (listed on NASDAQ)

Binance (Global)

• Headquarters: Cayman Islands (formerly Singapore)
• Trading volume: ~$600B/month
• Fiat support: 50+ currencies
• Strengths: Lowest fees (0.1%), most altcoins listed, fastest growth
• Weaknesses: Regulatory scrutiny, less transparent, complex UI, customer support issues
• Best for: Active traders, altcoin trading, low-fee trading
• Public company: No (private ownership)

Kraken (US-focused)

• Headquarters: San Francisco, USA
• Trading volume: ~$30B/month
• Fiat support: USD, EUR, GBP, CAD, JPY
• Strengths: Strong security reputation, excellent customer service, transparent
• Weaknesses: Lower trading volume, limited altcoins
• Best for: Customer service, security-conscious US traders
• Public company: No (private)

Gemini (US-focused)

• Headquarters: New York, USA
• Trading volume: ~$15B/month
• Fiat support: USD, EUR, GBP
• Strengths: Regulated in NY, institutional grade, security, transparency
• Weaknesses: Limited altcoins, higher fees
• Best for: Institutional investors, security priority
• Public company: No (private, backed by Winklevoss twins)

How Centralized Exchanges Actually Work

Step 1: Account creation and verification

You create an account with name, email, and password. The exchange performs KYC (Know Your Customer) verification:

• Photographic ID (passport, driver's license)
• Proof of address (utility bill, bank statement)
• Sometimes video verification
• Sometimes risk questionnaires

This process can take hours to days. Why do exchanges do this? Government regulations (anti-money laundering laws) require it.

Step 2: Adding funds

You connect your bank account to the exchange via ACH (US), wire transfer, or other method. You can now deposit dollars, euros, or other fiat currency.

Step 3: The exchange holds your assets

When you deposit $10,000, Coinbase receives the dollars in their bank account. They create an accounting entry in their database: "User X has $10,000 credit." The dollars are Coinbase's property; they just owe you the equivalent.

Coinbase holds these dollars in their corporate bank accounts—currently probably at Goldman Sachs or another major bank. They don't segregate customer funds; customer dollars mix with Coinbase's operating funds.

Step 4: Trading on the exchange

You see the order book:

Bitcoin price: $45,000
Sellers:
- 0.5 BTC @ $45,100
- 1.0 BTC @ $45,200
- 0.3 BTC @ $45,300

Buyers:
- 0.2 BTC @ $44,900
- 0.8 BTC @ $44,800
- 1.5 BTC @ $44,700

You place an order: "Buy 0.1 BTC at $45,000." The exchange's matching engine finds a seller willing to sell at that price. Your order is matched with their offer. The trade executes instantly.

Your account now shows:

• $9,550 USD (you spent $450 + $0.45 fee)
• 0.1 BTC

Step 5: Custody of crypto

The 0.1 BTC you bought is stored in Coinbase's custody. It's in a wallet address like: 1A1z7agoat7SFkd9at3XqDAsWWYu51eyJ. Coinbase holds the private key. You don't control it.

If you want to spend it:

• Spend it on the exchange: You can trade it for other crypto, convert back to dollars, or send it to another user on Coinbase instantly
• Withdraw it: You can ask Coinbase to send it to your own wallet. They send it from their wallet to yours, costing you a withdrawal fee ($10-100 depending on network congestion)

Step 6: The exchange's business model

Coinbase makes money via:

• Trading fees: 0.5-1.5% per trade ($450 order = $2.25-6.75 fee)
• Withdrawal fees: $10-100 per withdrawal
• Staking fees: If you "stake" crypto on Coinbase (locking it up to earn interest), they take a cut
• Interest on idle capital: Coinbase holds millions in customer deposits earning them interest

The Counterparty Risk: What Can Go Wrong

Risk #1: Hacking and theft

Exchanges hold billions in cryptocurrency and fiat currency. They're high-value targets for hackers.

Notable hacks:

• Mt. Gox (2014): 850,000 BTC stolen (worth ~$450M at the time). The exchange gradually went bankrupt trying to recover.
• Bitfinex (2016): 120,000 BTC stolen (worth ~$65M at the time)
• QuadrigaCX (2019): Canadian exchange with $190M in customer funds went offline. CEO Gerald Cotten died in India. The fund remains mostly inaccessible.
• FTX (2022): $8 billion in customer funds missing. CEO Sam Bankman-Fried allegedly misappropriated them for his own investments.

Current practices: Modern exchanges use:

• Cold storage (offline storage of most assets)
• Insurance ($250M+ coverage from specialized insurers)
• Security audits (regular third-party security reviews)
• 2FA (two-factor authentication)
• Withdrawal whitelisting

But no amount of security is perfect. 100% theft is theoretically impossible, but 99.9% is within reason.

Risk #2: Bankruptcy and insolvency

Even with perfect security, an exchange can go bankrupt for other reasons:

• Bad business decisions: Overextended leveraging, poor risk management
• Embezzlement: Executives stealing funds
• Regulatory fines: Regulatory penalties eating into capital
• Market collapse: If crypto markets crash, users might mass-withdraw, causing a "bank run"

If an exchange becomes insolvent, customer funds typically become part of the bankruptcy proceedings. You become an unsecured creditor—you get in line after secured creditors and usually recover a small percentage.

Risk #3: Regulatory seizure

Governments could seize exchange assets. This is rare but possible:

• Silk Road (2013): FBI seized Bitcoin seized from the dark web marketplace. Users lost access.
• Iran sanctions: US froze Iranian exchange assets
• Money laundering: If regulators believe an exchange is facilitating money laundering, they can freeze assets

Risk #4: Geographic/regulatory risk

Exchanges in different jurisdictions face different regulations:

• US exchanges (Coinbase, Kraken, Gemini): Heavily regulated, insurance available, but operations are constrained
• Global exchanges (Binance): Less regulation means more freedom, but less consumer protection
• Offshore exchanges: May lack any regulatory oversight

If a US exchange goes bankrupt, there's at least a legal framework for customer recovery. An offshore exchange's bankruptcy might leave you with no recourse.

Cryptocurrency Exchange Security Best Practices

If you must hold funds on an exchange:

1. Use 2FA (two-factor authentication)

   • Don't use SMS-based 2FA (vulnerable to SIM swaps)
   • Use authenticator apps like Google Authenticator or Authy
   • Use hardware security keys if available (Yubikey, etc.)

2. Enable withdrawal whitelist

   • Most exchanges let you specify wallet addresses
   • Only these addresses can receive withdrawals
   • This prevents attackers from withdrawing to their own wallet

3. Use strong, unique passwords

   • 16+ character minimum
   • Mix of letters, numbers, symbols
   • Different password than other accounts
   • Store in a password manager

4. Watch for phishing

   • Be suspicious of emails about account issues
   • Never click links in emails (go directly to the website instead)
   • Verify the website URL matches (coinbase.com, not coinbase.co or coinbase-secure.com)

5. Avoid browser extensions

   • Some browser extensions are malicious and steal passwords
   • Keep only essential extensions
   • Trust only official extensions

6. Limit exposure

   • Only deposit what you intend to trade
   • Withdraw the rest to your own wallet
   • Don't leave funds on exchange longer than necessary

Exchange Fees Breakdown

Trading fees (per trade):

• Coinbase: 0.6% (maker) - 1.5% (taker)
• Binance: 0.1% (maker) - 0.1% (taker)
• Kraken: 0.16% (maker) - 0.26% (taker)
• Gemini: 0.5% - 1.5%

Example: Buy 0.1 BTC at $45,000 on Coinbase

• Cost: $4,500 + 0.5% fee ($22.50) = $4,522.50 total

Withdrawal fees:

• Bitcoin: $10-100 (depends on network congestion)
• Ethereum: $2-30 (depends on network congestion)
• Stablecoins (USDC, USDT): $0-5

Deposit fees:

• ACH (US): Free to $0.10
• Wire transfer: Free to $25
• Credit card: 2-4%
• PayPal: Not supported on most exchanges

Real-World Exchange Risk Examples

FTX (2022): The collapse of FTX demonstrated exchange risk at scale:

• FTX held ~$8 billion in customer assets
• CEO Sam Bankman-Fried secretly used these funds for his own investments
• The exchange went bankrupt overnight
• Customers lost billions
• Criminal charges against the CEO
• Bankruptcy proceedings recovered only a fraction

This wasn't a hack. This was deliberate misappropriation. It shows that even famous, well-funded exchanges can fail catastrophically.

Mt. Gox (2014): The earliest major exchange failure:

• Mt. Gox handled 70% of Bitcoin trades globally
• Hacked (or had internal theft)
• 850,000 Bitcoin disappeared (~$450 million)
• The exchange went bankrupt
• Bankruptcy proceedings lasted 9+ years
• Creditors recovered ~40% only in 2023

Decentralized Alternatives to Centralized Exchanges

Centralized exchanges have risks. Some alternatives:

Decentralized exchanges (DEXs):

• Uniswap, SushiSwap, PancakeSwap
• No centralized company holding assets
• You keep control of your private keys
• Trades are more complex and often have worse prices
• No customer service if something goes wrong

Peer-to-peer trading:

• LocalBitcoins, Bisq
• Trade directly with others
• More control, higher risk of scams
• Often used for privacy (but trades aren't anonymous)

Non-custodial wallets with built-in swap:

• Exodus, MetaMask
• Buy/sell with integrated DEX
• You control the keys
• Limited fiat support

Common Mistakes About Centralized Exchanges

Mistake #1: "My funds are insured like bank deposits"

Wrong. Most crypto exchanges don't provide FDIC-style insurance. Some have insurance against hacks (usually $250M limit), but bankruptcy losses aren't covered. Your funds are at risk.

Mistake #2: "A regulated exchange is completely safe"

Partly true. Regulation provides some protection (compliance requirements, audits, capital requirements), but regulations don't guarantee solvency. FTX was operating in some regulated jurisdictions and still collapsed.

Mistake #3: "I don't need a wallet if I use an exchange"

Depends on use case. For trading, an exchange is fine. For long-term storage, a personal wallet (hardware or software) is better. Best practice: use exchange for active trading, personal wallet for hodling.

Mistake #4: "Withdrawing crypto costs the same as withdrawing cash"

False. Crypto withdrawals cost money (network fees). Withdrawing to another exchange costs the withdrawal fee ($10-100+). Plan accordingly.

Mistake #5: "The exchange controls the blockchain"

Wrong. The exchange only controls its own database. Once you withdraw to your own wallet, the exchange has no control. The blockchain is immutable and controlled by the network.

FAQ: Centralized Exchange Questions

Q1: How much of my crypto should I keep on an exchange?

Only what you're actively trading. For everything else, use a personal wallet. A reasonable rule: if you wouldn't hold that much cash on a table, don't hold it on an exchange.

Q2: Can an exchange refuse to let me withdraw my funds?

Yes. They can freeze accounts for:

• Suspected money laundering
• Terms of service violations
• Regulatory holds
• Bankruptcy

This is why keeping long-term assets off exchanges is smart.

Q3: Is Coinbase or Binance safer?

Coinbase is more regulated and safer in a regulatory sense. Binance has better security track record but less regulatory protection. Choose based on your jurisdiction and risk tolerance.

Q4: What's the best exchange for beginners?

Coinbase or Gemini in the US (most regulated, best customer support). Kraken is also good (excellent customer service). Binance if you want lower fees and more altcoins.

Q5: Can I get my money back if an exchange is hacked?

Maybe. Depends on the exchange's insurance, bankruptcy law, and luck. Insurance covers some losses. Bankruptcy proceedings can take years and recover cents on the dollar. Don't rely on recovery—prevent the loss instead.

Related Concepts

• Hot vs. Cold Wallets — Why you shouldn't leave crypto on exchanges long-term
• Decentralized Exchanges — Alternative to centralized exchanges
• Wallets and Private Keys — Understanding asset control
• Common Scams — Exchange-based theft methods
• Transaction Settlement — How exchanges settle trades
• Regulation Overview — How exchanges are regulated

Summary

Centralized cryptocurrency exchanges are the primary on-ramp for most people to enter crypto, but they introduce counterparty risk. Exchanges hold your assets in custody, creating trust requirements similar to traditional banks but often with fewer protections. Security, hacking, bankruptcy, and regulatory action are all real risks. Best practice is using exchanges for active trading while keeping long-term holdings in personal wallets where you control private keys. Understanding the risks and limitations of centralized exchanges is essential for safe crypto participation.

Deeper coverage in Book 18 — Cryptocurrency for Beginners.

Next

→ Next article: Decentralized Exchanges