DeutschAfter the FTX crash, the question arises again: Is the security of crypto exchanges a cause for concern? Market leader Binance is calling for transparent Proof of Reserves. Can this development save the industry from further disasters?
What Must a Crypto Exchange Provide?
Crypto exchanges serve as a marketplace and give users the opportunity to trade various cryptocurrencies with each other. Centralized crypto exchanges offer an additional function compared to their decentralized competitors: They allow customers to exchange fiat currencies for crypto – these are known as fiat on- and off-ramps.
Centralized crypto exchanges like FTX or Binance are also the ones that are repeatedly criticized. On the one hand, repeated hacking attacks are to blame, and on the other hand, harmful behavior by the operators themselves. FTX is not the first operation of its kind to embezzle customer funds.
In addition, crypto exchanges are a danger to sensitive information. In order to exchange fiat currencies for crypto, customers have had to complete KYC processes since 2017. Subsequently, the marketplace in question knows the identity of the user, including a photo and ID.
Recommended reading: How to safely store cryptocurrency and avoid hacking attacks
Crypto Exchanges Must Hold Their Customers’ Assets on a 1:1 Basis
But crypto exchanges have one specific task above all: They must hold their customers’ assets on a 1:1 basis! This requirement rarely exists legally, as there is no corresponding legislation in most jurisdictions.
So there is no legal obligation in most cases, especially since many representatives set up their headquarters in particularly lax states. However, they commit themselves to this through their own offer, because practically speaking, a marketplace cannot sell goods that do not exist.
The industry is experiencing what happens when a crypto exchange does exactly that in November 2022. FTX can no longer serve its customers’ withdrawals. They embezzled their funds. So many of the cryptos were only in the possession of the users on paper. The exchange collapses as a result and goes bankrupt.
The problem: Many users use crypto exchanges not only as a trading platform, but also as a custodian of their own coins such as Bitcoin or Ethereum. This puts them at risk of being stolen from by the operator.
Users should therefore make sure that they never leave their cryptocurrencies on a crypto exchange unless they are actively trading with them. Instead, they should transfer them to a non-custodial wallet after purchase.
Recommendation: 5 reasons not to store cryptocurrencies on an exchange
A 2019 study shockingly revealed: Only a fraction of crypto users keep their cryptocurrencies in self-custody.
Only the opening of trades justifies the storage of cryptocurrencies on a crypto marketplace.
What should be considered when trading crypto? CoinPro explains.
What Security Measures Do Good Crypto Exchanges Take?
Managing a crypto exchange requires some work. On the one hand, it is responsible for holding customer funds. On the other hand, this should be done in the safest way possible.
At this point, however, there is a discrepancy. Because: Cold wallets are the best way to store cryptocurrencies securely. However, these prevent the sending of cryptocurrencies as long as they are not connected to the Internet.
Always Keep Large Amounts of Crypto on Cold Wallets
Crypto marketplaces must have sufficient coins available on hot wallets at all times so that the ongoing needs of customers for withdrawals can be met.
In order to keep any losses due to security vulnerabilities, human error or hacks as low as possible, a large part should also be deposited on cold wallets, which can be used as needed to replenish the hot wallets.
A look at the most valuable addresses of the Bitcoin–Blockchain shows: Popular crypto exchanges follow this pattern. They hold most of their coins in cold wallets. In addition, they divide their cryptos into different wallets.
These standards can be explicitly or implicitly recognized publicly at both Binance and Bitvavo. Both exchanges score very well in CoinPro’s assessment.
Use of Multisig Addresses
A multisig address is a blockchain wallet that requires the consent of multiple addresses (i.e. users) to finalize a transaction. Bitvavo and Binance use this method to prevent the unauthorized removal of funds. This is evident from the respective press releases.
The term Multi Signature, usually abbreviated as Multisig, stands for “multiple signatures”.
Insured Custody Service Providers
Bitvavo states that it works with “two leading custody providers”. Binance, on the other hand, states that it independently manages its coins. In both cases, the crypto exchanges report an insurance policy that covers losses in the event of damage.
Binance does not provide any information on the extent of the insurance, but mentions Arch syndicate at Lloyd’s of London as a partner. Bitvavo explains: The insurance is valid up to a damage level of 250 million US dollars.
Certified Data Centers
Binance and Bitvavo both state that they only use certified data centers. The market leader mentions the following security certificates:
ISO 27001/27701 and SOC 2 Type 1 certification. SOC 2 Type 2 is currently in progress.
Bitvavo writes:
Bitvavo uses data centers that comply with the following certifications: ISO 9001, ISO 27001, ISO 27017, PCI DSS Level 1, SOC 1 – 3.
Standards of this type are designed to prevent data losses that could result in the exploitation of sensitive wallet or company data.
Blockchain Analysis and Separate Audits
Both crypto exchanges state that they use automated blockchain analysis to detect suspicious transactions. If a theft occurs, these systems sound the alarm.
Both companies rely on the use of services from the well-known blockchain analysis company Chainalysis. Bitvavo personnel are vetted before they are allowed to take on sensitive positions within the company.
Binance checks every digital action separately. Accordingly, recurring events cannot remain under the radar.
Bitvavo even states that it monitors its own employees. Their actions are therefore logged in internal systems in order to be able to retrace any offenses afterwards.
How Do Crypto Exchanges Want to Protect Users from Errors?
Users who may have a low level of technical understanding and are inexperienced are particularly at risk. For these cases, crypto exchanges use two-factor authentication, commonly abbreviated as 2FA.
This system has long been standard within the industry. In addition, whitelisting serves security. For example, IP addresses that the user does not normally use are excluded from accessing the exchange account.
The same applies to withdrawal addresses. These usually have to be entered and approved several days in advance.
Does Proof of Reserves Make Crypto Exchanges Safer?
After the FTX crash, crypto exchanges are losing an immense amount of trust. After months of the bear market, the crypto market even falls to its 2022 low. Binance founder CZ wants to restore the reputation of the marketplaces and demands Proof of Reserves.
All crypto exchanges should use proof-of-reserves. Banks operate with incomplete reserves. Crypto exchanges should not do that. Binance will soon start using proof-of-reserves. Full transparency.
The term refers to the disclosure of liquidity. Crypto exchanges should voluntarily disclose which funds they hold in what way. Binance took a first, but so far incomplete step. A publication only shows the reserves of six cryptocurrencies, but Binance lists 386 projects. (As of November 15, 2022)
Nevertheless, various crypto exchanges are following the call. Other companies, such as Kraken, had already provided regular transparency reports, but these are only accessible to registered users.
The aim of Proof of Reserves is to make it comprehensible for customers whether the acquired cryptocurrencies are even available for withdrawal. FTX indirectly provoked this demand by trading with customer funds. A wave of withdrawals caused the company to become insolvent because the promised investments were not available at all.
Proof of Reserves therefore offers the chance for safer use. Companies that embezzle customer funds would then be exposed at an early stage. Damage from a huge collapse would be avoided. In order for the security to be comprehensible, crypto exchanges must disclose not only their reserves but also their liabilities. After CoinMarketCap introduces the Proof of Reserves function, the disclosure of liabilities is still missing.
In this way, customers can estimate whether the crypto exchange holds any cryptocurrencies at all, but it is not clear whether the reserves are actually available in sufficient quantities.
How should the Reserve of a Crypto Exchange be Valued?
On November 11, 2022, the crypto exchange Crypto.com shares its reserves and thus provokes some criticism. Users criticize: The exchange holds too much Shiba Inu (SHIB) and thus an ERC-20 token that is not trustworthy.
However, this criticism is unjustified. Because: A crypto exchange only has to hold the coins that its customers acquired. The platform does not decide which cryptocurrencies to hold.
The only important thing is: The acquired cryptos must be available in the exact number and in the original form.
