Buying and trading crypto currency is today’s hot topic. But it’s all fun and games until the exchange you use to trade your coins suddenly shuts down and rumor has it… It’s been hacked!
This scenario is not at all farfetched. Every now and then, a giant crypto exchange suffers a crippling cyberattack, and millions of investors would lose their assets overnight.
To stay ahead of such mishaps, it’s important to know the exchange you’re putting your money in, its rules, and its insurance policy. Who controls your Bitcoin private keys? Do you own the crypto you purchased? And can you recoup any lost crypto?
These are legitimate questions that any crypto owner or enthusiast must ask. In this article, we explore crypto exchanges in-depth, their types, risks, and insurance policies.
Cryptocurrency Exchanges: Custodial vs. Non-Custodial
To buy or trade cryptocurrency, traders move their coins or funds from their wallets to a crypto exchange, typically, a centralized one. But crypto exchanges are not all the same, and the ways by which they store your coins differ greatly.
Essentially, crypto exchanges split into two major categories: custodial and non-custodial.
The nature of the exchange you choose for crypto trading determines whether your coins are treated as your own or the exchanges’.
Custodial Cryptocurrency Exchanges
Custodial exchanges act as third parties by facilitating the selling, buying, and trading of crypto coins. However, to enjoy their services, you’re giving away your control over your private keys, and therefore, your coins.
According to Coinbase, “As long as you continue to custody your Digital Assets with Coinbase, Coinbase shall retain control over electronic private keys associated with blockchain addresses operated by Coinbase, including the blockchain addresses that hold your Digital Assets”.
The most popular cryptocurrency exchanges are generally custodial, including Coinbase, Gemini, Bitstamp, and Binance. They hold billions of dollars worth of cryptocurrency, which makes them susceptible to theft and hacks.
For example, Coinbase, Binance, and Bitstamp have all suffered huge cyberattacks that compromised the accounts of their users.
Therefore, hacking is a great downside of custodial crypto exchanges. As the users’ crypto assets are usually pooled in with those of the company in one blockchain address, any security breach will affect the users too.
But though it might sound counterintuitive, the vast majority of cryptocurrency trades occur on custodial exchanges.
Users choose custodial exchanges despite the huge risk associated with them because they are user-friendly and, more importantly, relieve users from the responsibility of managing their own crypto.
Yet, not all custodial exchanges are the same either. Coinbase is an example of a cryptocurrency exchange that doesn’t segregate its assets from its users’.
“Coinbase shall have no obligation to segregate by blockchain address Digital Assets owned by you from Digital Assets owned by other customers or by Coinbase”.Coinbase User Agreement
Therefore, when you trade using Coinbase, your assets are pooled with other users and/or with those of Coinbase in a single blockchain address.
However, Gemini is another custodial exchange that doesn’t pool your assets with theirs in one wallet.
Instead, you have the option to use either a Gemini Depository account in which your assets will be stored with other users in one or more wallets or a Gemini Custody account in which every user’s assets are segregated in offline, private addresses.
Non-Custodial Cryptocurrency Exchanges
With non-custodial exchanges, users have 100% control over their crypto assets, as they own their private keys and no intermediaries are involved. Exchanges such as PancakeSwap, Uniswap, and SushiSwap are famous non-custodial exchanges.
Non-custodial exchanges are much less popular than their custodial counterparts. However, many experienced traders and investors prefer them for the perks they come with. They have a much lower risk of theft and security breaches since users’ assets are held and controlled separately and privately.
And while custodial exchanges require a Know Your Customer (KYS) check to identify their users, most non-custodial exchanges don’t. This anonymity of users and trades is a major appeal of these exchanges.
Despite their apparent advantage when it comes to security and privacy, non-custodial exchanges are often complex and suffer low liquidity. They are less popular because users alone are responsible for the security of their accounts.
Cryptocurrency Exchange Insurance
In the event of a cyberattack on a cryptocurrency exchange or wallet, the first question that comes to mind is whether users’ assets are lost and if so, will they ever be recovered?
Unfortunately, there’s never a single answer to this question. Cryptocurrency is still a novel technology that’s not fully regulated in the US and around the world. As such, there’s no consensus on almost anything related to crypto.
In many instances, hacked exchanges lose both their assets and their users’ because they are stored in one wallet, as is the case of most custodial exchanges.
It’s here where insurance comes into play. The safety of your crypto assets depends greatly on the insurance plans of the exchange you use.
So what protection do crypto exchanges offer you?
It’s important to know that most crypto exchanges don’t offer any protection or insurance for the assets they store. So pick your exchange carefully!
However, some crypto exchanges protect your assets through funds or third-party insurers. These insurance plans can protect your assets against fraud, crime, theft, security breaches, or unauthenticated access.
Here’s a list of famous crypto exchanges and their insurance policies:
Binance is the largest cryptocurrency exchange by trading volume. To protect its users from assets loss, Binance built a security insurance fund in July 2018 known as The Secure Asset Fund for Users (SAFU) by contributing 10% of their trading fees.
The fund was valued at $1 billion as of January 2022 and it covers:
- Hacks and theft
- Fraudulent activities
- System failures
Coinbase is the biggest US-based crypto exchange. It offers hot wallet insurance of $255 million by third-party insurance providers. This insurance is partial and its exact coverage percentage is not stated.
Coinbase insurance covers lost assets due to cyberattacks and security breaches of the platform only. Loss of assets due to security breaches of a user’s account is not covered by Coinbase insurance and losses are not reimbursable.
It’s important to note that even though Coinbase insurance should cover your loss of assets if Coinbase was compromised, there’s no guarantee that you can recoup your money.
In our article on Cryptocurrency transactions Disputes, we explained that depositing funds or digital assets with Coinbase makes you an “unsecured creditor”. Unsecured creditors are the last to recoup their money in events of insolvency or theft if they ever do.
Gemini claims to be the most secure cryptocurrency exchange. It provides hot wallet insurance through a combination of third-party insurance providers. Gemini’s commercial crime insurance covers:
- Security breach and hack
- Fraudulent transfer
- Employee theft
However, it doesn’t cover asset loss due to unauthorized access.
- Loss in transit
- Computer fraud or funds transfer fraud
- Legal fees and expenses
Besides their insurance plan, Bitstamp stores 95% of its assets in offline, cold wallets.
As you might have noticed, insurance coverage by crypto exchanges varies greatly. And that should be considered wisely besides their custodial policies.
Personal Cryptocurrency Insurance
Besides the crypto protection provided by your exchange, some insurance companies provide personal digital assets insurance, such as Breach Insurance.
Breach provides a crypto insurance policy called “Crypto Shield”, and covers 22 crypto coins on four exchanges: Coinbase, CoinList, Gemini, and Binance US.
However, it is now available in 10 US states only. To purchase their insurance policy, you must reside in one of the following states: California, Illinois, Massachusetts, Michigan, New York, New Jersey, Nevada, Pennsylvania, Texas, and Washington.