It's so tempting: "If I already have an account with a crypto exchange, why can't I leave my Bitcoin there? I can always withdraw them later, and I don't have to worry about safekeeping for now."However, if you leave your Bitcoin on an exchange, you run several risks.
Let's take a closer look at why this approach has been the downfall of many Bitcoiners and where the dangers lie.

Exit Scams and Hacks

Crypto exchanges are comparable to bank branches, and as in real life, are attractive targets for criminals. However, in addition to storing a large amount of money, exchanges can also be accessed without physical presence, violence, and the associated risks.

Of course, the Bitcoin holdings of an exchange are professionally protected. But unfortunately this is no guarantee of security. In 2019 alone, hackers managed to steal customer funds from various exchanges over 11 times. The list of exchange hacks is so long that it fills entire websites. Almost every exchange has already been the victim of a hacker attack.

Sometimes it is even unclear whether it is really a hack or a so-called exit scam in which the operators either fake a hack or they simply disappear with the customers' money. In such a case it is pretty much impossible to get your Bitcoin back.

The main problem is that crypto exchanges usually do not have deposit insurance and Bitcoin transactions cannot be reversed. Once the money is in the hacker's wallet, there is no way to reverse it. As a result, customers are left at the mercy of the exchange's poor security.

Probably the most well-known example of a crypto exchange hack is Mt. Gox. In total, over 650,000 Bitcoin were stolen. Users of this exchange have been waiting for repayment of their lost Bitcoin since 2014.

Another sad story is the Canadian exchange QuadrigaCX. When the founder passed away unexpectedly in 2019, it was first announced that access to all assets was lost without him. Later, it was found out that the exchange had operated with underfunding for years, and had not owned all customer’s assets for a long time. To this day 76,000 customers are still waiting for over 215 million dollars.

In order to determine whether exchanges really possess all the coins of their customers, the Bitcoin community organizes the "Proof-of-Keys" day each year. Every January 3rd, all committed Bitcoiners are encouraged to withdraw their Bitcoin from exchanges and other custodians into their own wallet. This is to check whether custodians really have all their customers' coins. You could call it a “yearly, cyber bank run".

Regulatory risks

The fundamental idea behind Bitcoin is that it is an uncensorable monetary system accessible to everyone. However, as long as your Bitcoin are held on an exchange, this is not the case. While the risk of a Bitcoin ban is relatively low in Western democracies, there could be restrictions on holding Bitcoin on your own at some point. Customers of Swiss Bitcoin service providers already have to verify their Bitcoin address before they can withdraw Bitcoin to their own wallet.

If you are registered with an exchange that is located in a country that wants to shut down exchanges, it would be difficult to get your Bitcoin back. Even with legal action, it is unlikely that you would see your Bitcoin again.

Data Collection

When you buy Bitcoin on an exchange, those Bitcoin are linked to your identity and can be tracked after you withdrew them to your wallet. Since Bitcoin transactions are publicly accessible, this link does not end when you leave the exchange. If you mix these coins with your other Bitcoin holdings, these coins can then also be tracked back to you.

Companies like Chainalysis use these relationships to assign a large part of all Bitcoin transactions to specific individuals. Only through complex measures, such as CoinJoins, can these links be removed

The best way to avoid this data collection is to buy or earn Bitcoin anonymously. Since this is not always easy, KYC-Light Dollar-Cost-Average (DCA) services like Pocket, Relai and Swan Bitcoin should be preferred over traditional crypto exchanges, as they do not require full identity verification (with passport photo, address, etc) and coins are transferred directly to your own wallet.

Phishing / Hacking

If your Bitcoin is on an exchange, the only thing that prevents a hacker from getting your coins is your account login. Hackers come up with all kinds of tricks to get their hands on it: fake emails, dangerous websites and all kinds of viruses. If the expected profit is high enough, attackers will go to an enormous effort, and with enough effort, anyone can become a victim.

Once your computer is infected by a virus, it can be easy for a hacker to send your Bitcoin from an exchange to his own wallet. Even two-factor authentication doesn't always help in such cases. No exchange will take responsibility for such attacks, because it is not them which made a mistake and it appears to them as if the customer had withdrawn the coins.

Overall, it can be concluded that keeping Bitcoin on an exchange is not as safe as many people think. Your Bitcoin is only really safe in self-custody and a hardware wallet is the easiest way to do this.

Achieve financial independence!

All these risks are the reason why we developed the BitBox02. The BitBox02 offers you the perfect combination of security and usability. There is really no reason to misuse your exchange as a wallet anymore.

Don’t own a BitBox yet?

Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.

The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.

Grab one in our shop!

Frequently Asked Questions (FAQ)

Why shouldn't I leave my Bitcoin on an exchange?
Leaving Bitcoin on an exchange exposes them to risks such as hacks, exit scams, and regulatory restrictions. Once Bitcoin is stolen from an exchange, it's nearly impossible to retrieve them.

What are exit scams in the context of crypto exchanges?
Exit scams occur when exchange operators either fake a hack or disappear with customers' funds, making it almost impossible for users to recover their Bitcoin.

How can I ensure that an exchange possesses all the coins they claim?
The Bitcoin community organizes the "Proof-of-Keys" day annually, where Bitcoiners are encouraged to withdraw their Bitcoin to check if custodians have all their customers' coins.

What risks do I face regarding data collection when buying Bitcoin on an exchange?
Bitcoin purchased on exchanges are linked to your identity and can be tracked. Companies can use transaction data to link Bitcoin to specific individuals.

How can I protect my Bitcoin from phishing or hacking attempts?
Storing Bitcoin in self-custody, especially in a hardware wallet, provides the best protection against hacking attempts.

What's the difference between a hardware wallet and a software wallet?
Software wallets run on computers vulnerable to hacks, while hardware wallets are dedicated devices designed to securely store coins.

Is a paper wallet safer than a hardware wallet?
Paper wallets might be safe in some scenarios, but they require trust in the computer used for creation and transactions. Hardware wallets offer more security.

Shift Crypto is a privately held company based in Zurich, Switzerland. Our international team of specialists across engineering, cryptosecurity and Bitcoin core development build the BitBox products and provide consulting services. The BitBox02, a second generation hardware wallet, equips individuals to easily store, protect, and transact cryptocurrencies. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your digital assets with ease.