Imagine waking up one morning and finding that your hard-earned Bitcoin has vanished into thin air. While you might be able to trace it on-chain, signs of recovery are slim to one, and the reality of facing a gut-wrenching loss sets in. This is the harsh reality faced by countless individuals who have fallen victim to the collapse of many a crypto casino, I mean exchange, throughout the last decade.
According to Athena-Alpha, 19 exchanges have ended up shuttering and leaving their customers holding the bag, so this reality is nowhere near a rare occurrence; in fact, it’s pretty commonplace.
As Bitcoin and the unregistered securities market, effectively known as altcoins, have increased in popularity as a place for retail investors to source some alpha outside their savings accounts, the centralised exchange has become the go-to place for this demand. Centralised exchanges (CEX) manage large-scale order books and make it easier to match buyers and sellers and even provide liquidity to ensure users can buy and sell with ease and limited slippage.
While CEXs are convenient, it’s imperative to understand the hidden risks lurking within these platforms.
The vulnerability of digital assets
The vulnerability of digital assets is a critical aspect that contributes to the constant collapse of crypto exchanges. The business model is geared to take on the liability of custody, but the asset that they are working with is digital entries managed by private keys.
Exchanges have to set up complex and covert lines of communication between teams and parties to safely manage these keys and ensure that they are never exposed. They have to manage hot and cold funds, constantly update balances, and match them with customer claims and not commingle assets.
This is not an easy process; it takes time, it requires robust security processes and failsafe fallbacks, and you simply cannot scale custody without taking on enormous risks.
Exchanges face the same risks you do when you manage your private keys for your Bitcoin, except they openly advertise where they are, who their staff are, what their on-chain footprint looks like, and what third parties they use, and this leaves them vulnerable.
A chink in their code, their servers, their staff, their security operations, their communications tools, their business model, and their service providers can all lead to loss of funds.
So what are these possible pitfalls that lead to exchanges going bust?
Failures in security are costly.
The nascent nature of the crypto market contributes to the vulnerability of digital assets. With the rapid emergence of new cryptocurrencies and the constantly evolving technology behind them, exchanges often struggle to keep up with the necessary security and risk management practices.
Since exchanges are dealing with new technology, skilled labour is not always readily available, and there is a lot of learning on the fly. The crypto space is a move fast and break things mantra, which comes at a cost. This dynamic landscape creates an environment where vulnerabilities can go undetected until too late. The lack of historical data and established best practices makes it challenging to assess and mitigate risks associated with digital assets accurately.
The more coins and chains an exchange supports, the more they dilute their team and efforts and open themselves up to attack. According to Hedge With Crypto, there have been a reported 48 hacks on major centralised exchanges in the last 11 years. That’s one hack each quarter on average, so don’t dismiss hacks as something that only happens in the movies; this is a genuine danger for these businesses.
Poor security measures are a persistent threat.
Hacks and security breaches pose a persistent threat to the stability of crypto exchanges. The potential for cyberattacks is ever-present in an industry that operates predominantly in the virtual realm. Hackers continuously refine their techniques, finding new ways to exploit vulnerabilities and compromise the security systems of these exchanges. It can be as simple as social engineering or accessing a compromised email account of an executive with a phishing scam to aggressive attacks on the infrastructure.
With the potential for significant financial gain, hackers are constantly devising new methods to bypass security measures and gain unauthorised access to these wallets.
The lack of standardisation in security measures across different chains and exchanges exacerbates the vulnerability of digital assets. While some exchanges prioritise robust security protocols, others may have lax measures in place. This discrepancy in security practices leaves room for attackers to target exchanges with weaker defences, compromising not only the exchange’s integrity but also the assets held by its users.
While users might get the same experience on the front end, they have no oversight into how well security is done on the backend when managing these assets, as they only trade IOUs that have no relation to the asset they are trading.
Regulatory Crackdowns: Navigating the Uncertainty
With the rapid growth and global adoption of cryptocurrencies, governments and regulatory bodies worldwide are grappling with how to regulate this new digital asset class. This has led to a series of regulatory crackdowns on crypto exchanges as authorities seek to establish guidelines for operating within this evolving industry.
The absence of clear and comprehensive regulations creates an environment of uncertainty for both crypto exchanges and their users. Without a well-defined regulatory framework, it becomes difficult to establish best practices and ensure the market’s integrity. This uncertainty can lead to increased risks and can make it challenging for exchanges to operate in a consistently compliant manner.
Regulatory crackdowns are often a response to a lack of transparency, security breaches, or fraudulent activities within the crypto exchange space. These crackdowns aim to protect investors and prevent illicit activities such as money laundering and fraud.
Since exchanges have thrived on the fact that they can operate in these grey areas, they are hoping that they can make enough money to make it worthwhile when compliance comes at a later stage, or they can move to a region that will allow them to continue on as usual.
This is a risk that they run; either the exchange ends up getting sued by local financial regulators, or they have to de-list assets or block off certain customer bases. This is a gamble exchanges take and hope that if the worst does happen, they can stay open, which isn’t always the case.
Internal Mismanagement: Trusting the Untrustworthy
One of the biggest risks posed by internal mismanagement is the potential for bad actors within the exchange itself. Just like any other industry, the cryptocurrency sector is not immune to dishonesty or unethical behaviour. Unfortunately, the unregulated nature of digital assets makes it even more difficult to detect and prevent fraudulent activities within exchanges.
Instances of embezzlement, insider trading, and other illicit activities have happened in the past, causing significant financial losses for users and tarnishing the reputation of the exchanges involved. These incidents serve as stark reminders that trust should never be assumed but rather earned through robust internal controls and a commitment to ethical practices.
Scams and fraud
One of the most common forms of scams in the crypto world is the creation of exchanges that aren’t acting above board with customer funds. In a perfect world, you would deposit funds with an exchange; they would keep your funds separate from their own funds and house them with a secure provider or in their own infrastructure, waiting for you to redeem on-chain or to sell and book your profits or losses in fiat.
The reality is, with exchanges like FTX, once the funds are deposited, they were reportedly commingled with other customers’ assets, with exchange assets, sold to buy other assets, traded internally or on other exchanges or given to sister companies to lend out or trade.
While these are gross financial violations in themselves, the idea that you can use customer funds as a war chest in the market doesn’t always end up as the exchange booking profits.
What happens is trades don’t go their way, and the exchange ends up with a hole in their balance sheet and mismatch in customer claims to assets on the books, but rather eating losses incurred through their own hubris, they end up sticking customers with the losses.
Taking risks on shoddy products and Ponzis.
To add to the complexity of managing a cryptocurrency exchange is their need to support every token under the sun. Exchanges want to support as many tokens and chains as possible because every trading pair is an opportunity to attract new customers and earn fees.
Since exchanges are competing with one another for this demand and liquidity, they often take shortcuts in spinning up support for new “digital assets” by using third-party custodians and crediting balances on the backend in their local database. While this might solve the problem for them in the short term, it adds a new set of operational risks, and if the third-party custodian goes bust, the exchange is left without access to that capital.
Coupling these third-party provider risks with the prevalence of scams and fraudulent activities within the crypto space further underscores the vulnerability of digital assets. Misleading initial coin offerings (ICOs), Ponzi schemes, and other fraudulent practices can easily deceive investors, leading to substantial financial losses.
As coins fail, it’s not only the individual investors who take the knock but exchanges can be exposed to the losses too as they inject capital to manage this market, various trading pairs and custody of these worthless tokens.
Taking on risks with illiquid assets
Taking on risks with illiquid assets, the big challenge that crypto exchanges must confront, presents a whole new set of considerations and potential pitfalls. While the volatility of the cryptocurrency market is well-known, the issue of illiquidity adds another layer of complexity. Illiquid assets are those that cannot be easily bought or sold without significantly impacting their market value.
Crypto exchanges often have to deal with a range of illiquid assets, including altcoins with low trading volumes or new and unproven cryptocurrencies. These assets may lack sufficient buyer interest or have limited liquidity, making them difficult to trade or convert into more established like Bitcoin. As a result, when users try to sell or exchange these illiquid assets, they may face significant hurdles, including delays, price slippages, or even the inability to execute a trade.
The risks associated with illiquid assets are twofold.
Firstly, they can lead to financial losses for users who are unable to sell their assets at a fair price or in a timely manner. Illiquid assets can also create liquidity problems for crypto exchanges themselves, potentially putting their viability at risk. If a large number of users are unable to sell their illiquid assets, it can create a backlog of pending trades and strain the exchange’s resources.
Exchanges can often use their current market value of tokens on their books to borrow funds or justify the additional investment, as their business model centres around how much fees they can generate from assets under management. It’s in their interest to juice their AUM, and thinly traded altcoins are a great way of spinning up additional market cap for very little capital, but it’s a double-edged sword.
If a project fails, like in the case of UST and LUNA, a large portion of your exchange funds are effectively gone to zero.
The challenge, then, lies in striking a balance between providing a diverse range of cryptocurrencies for users to trade and ensuring sufficient liquidity for those assets. Crypto exchanges must carefully evaluate and monitor the liquidity of the assets they list to mitigate the risk of illiquidity.
A balance they don’t always get right as exchanges also get wrapped up in FOMO.
Fractional reserve banking as a business model
Fractional reserve banking is a business model in which banks only keep a fraction of the money deposited with them in reserve and lend out the rest. This allows banks to make more money by generating interest on loans but also creates potential dangers of a bank run. If the bank does not have enough cash reserves to meet all of the withdrawals, it may be forced to close down.
This banking model works in fiat because of credit creation and the ability to pledge assets with a buyer of last resort, the central bank, who would provide liquidity in times of stress and avoid forced selling of assets to meet depositor demands.
Exchanges can employ this fractional reserve model and rehypothecate Bitcoin or altcoins and end up in a shortfall they cannot service, and since there is no lender of last resort, they either end up shutting customers out until the exchange can access liquidity by selling assets.
Assets that might now be impaired due to the FUD that creates a doom loop and end up increasing the shortfall as there is a lack of buyers due to all the uncertainty in the market.
Uncertainty can reach far and wide.
The consequences of a failed project, regulatory crackdown, successful hacks or security breaches are far-reaching. Not only do they lead to significant financial losses for individuals and exchanges alike, but they also erode market participation which can affect those trading these assets.
For example, traders could be leveraging long on a certain asset, and an unrelated hack could trigger a mass sell-off where those who never even owned hacked asset or used the hacked exchange are now eating losses because of all the uncertainty the hack caused.
This can trigger a contagion, and as people pull their funds out of exchanges, even those exchanges that weren’t hacked or seemed fine don’t have the liquidity to cover withdrawals, and they end up failing.
No TBTF institutions in Bitcoin or cryptocurrency
Unlike traditional financial institutions with established regulatory frameworks and security measures to safeguard physical assets or having complete control over databases and holding redundant copies of databases, crypto exchanges operate in relatively uncharted territory.
The intangible nature of digital assets makes them susceptible to cyberattacks, theft, and fraudulent activities, which further amplify the risks involved in trading and storing cryptocurrencies. If there is a breach of loss of funds, especially when it comes to Bitcoin, there is no way to print more Bitcoin to cover losses or roll back the chain to return the Bitcoin to a previous set of key owners.
Since crypto exchanges also operate in grey areas, they don’t always qualify for financial insurance products and would not get support from governments or larger institutions should they fail. Regardless of how big an exchange is, none of them is too big to fail, and this means none of them is good enough to trust with your money, not now, not ever.
Use and enter at your own risk.
The world of crypto exchanges is fraught with hidden risks that constantly contribute to their collapse. While they may prove to be a bridge into Bitcoin, these bridges are flimsy and are constantly swinging in the wind; every time you cross them, it is a dubious proposition, so it’s up to you to use these transportation routes with care,
There is nothing particularly wrong with using a centralised exchange if you are happy with the trade-offs like KYC and the fees they charge; the only real concern is how long you leave your funds exposed in their custody.
Exchanges might look like trustworthy businesses, but you have no idea what’s going on behind the scenes, so you always have to trust that your claims can be redeemed. So why trust at all? Why not verify by pulling your funds on chain.
Try to limit your time on these bridges and either take self-custody or at least reduce your exposure to something you are happy to lose. So good luck, keep stacking. Stay informed, stay cautious, keep asking questions, and trust no one, and together, we can uncover the hidden risks.