Surviving A Crypto Exchange Crash: How to Keep Your Funds Safe

On November 10th, FTX — the second-largest crypto exchange in the world — stopped all customer withdrawals. And just like that, one to two billion dollars worth of customer’s funds simply disappeared.

Unfortunately, this is a tale that has already repeated itself twice in crypto, with FTX being only the latest installment in the saga of “exchanges that suddenly go under and leave their customers without access to their tokens.” It’s such a specific genre, but an unfortunately popular one.

First there was Mt. Gox, which was hit by hackers and forced to declare bankruptcy in 2014.

Then there was Quadriga, whose founder suddenly died (or “died”) and didn’t leave anyone with access to the exchange’s wallet keys in 2018.

And now we have FTX in 2022, which abruptly failed due to poor business practices coming to light and a public spat with Binance. We won’t get into the exact details here, but suffice to say that it was a messy and very quick fall from grace — leaving in its wake over a million individuals and businesses who lost money in the crash.

Unfortunately in the case of these exchanges, what’s done is done. And if the current trend is anything to go by, we’ll be due for another catastrophic crash in about four years.

But fortunately, with just a little advance preparation, you can protect yourself from any future exchange crashes. The principle is simple: use whatever exchange you like, but store your tokens somewhere safe. Specifically, in a wallet that you own.

How can crypto exchanges freeze withdrawals?

To understand why making such a simple change can eliminate so much risk, we first need to understand how crypto exchanges get so much power over people’s tokens.

Your account balance is just an IOU.

When you buy or exchange tokens on a centralized exchange (or CEX), they go into an account with your name on it. But your “account” is really just a piece of information in the exchange’s database, which now says that they owe you a certain amount of tokens. Basically, the exchange took your money and wrote down an IOU in a spreadsheet. It may look like you have a crypto wallet that has tokens in it when you log into the exchange’s site, but this is just the user experience they choose to show you.

It’s worth noting here that this is the same way that any traditional bank works. The bank has a central pool of money that it can distribute among people, invest, and loan out, and your account balance at the bank works as an IOU that tells the ATM how much money you’re entitled to take out of that pool. There’s no bank safe with stacks of cash set aside for you — just a system that will hopefully have the amount of money you’re allowed to withdraw, when you want to withdraw it.

Not your keys, not your crypto.

If you don’t take your cash out of the bank, then the bank still has full control over it. And if you don’t move your tokens off an exchange, then the exchange still has full control over them so long as they remain in the exchange’s wallet.

For a brief review of how wallets work, to hold any currency on a blockchain, you need at least two keys:

  • A public key, which allows people to deposit tokens into a wallet, and
  • A private key, which allows the owner to take tokens out of the wallet

When you have tokens on a centralized exchange, you may have access to the public key (you probably used it to send funds to the exchange’s wallet to complete your transaction), but you will never have access to the private key. That stays with the exchange, so that they have full control over their pool of tokens and can prevent users from withdrawing from it in a crisis. It’s the principle of “not your keys, not your crypto” at work.

Why would an exchange prevent you from getting your tokens?

Now that we know how crypto exchanges can stop you from getting your tokens, let’s take a look at why. While there can occasionally be one-off reasons why certain users are prevented from claiming their assets on a centralized exchange — concerns about money laundering and human trafficking come to mind — there’s only one reason why an exchange will suddenly deny everyone’s withdrawals at once.

Liquidity.

It’s not you, it’s the bank.

Both banks and centralized exchanges typically don’t sit on their pool of cash and keep it all handy in case everyone wants to withdraw their money at once. Instead, they’ll use it to try and create more money — often through investing and giving out loans with interest. But currency that’s tied up in investments and loans is illiquid, meaning that it can’t be used to cover users’ withdrawals, so the banks and exchanges try to keep enough currency freed up (i.e. liquid) to cover the daily average flow of transactions.

But what happens when the number of withdrawals happening in a day is higher than the average, so there are more people trying to access their money than expected? A liquidity crisis.

A crowd at New York’s American Union Bank during a bank run, a type of liquidity crisis, early in the Great Depression. (National Archives Photo, Public domain, via Wikimedia Commons.)

When a liquidity crisis happens, the bank or exchange doesn’t have enough liquidity to cover the amount of money that everyone is trying to pull from the pool, so they forcibly pause transactions. They don’t have much of a choice — there’s simply not enough to go around.

In a good situation, the bank or exchange can find a way to liquidate more funds and resume withdrawals again. In a bad situation (like with FTX) they will file for bankruptcy and anyone who lost money will have to hope that the courts can get some of it back.

Can we force exchanges to be more responsible?

Because of the FTX debacle, the CEO of Binance recently suggested making the practice of proof of reserves more common for crypto exchanges, because it asks exchanges to prove that they keep enough currency on hand at all times to cover customer withdrawals.

Proof of reserves would go a long way towards protecting consumers from another exchange crash, and it’s a good policy for the crypto industry to implement at large. But it’s worth noting that proof of reserves, whether conducted internally or by an auditor, are not a 100% guarantee of safety, because:

  • They don’t consider possession of private keys, so if an exchange had a wallet with enough reserves but lost access to the key (and thus the funds), this wouldn’t be reflected by the audit.
  • Unless an exchange commits to an ongoing process of proving their reserves (which is uncommon), then there’s the fact that a proof of reserves audit only captures one point in time, so the exchange could temporarily borrow funds to pass the liquidity requirement.
  • Even if an exchange has adequate proof of reserves, there’s the possibility that they could be hacked or compromised at any time — just like with Mt. Gox. In that case, an exchange could lose funds very quickly, despite previously having enough cash.

Which brings us back to the conclusion that the only way to keep yourself safe from exchange crashes is to keep your tokens in your own wallet.

How to choose the right wallet to keep your funds safe

There are two main types of crypto wallets: custodial wallets, and non-custodial wallets. The idea of “custody” here refers to who holds the wallet’s private key.

Custodial wallets: still not your keys, still not your crypto.

With a custodial wallet, someone else has “custody” of your private key — just like how a legal guardian can have custody of your child. You trust the wallet company to keep your private key safe, but you yourself do not have access to it. And by not having access to that private key, you’re essentially forced to ask the wallet company for permission every time you want to take tokens out of your wallet. They can tell you no, just like a centralized exchange can.

Non-custodial wallets: your keys, your crypto, no matter what crashes.

With a non-custodial wallet (also sometimes called a self-custodial wallet), the wallet company doesn’t keep any record of your private key, so you’re the only person on earth who has access to your funds. No one can ever stop you from accessing or withdrawing those tokens, so you have complete control, regardless of what happens to any exchanges or the markets at large. In essence, with a non-custodial wallet, you become your own bank.

If you’re using a non-custodial wallet, then you can use centralized crypto exchanges like Binance or Coinbase with very few worries, so long as you always move your tokens immediately from the exchange to your wallet. There is still some chance that in the small gap between performing a transaction and moving the coins to your wallet, the exchange could start blocking withdrawals — but for many individuals, this is an acceptable level of risk in return for the ease and convenience that centralized exchanges offer.

To eliminate the risk of being burned by centralized exchanges entirely, you can use a non-custodial wallet with a decentralized exchange (DEX). Decentralized exchanges don’t have a way of holding tokens for users and they don’t have a central pool of money, because they’re actually peer-to-peer marketplaces that facilitate token swaps through smart contracts.

Becoming your own bank: with great security comes great responsibility.

Having ways to eliminate the risks of losing funds during centralized exchange crashes sounds great. And it is great, because it gives you full control over your assets, which is what many people dream of when they join the crypto community. But it would be irresponsible not to address some of the issues that can arise when people manage their own non-custodial wallets without being prepared.

How to find the right non-custodial wallet for you

First of all, it’s important to do your research when choosing a non-custodial wallet. Ask yourself:

  • Is it clear that I’m the only person with the private key to my wallet?
  • Does the wallet company collect any of my private information? (The answer should be no.)
  • Will it work with the tokens and chains that I want to transact on?
  • Does it have the level of security that I want?

The Anchor wallet for Antelope chains, for instance, is non-custodial and doesn’t collect any of your personal data. It also gives you the option of using a Ledger, a hardware wallet that provides another layer of security for your private key.

How to make sure you won’t lose your wallet

Once you have a non-custodial wallet and your private key in hand, it’s time to consider how you’re going to keep that key safe. Because now that you’re safe from centralized exchanges and custodial wallets, the biggest threat to accessing your funds is… yourself.

Ideally, you’re the only person who knows your private key, which means you’re the only person who can access your funds. But if you lose your private key for any reason — you wrote it down wrong, you lost the paper you wrote it on, you kept it on your phone but your phone broke, etc. — then no one, not even you, will ever be able to open your wallet. It’s predicted that 20–25% of the world’s Bitcoin supply has been lost this way, so this is a very real possibility.

If you’re ready to get your own non-custodial wallet (or if you already have one!) then it’s worth researching the ways that you can keep your private key safe. We recommend starting with our recent blog post, It’s Time to Put the Nightmare of Lost Crypto Wallets Behind Us.

In general, the level of safety you should use for your private key should be proportional to the amount of funds you keep your wallet, but here’s a few good rules of thumb:

  • Keep a copy of your private key with your important documents, like your passport
  • Take advantage of any safety or backup features that your wallet offers, like Anchor’s Owner Key Certificate
  • Test your private key backup once you create it, to make sure you know how to restore access to your wallet

And there you have it! With a non-custodial wallet and a safely stored private key (and maybe a new favorite decentralized exchange), you can rest easy knowing that the next crypto exchange crash won’t affect you.

Stay safe out there!

--

--

An organization built to facilitate the growth of distributed ledger technologies and the infrastructure powering them.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Greymass

An organization built to facilitate the growth of distributed ledger technologies and the infrastructure powering them.