Centralized exchanges remain the most popular way to store cryptocurrencies — thanks to their simple and intuitive interface, wide functionality, as well as quick access to assets and trading operations. However, their use comes with risks — users face hacks, account freezes, regulatory restrictions, and technical failures.

In this article, we will examine the most common risks of storing cryptocurrencies on centralized exchanges and explain how to avoid them.

Why exchanges are popular for storing cryptocurrencies and yet risky

For most users, exchanges serve as a starting point in the crypto market due to a quick start, lack of technical difficulties, and access to buying and selling with a convenient interface.

Despite these significant advantages, beginners do not realize that they do not own the private keys to their wallets. This means that the cryptocurrency is effectively stored on the exchange and the asset owner does not control them.

The client does not manage their assets directly but only gains access through the platform itself. In case of problems, access to funds may be restricted or completely lost.

The most famous case is the collapse of the FTX exchange in November 2022, which resulted in multibillion-dollar losses for clients. The platform, considered one of the largest and most reliable on the market, suddenly suspended withdrawals and soon filed for bankruptcy. Thousands of users lost access to their assets without technical means to recover them, and there were no legal guarantees of compensation.

Main risks of storing cryptocurrencies on exchanges

Exchanges are a convenient way to store cryptocurrency, especially for active traders. However, behind the comfort lies a number of threats that can lead to a total loss of funds. Let's review the most common ones.

Hacks and cyberattacks

Exchanges are often targeted by hackers, threatening users' assets stored there. Despite having modern protection systems, including cold wallets, multi-factor authentication, and activity monitoring, risks still remain.

On February 21, 2025, the cryptocurrency exchange Bybit suffered the largest hack in crypto market history. Hackers managed to steal $1.5 billion from the exchange’s cold wallet. Despite quick reserve restoration and launching a reward program to help recover assets, the incident showed how vulnerable even major market players are.

Exchange bankruptcy or fraud

One of the most critical risks is losing access to assets due to financial problems of the platform itself. Centralized exchanges manage users’ funds and, without proper oversight, can use them for their own purposes.

An example is the already mentioned FTX collapse in 2022. The exchange’s founder, Sam Bankman-Fried, transferred client funds to the affiliated Alameda Research fund for speculation and financing third-party projects. After the scheme was revealed, the company went bankrupt, leaving thousands of users without access to funds. Bankman-Fried was later sentenced to a lengthy prison term for financial crimes.

This case clearly demonstrates that in the event of centralized platform bankruptcy, users are left unprotected. Legal proceedings last for years, and the chance of full compensation often depends on the platform's jurisdiction.

Regulatory restrictions and account freezes

Cryptocurrency exchanges must comply with international norms and laws of the jurisdictions where they operate, including sanctions and restrictions. Even if the user is not personally sanctioned, their assets may be frozen due to their country of residence or interactions with certain addresses.

In 2024, many Iranian users faced account freezes on international platforms. The cause was suspicions of local exchanges’ ties to Iranian government entities. As a result, many clients could not withdraw funds, and some exchanges completely stopped servicing users from the region. Such situations can arise suddenly, without notifications or appeal options.

Technical failures and account freezes

To provide instant transactions, exchanges use hot wallets and cloud servers. These components are vulnerable to overloads, update errors, software vulnerabilities, and external attacks. When problems occur, platforms often temporarily suspend withdrawals.

In 2014, there was an incident with Coinbase when users could not see their balances or withdraw funds. The issue was related to the platform’s internal server and was technical, not caused by external attacks, leading to such a failure.

Although such failures are quickly fixed, their occurrence is critical during sharp market price fluctuations, when active position management and trading are required.

Lack of insurance and compensation

Unlike bank deposits, balances on centralized crypto exchanges are not covered by government insurance. Even major platforms’ compensation funds, like Binance SAFU or Coinbase reserves, are limited in size and do not guarantee full loss coverage in a large-scale incident.

Moreover, such programs often do not cover user actions — for example, loss of account access, email compromise, or personal data theft due to fraud.

In the absence of an industry-standard insurance and reliable legal regulation, users of centralized platforms remain comparatively unprotected. This requires a more careful approach to choosing an exchange and ways to store assets in general.

Hidden risks exchanges don’t talk about

Besides obvious threats mentioned in rules and user agreements, there are several hidden risks. These risks are directly related to platform operational activities and are difficult to detect if the company does not disclose its operational details. They represent the greatest danger to deposits.

Use of client funds

Some exchanges may use users’ deposits to maintain liquidity, internal settlements, or credit operations. Most often this happens without explicit client notification or under the guise of "passive income" and "deposit" programs.

In cases of bankruptcy, legal proceedings, or operational failures, such assets are the first candidates for freezing or confiscation. The user learns about this post-factum, when recovering funds is nearly impossible.

Hot wallet vulnerabilities

Hot wallets are a constant attack vector since they are connected to the network 24/7. Even if the majority of reserves are kept in cold storage, usually 5–10% of funds are online for quick withdrawals and liquidity support.

Any vulnerability, exploit, or phishing scenario can lead to instant losses. Crypto market history knows dozens of cases where millions of dollars were stolen via hot wallets, and users found out about thefts only through post-factum notifications.

Internal threats and human factor

Even large and regulated exchanges remain vulnerable to actions of their own employees or contractors. In May 2025, hackers bribed employees of one of Coinbase’s partner companies, gaining access to client data and attempting to extort $20 million.

Each additional contractor involved in storage or servicing processes increases the risk of internal incidents. The human factor remains the "weakest link" of any ecosystem.

Lack of transparency in asset management

Most users have no real understanding of where and how the exchange stores their funds. How many assets are in hot wallets? How many in cold? Are deposits used in third-party operations? These questions rarely receive direct answers.

Even having Proof-of-Reserve does not guarantee full transparency. Such reports only show the presence of a certain amount of digital assets at a specific time but do not disclose their use or obligations to clients.

Summary of hidden risks

Each of the listed factors alone may not seem critical. But together they form a situation where the user entrusts their assets to the platform without real control and full information. This creates a fundamental risk of storing cryptocurrencies on exchanges.

How to minimize risks when using exchanges

If a centralized exchange remains the main tool for trading and asset exchange, it is important to build your own protection system. No platform guarantees complete safety of funds, so the trader's task is to minimize potential losses and remain the controlling party in any situation.

• Keep only the trading part of your portfolio on the exchange. Transferring all capital to the exchange is the most common beginner's mistake. Only the amount of assets you actively use in trades should be on the platform. The main part of the portfolio should be stored in external wallets where you control the private keys. This reduces dependence on the exchange and minimizes risks in case of its blocking, hacking, or bankruptcy.
• Maximally protect your account. Enable two-factor authentication, set up an anti-phishing code, and configure a whitelist of trusted withdrawal addresses. Even if your data falls into the hands of attackers, these measures significantly complicate unauthorized access. The anti-phishing code also helps distinguish official emails from fake ones, especially important during mass attacks.
• Transfer large amounts to hardware wallets. Hardware wallets are the main tool for long-term capital protection. They are not connected to the internet and are fully isolated from network threats. Even if the exchange is compromised or the account hacked, your main assets remain out of risk.
• Check the reputation and transparency of the platform. Before trusting significant funds to an exchange, make sure of its reliability. Study whether it publishes verifiable Proof-of-Reserve reports and undergoes independent audits. Transparency reduces the risk of sudden liquidity shortages and hidden manipulations with clients’ assets.

Following these principles does not guarantee absolute security but helps reduce vulnerabilities to a minimum. The main goal is to keep control over your cryptocurrency and not depend entirely on centralized platform decisions.

Alternative ways to store cryptocurrencies

Centralized exchanges are convenient for trading and quick asset exchange but are not suitable for long-term storage. The main reason is simple — the user does not control private keys, so in case of a hack or problems on the platform side, their funds are at risk. For those who want to maintain full control over their cryptocurrency, there are two main solutions.

Hardware wallets

Ledger, Trezor, and other hardware wallets are considered the gold standard for protecting digital assets. Private keys never leave the device, even during transaction signing. This protects against phishing, exchange account hacks, and remote unauthorized access.

The main downside is the high price and the need for responsible storage. Losing the device or mnemonic phrase will lead to irreversible loss of funds as recovery will be impossible.

Non-custodial software wallets

MetaMask, Rabby, or Trust Wallet allow managing cryptocurrency directly without exchange involvement. The user controls the keys and signs transactions themselves, making these wallets convenient for working with DeFi platforms and transfers.

This is a more accessible and convenient option compared to hardware wallets, but it requires strict adherence to security rules: storing the mnemonic phrase offline, avoiding phishing, and protecting the device from malware.

The conclusion is simple: exchanges provide convenience, and external wallets provide control. The choice depends on what matters more to the user — quick access to trading or guarantee of capital safety.

New risks of storing funds on exchanges in 2025

Classic threats like hacks or platform bankruptcies remain relevant, but in 2025 new factors appeared that significantly increase users’ vulnerability on crypto exchanges.

Increased regulation and account blocking

Global regulators have finally removed cryptocurrency from the "gray zone." Now most major exchanges must be licensed, comply with KYC/AML, report transactions, and block users from sanctioned countries.

The Garantex case showed that regulators can freeze accounts, and exchanges block access to funds without prior notice. For clients, this means sudden loss of control over assets and inability to withdraw them. Even if the block is temporary, funds remain "frozen," and resolving the issue often takes months.

AI and deepfake-based attacks

2025 has become a breakthrough year in applying artificial intelligence for fraud. According to Bitget, SlowMist, and Elliptic, users lost $4.6 billion last year due to phishing and AI-based attacks.

Attackers create perfect copies of exchange websites, generate phishing emails, and even deepfake calls from "support staff." One of the most dangerous scenarios is fake login pages indistinguishable from originals. The scale and automation make such attacks particularly hard to detect.

Malicious browser extensions and plugins

Another current risk in 2025 is malicious browser extensions. They disguise themselves as useful tools for price monitoring, DeFi or NFT analytics and infiltrate even official stores like Chrome Web Store and similar platforms.

After installation, they can access wallets and other data, often lying dormant until a large sum arrives, then redirect transactions to fake addresses or wipe the balance completely.

This attack vector is especially dangerous given the popularity of browser wallets like Rabby and Phantom, which are actively used for Web3.

Centralized exchanges remain an important part of crypto infrastructure, providing convenient and familiar service, but comfort comes with risks. From regulatory blocks to phishing and system infection — threats are becoming more sophisticated.

There is no universal solution, but avoiding full dependence on exchanges and understanding real risks helps minimize losses and keep control over your assets.

Conclusion

Storing cryptocurrency on an exchange is convenient but risky. Even the largest platforms cannot be 100% reliable: problems may arise from technical failures to regulator intervention. It is important to understand: users do not own the keys — and this is not just a phrase but a fundamental vulnerability.

Store cryptocurrency so that control remains in your hands. Because for the comfort exchanges offer, you always pay — with informational transparency, key access, and even the ability to withdraw your assets. In 2025, more than ever, personal responsibility and the approach "cold wallet > hot platform" are important — especially if you want to preserve not just assets, but freedom of choice and confidence in the future.

In the article, we covered the main risks of storing cryptocurrencies on exchanges and how to avoid them.

Minimize risks and profit trading cryptocurrencies. If you have questions — feel free to ask, we are always happy to help.