{"id":12707,"date":"2023-08-02T16:56:39","date_gmt":"2023-08-02T16:56:39","guid":{"rendered":"https:\/\/cryptoheretostay.com\/?p=12707"},"modified":"2023-08-02T16:56:41","modified_gmt":"2023-08-02T16:56:41","slug":"what-do-crypto-exchanges-really-do-with-your-money-cointelegraph-magazine","status":"publish","type":"post","link":"https:\/\/cryptoheretostay.com\/?p=12707","title":{"rendered":"What do crypto exchanges really do with your money? \u2013 Cointelegraph Magazine"},"content":{"rendered":"<script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"crypto\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script>\n<p><strong>So, you\u2019ve deposited some cryptocurrency onto an exchange. You expect that these funds will be held in your name as a liability, with safeguards in place to make sure that you can withdraw them when you wish.<\/strong><\/p>\n<p>However, this is not necessarily the case.<\/p>\n<p>Sitting down with Magazine, Simon Dixon, CEO of global online investment platform BnkToTheFuture, warns that the murky lines between regulations in the crypto industry mean that customers must be extremely cautious about where they stash their crypto.<\/p>\n<p>\u201c[The cryptocurrency industry] was created by businesses that want to build financial institutions, and robust financial history has shown that if you leave them to their own devices, they won\u2019t respect client money.\u201d<\/p>\n<p>Take FTX for example. Dixon notes that former FTX CEO Sam Bankman-Fried allegedly treated customer funds as if they were his own, tipping billions into Alameda Research.<\/p>\n<p>\u201cFTX would use those assets for their sister company hedge fund and then find themselves in a position where the hedge fund had lost all of their money,\u201d Dixon says, emphasizing that this led to there being no assets for clients to withdraw.<\/p>\n<p>Dixon has invested more than $1 billion in \u201cover 100\u201d different crypto companies, including Kraken and Ripple Labs. One of the projects BnkToTheFuture raised money for turned out to be one of the biggest crypto disasters in recent times: bankrupt crypto lending platform Celsius.<\/p>\n<p>Before its collapse in July 2022, Celsius was allegedly using money from new customers to pay off attractive yields promised to other existing customers. He says Celsius caught investors and customers off guard by treating their client money \u201cas if it were their own.\u201d<\/p>\n<p>Crypto opponents like United States Representative Brad Sherman characterized this behavior as endemic to the cryptocurrency ecosystem:<\/p>\n<p lang=\"en\" dir=\"ltr\">During the #SBF saga, I said the supporters of #crypto will say that Sam Bankman-Fried was just one snake in a crypto Garden of Eden. But in reality, crypto was a Garden of Snakes.<\/p>\n<p>Since then, we seem to catch another snake every few weeks.#Celsius https:\/\/t.co\/0Fgz6yYj7D<\/p>\n<p>\u2014 Congressman Brad Sherman (@BradSherman) July 13, 2023<\/p>\n<p>So, what are all the other crypto exchanges actually doing with your money? Even if they\u2019re not outright frauds, can you trust exchanges to safeguard your funds?<\/p>\n<p>There are hundreds of crypto exchanges across the globe, spanning from more trustworthy to outright fraudulent.\u00a0<\/p>\n<p>Crypto market tracker CoinMarketCap tracks 227 of these exchanges, which among them have an approximate 24-hour trading volume in July of around $181 billion (if you ignore accusations of rampant wash trading).<\/p>\n<p>Adrian Przelozny, CEO of Australian crypto exchange Independent Reserve, tells Magazine that consumers should \u201calways be mindful\u201d of the distinction between the business model of an exchange versus a broker.<\/p>\n<p>An exchange usually keeps its customers\u2019 assets directly in its own storage. This means they can\u2019t really use those assets to make extra profit for themselves. Przelozny explains that Independent Reserve has enough liquidity on the platform so that when you place an order on the exchange \u201cyou are trading against another customer.\u201d<\/p>\n<p>On the flip side, brokers may entail counterparty risks to other exchanges by holding customers\u2019 crypto assets on the exchange to earn some extra money.<\/p>\n<p>This helps the broker rake in more funds, but it also puts the customer at risk. Przelozny emphasizes that brokers cannot earn a return using clients\u2019 assets without taking a risk.<\/p>\n<p>He warns that with a brokerage-type business model, when you place an order, that platform has to essentially run off in the background to acquire the asset you want.<\/p>\n<p>\u201cThe platform has to get the liquidity from another exchange, so they place the order on behalf of the customer and then that customer is actually exposed to counterparty risk.\u201d<\/p>\n<p>A counterparty risk is when there is a chance that another party involved in a contract might not hold up their end of the deal. It gets riskier when a broker keeps customer funds or assets on another exchange because if that exchange goes bust, the customer assets could go down the drain as well.<\/p>\n<p>It\u2019s a word that would probably send shivers down the spines of the executives at Australian-based crypto broker Digital Surge, which found itself in hot water right after FTX went down.<\/p>\n<p>The Australia-based broker went into administration after it had transferred $23.4 million worth of its assets to FTX, just two weeks before the whole collapse happened in November 2022.<\/p>\n<p>Digital Surge managed to pull off a lucky escape with a bailout plan; however, it did involve directors Daniel Rutter and Josh Lehman personally chucking $1 million into the mix.<\/p>\n<p>Crypto lender BlockFi and crypto exchange Genesis weren\u2019t so lucky: Both ended up filing for Chapter 11 bankruptcy due to being exposed to the FTX mess.<\/p>\n<p lang=\"en\" dir=\"ltr\">#Genesis was an institutional crypto lending platform for other crypto lenders so here are the publicly disclosed Chapter 11 creditors. Expect #Gemini to file Chapter 11 with $765m exposure.  Also listed is #Abra $30m &amp; #Ripio $27m. Full disclosure I am a shareholder in Abra. pic.twitter.com\/xkFlNaZGrP<\/p>\n<p>\u2014 Simon Dixon (@SimonDixonTwitt) January 20, 2023<\/p>\n<p>So, while an exchange has fewer avenues to generate profits compared to a broker, it prioritizes the safety of funds.\u00a0<\/p>\n<p>Dixon explains that if a crypto broker is storing client assets on another exchange, such as Binance, for example, the broker should be transparent with the client that \u201cif anything were to go wrong\u201d with Binance, the assets would be hard to retrieve.\u00a0<\/p>\n<p>In the case of the crypto exchange side of BnkToTheFuture, Dixon makes it clear that as a \u201cregistered virtual asset service provider,\u201d it has to have disaster recovery, and all clients\u2019 assets need to be distributable at all times, even if the parent company \u201cgoes down.\u201d<\/p>\n<p>\u201cWe actually can\u2019t use [client assets] in any way shape or form as per our [securities] registration,\u201d Dixon says.<\/p>\n<p>He explains that a securities registration holds an exchange to a higher standard, as it sets policies in place that need to be tested against them regularly.<\/p>\n<p>A securities registration basically requires an exchange to hold those assets and maintain comprehensive records verifying the customer as the real owner of those assets, as well as the exchange being subject to regulatory inspections.<\/p>\n<p>Coinbase\u2019s and Binance\u2019s recent legal troubles with the United States Securities and Exchange Commission stem from allegations of operating as unlicensed securities exchanges, meaning both weren\u2019t held to the recordkeeping and safeguard requirements that a license would mandate.<\/p>\n<h2 id=\"h-what-happens-after-i-deposit-funds-into-a-crypto-exchange\"><strong>What happens after I deposit funds into a crypto exchange?<\/strong><\/h2>\n<p>So, what actually happens when you deposit $50 or $50,000 into an exchange and buy some crypto?<\/p>\n<p>In the exchange model, where users trade directly with one another, it\u2019s like a one-on-one deal. When your digital asset order is executed, your money goes straight to the person you\u2019re buying from. The assets stay within the exchange throughout the whole transaction.<\/p>\n<p>When it comes to a brokerage-type model, you\u2019re buying the asset from the broker directly.<\/p>\n<p>So, the money goes into the broker\u2019s trust account first. Then, the broker takes that money and uses it to acquire the assets you want. Essentially, they\u2019re playing matchmaker between your money and assets. The asset is then generally held on another exchange.<\/p>\n<p>Regardless of whether your assets are hanging out on the exchange where you bought them, or with a counterparty linked to the broker you used, they will call home either a hot wallet or a cold wallet.<\/p>\n<p>Hugh Brooks, director of security operations at crypto audit firm CertiK, explains to Magazine that most major exchanges \u201cstore customer assets in a combination of hot and cold wallets.\u201d<\/p>\n<p>A hot wallet is a cryptocurrency wallet that is connected to the internet and allows for quick transactions. On the other hand, a cold wallet is stored offline, is secure and keeps your crypto safe from hackers.<\/p>\n<p>While having 100% of customer assets in a cold wallet would be ideal for safety reasons, it is not feasible for liquidity reasons. Brooks says:\u00a0<\/p>\n<p>\u201cWhile hot wallets provide convenience in terms of easy and fast transactions, they are also more susceptible to potential security threats, such as hacking due to their internet connection. Hence, exchanges usually keep only a fraction of their total assets in hot wallets to facilitate daily trading volume.\u201d<\/p>\n<p>Przelozny says that, in the case of Independent Reserve, \u201c98% is held offline in a cold storage vault\u201d managed by the exchange, and the rest is in a \u201chot wallet in the exchange.\u201d<\/p>\n<p>James Elia, general manager of exchange CoinJar, tells Magazine that his exchange similarly keeps the \u201cvast majority\u201d of assets in cold storage \u201cor private multisig wallets\u201d and maintains full currency reserves at all times.<\/p>\n<p>He says that CoinJar uses a mix of \u201cmultisig cold and hot wallets through BitGo and Fireblocks to store customer funds.\u201d<\/p>\n<p>Crypto.com is unusual in that it offers customers both a custodial and noncustodial option.<\/p>\n<p>\u201cThe Crypto.com DeFi Wallet is a noncustodial option,\u201d a spokesman says in comments to Magazine. This means its customers have full control of their private keys. Meanwhile, the Crypto.com App is a digital currency brokerage \u201cthat acts as a custodian\u201d and stores cryptocurrencies for customers. The spokesperson says that its crypto assets are \u201csafely held in institutional grade reserve accounts and are fully backed 1:1.\u201d<\/p>\n<h2 id=\"h-further-solutions\"><strong>Further solutions<\/strong><\/h2>\n<p>However, relying solely on accounts that claim to be secure is no longer sufficient in the unpredictable world of crypto.<\/p>\n<p>In line with many other major crypto exchanges, such as Binance, Gemini, Coinbase, Bittrex, Independent Reserve, CoinJar and Kraken, Crypto.com has also adopted a self-custody infrastructure platform called Fireblocks.<\/p>\n<p>Fireblocks focuses on ensuring the exchange securely stores and manages customers\u2019 digital assets in an advanced and secure way. The firm utilizes multi-party technology computation (MPC technology), which is similar to a multisig wallet and is never held or created in a single place.\u00a0<\/p>\n<p>While the infrastructure custody platform doesn\u2019t hold any assets itself, which remain on the exchange, it can incorporate features such as multisignature authentication and encryption into the exchange. This is done to minimize the risk of fraud, misuse of funds and malicious attacks.<\/p>\n<p>It also makes it a lot harder for a sneaky employee to authorize a dodgy transaction or, even worse, drain customer assets out of the exchange.\u00a0<\/p>\n<p>Shane Verner, director of sales for Australia and New Zealand for Fireblocks, tells Magazine that initially, Fireblocks will shard the exchange\u2019s crypto wallet private keys into three parts.<\/p>\n<p>Read also<\/p>\n<p>                            Features<\/p>\n<p>Sell or hodl? How to prepare for the end of the bull run, Part 2<\/p>\n<p>                            Features<\/p>\n<p>Is Ethereum left and Bitcoin right?<\/p>\n<p>A wallet\u2019s private key is similar to a password or a PIN and is a combination of letters and numbers serving as the sole requirement to sign transactions and manage digital assets.<\/p>\n<p>On the other hand, a wallet\u2019s public key is the address you give for people to send you crypto, like a bank BSB and account number.<\/p>\n<p>One shard of the private key is given to the exchange, while Fireblocks safeguards the other two shards in encrypted hardware in geographically discrete data centers. Essentially, it involves splitting the secret code into three pieces and hiding each piece in a different spot.<\/p>\n<p>Every large transaction on a crypto exchange integrated then requires the three shards to come together to approve the transaction.<\/p>\n<p>The three shards only unite when the exchange fulfills the obligations set out by Fireblocks for the transaction approval process. Verner says this is the \u201cmost critical\u201d part of the integration.<\/p>\n<p>Dixon says this manages risk in a \u201cmuch better way,\u201d as Fireblocks allows exchanges to \u201cwrite rules into transactions.\u201d<\/p>\n<p>An example of these rules is the exchange setting a required number of employees to sign off on transactions. This can be modified as the customer list grows.<\/p>\n<p>For example, let\u2019s say the exchange used to allow three employees to sign off on transactions of $10,000 and above but then decide that isn\u2019t enough, and they increase the requirement to five employees. The number of employees required to approve a particular transaction depends on the size of the transaction.<\/p>\n<p>Within exchanges, there are then employees assigned with the task of manually approving large transactions. Verner explains that the number of employees in the various \u201cquorums\u201d increases in proportion to the size of the transaction.<\/p>\n<p>\u201cThey all register their face ID on their mobile phone. They all put in their authorization code as well. So, it\u2019s two-factor, and everything gets approved,\u201d Verner says.<\/p>\n<p>\u201cThen that goes into the Fireblocks infrastructure, where our two shards have been told that they can come together and authorize the transaction,\u201d he further explains.<\/p>\n<p>While pointing out that every exchange is different, he says that small transactions up to a certain amount of money can automatically go through and do not require human approval.<\/p>\n<p>\u201cIt\u2019s entirely at the discretion of the exchange in question, but it\u2019s critical,\u201d says Verner, adding, \u201cThey might say every transaction between $100 and $1,000 is automatic.\u201d<\/p>\n<p>The limits imposed by exchanges vary depending on their specific demographic. Exchanges catered to retail investors are going to have lower limits because it wouldn\u2019t expect to see many $10,000+ transfers.<\/p>\n<p>However, if you start sending large amounts, you may find yourself attracting more attention than you anticipated.<\/p>\n<p>The larger the amount, the greater the number of approvals required. For example, for $1 million worth of Bitcoin, you may need a quorum of eight to 10 authorized approvers within the business to enable that transaction.<\/p>\n<p>\u201cIf one says no, they all say no,\u201d Verner says.<\/p>\n<p>\u201cEffectively, really big amounts are always going to require human intervention because you don\u2019t want somebody taking $1 million off their exchange without a bunch of approvers within your organization approving.\u201d<\/p>\n<h2 id=\"h-fox-in-the-henhouse\"><strong>Fox in the henhouse<\/strong><\/h2>\n<p>Verner warns that none of the above security matters mean anything if a crook runs the exchange.<\/p>\n<p>If the head of an exchange is \u201cprepared to corrupt the governance layer,\u201d then all the security measures put in place become essentially useless.<\/p>\n<p>He runs through a simple example of a dubious CEO controlling all the authorizers in the quorum, and then doing as they please. In such a scenario, the CEO can act freely to his own desires.<\/p>\n<p>\u00a0<br \/>In the case of FTX, Bankman-Fried allegedly demanded that his co-founder Gary Wang create a hidden way for his trading firm Alameda to borrow $65 billion of client funds from the exchange without anyone knowing.\u00a0<\/p>\n<p><em>In November last year, Bankman-Fried was called before Congress to testify about the exchange\u2019s collapse.<\/em> (C-SPAN)<\/p>\n<p>Wang allegedly sneaked in a single number into millions of lines of code for the exchange. This sly move created a line of credit from FTX to Alameda without customers ever giving their consent to such an arrangement.<\/p>\n<p>To avoid foul play from someone on the inside, many exchanges are putting more security measures in place as the industry matures.<\/p>\n<p>Elia says that all CoinJar employees must pass a criminal background check before joining the company and are required to take part in ongoing security and Anti-Money Laundering training.<\/p>\n<p>He says that \u201cmultilevel data encryption, ongoing security audits and institutional-grade organization security to protect customer accounts\u201d are also employed. CoinJar also uses \u201cadvanced machine learning\u201d to recognize suspicious logins, account takeovers and financial fraud.<\/p>\n<h2 id=\"h-how-do-you-conduct-due-diligence-on-an-exchange\"><strong>How do you conduct due diligence on an exchange?<\/strong><\/h2>\n<p>The phrase \u201cdo your own research\u201d has become somewhat of a rallying cry in the crypto space when it comes to investment, and many believe the same should apply for choosing your exchange.\u00a0<\/p>\n<p>Przelozny emphasizes that consumers should always research any exchange before depositing funds and not \u201cexpect others\u201d to do due diligence for them.\u00a0<\/p>\n<p>The United States Commodity Futures Trading Commission advises on its website that you should look to see if the crypto exchange actually has a physical address.\u00a0<\/p>\n<p>Most countries now require cryptocurrency exchanges to obtain licenses, with regulators providing public info on digital currency exchange license requirements and providing databases of registered entities.\u00a0<\/p>\n<p>Users can also check social media and independent review websites (not the exchange itself) to see what customers are saying.<\/p>\n<p>Przelozny says that customers should scrutinize the terms and conditions of the exchange meticulously, paying close attention to anything that suggests the exchange will earn a yield on clients\u2019 assets, as that means the exchange has \u201cevery right\u201d to do that.<\/p>\n<p>He adds that investors should not flock to an exchange just because their \u201cfavorite athlete\u201d is promoting it. The $1-billion lawsuit taken against influencers who promoted FTX and failed to disclose compensation should serve as a cautionary tale.<\/p>\n<p><em>Kim Kardashian settled a lawsuit for $1.26 million for promoting an unregistered security on Instagram.<\/em> <em>(Going Concern)<\/em><\/p>\n<p>Dixon similarly advises investors not to get sucked in by the advertising or marketing schemes and instead focus on the fundamentals.<\/p>\n<p>\u201cI think affiliate marketing and financial products should never be combined,\u201d Dixon says, noting he does not sign up influencers or celebrities to promote BnkToTheFuture or online shills.\u00a0\u201cWe won\u2019t actively incentivize people to talk about our business because they\u2019ll get it wrong, and they\u2019ll get us in trouble.\u201d<\/p>\n<p>That said, Dixon finds that authentic word of mouth between friends and family remains an incredibly powerful means of establishing trust in exchanges.\u00a0<\/p>\n<p>Dixon explains that while there may be uncertainty about how exchanges handle consumer funds, the situation is not fundamentally different from traditional banks: \u201cI think if the banks were doing their jobs, when you deposit the money with the bank, [it would be disclosed that] you\u2019re not the legal owner of the money.\u201d<\/p>\n<p>The banks \u201ccan leverage it up and put it at risk,\u201d Dixon emphasizes and warns that there is little disclosure from the banks saying they \u201cmay need to go to the FDIC to get a bailout\u201d if the loans go bad.<\/p>\n<p>\u201cI think those are probably buried in the terms and conditions, but I don\u2019t think they\u2019ve given a good user experience to let consumers know that, actually, there\u2019s quite a lot of risk in your bank account.\u201d<\/p>\n<p>Subscribe<\/p>\n<p>The most engaging reads in blockchain. Delivered once a<br \/>\n        week.<\/p>\n<h2 class=\"author__name\">Ciaran Lyons<\/h2>\n<p>Ciaran Lyons is an Australian crypto journalist. He&#8217;s also a standup comedian and has been a radio and TV presenter on Triple J, SBS and The Project.<\/p>\n<p>                <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"bitcoin\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<br \/><a href=\"https:\/\/cointelegraph.com\/magazine\/deposit-risk-crypto-exchanges-money\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>So, you\u2019ve deposited some cryptocurrency onto an exchange. You expect that these funds will be held in your name as a liability, with safeguards in place to make sure that you can withdraw them when you wish. However, this is not necessarily the case. Sitting down with Magazine, Simon Dixon, CEO of global online investment [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12708,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[2],"tags":[],"class_list":["post-12707","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bitcoin-news"],"_links":{"self":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/12707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12707"}],"version-history":[{"count":1,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/12707\/revisions"}],"predecessor-version":[{"id":12709,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/12707\/revisions\/12709"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/media\/12708"}],"wp:attachment":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}