5 Risks to Watch When Using Centralized Exchanges and How to Mitigate Them

Centralized exchanges often hold vast amounts of cryptocurrencies and personal user data, making them attractive targets for cybercriminals. The concentration of assets in a single location increases the potential payoff for successful attacks, incentivizing hackers to exploit vulnerabilities in these platforms. 

"Not your keys, not your coins." 

– Andreas M. Antonopoulos 

This adage underscores the importance of asset ownership and control in the crypto space.

Security breaches remain one of the most serious threats to centralized exchanges. In February 2025, Bybit was hit by a record-breaking $1.5 billion hack, wiping out 7.5% of its assets and shaking user confidence. The breach stemmed from a compromise of a third-party wallet provider, where attackers exploited stolen developer credentials to inject malicious code. This tricked Bybit staff into approving what looked like routine transfers, which were actually redirected to attacker wallets. The incident shows how even strong exchanges are vulnerable when relying on external infrastructure.

Preventing similar attacks requires stricter supply-chain security, hardware-based transaction signing, real-time anomaly detection, and multi-layered audits. Most importantly, it highlights the core risk of centralized custody: users must trust an exchange’s security practices, making transparency and proof-of-reserves critical for rebuilding trust.

Centralized exchanges require users to deposit funds into custodial wallets, meaning the exchange, not the user, controls the private keys.  

A private key is a unique cryptographic code that proves ownership of funds and authorizes transactions on the blockchain.  

Whoever controls the private key ultimately controls the assets. When users don’t hold their own keys, they rely entirely on the exchange’s security and operational integrity. If the exchange is hacked, mismanaged, or freezes withdrawals, users have no direct way to recover their funds. History has shown this risk repeatedly, from Mt. Gox to FTX. This is why the principle “not your keys, not your coins” is central to crypto. Self-custody, through personal wallets, hardware devices, or multisig setups, ensures users keep control of their private keys and, therefore, their financial sovereignty.

Centralized exchanges are highly exposed to shifting regulatory landscapes, as they operate under the laws of the jurisdictions in which they’re registered or serve customers. Unlike decentralized protocols, they can be directly targeted by governments through enforcement actions, sanctions, or compliance demands. This exposure can result in frozen accounts, withdrawal delays, forced delistings, or even full shutdowns.

A recent example is Bittrex, which filed for bankruptcy in 2023 after facing an SEC complaint over unregistered securities, leaving users uncertain about asset recovery. The risk is not limited to the U.S., exchanges in countries like China, India, and Canada have also faced sudden restrictions or bans. For users, this highlights the vulnerability of relying on custodial platforms: even if the exchange is secure, government action can disrupt access. It reinforces the importance of diversification, self-custody, and awareness of regulatory risks when choosing where to hold assets.

Centralized exchanges can appear stable until a sudden collapse reveals hidden weaknesses. Insolvency can result from poor risk management, external shocks, or outright fraud, leaving users powerless once withdrawals are halted.

• Financial mismanagement:

Over-leverage, unsustainable yield promises, or reckless use of customer deposits can erode solvency over time.

• Market volatility & liquidity crunches:

Rapid downturns in crypto prices may expose undercollateralized positions, margin imbalances, or inability to meet withdrawal demands.

• Fraudulent activity & misappropriation:

Insider misconduct, hidden liabilities, or diversion of customer assets, as in the FTX collapse (2022), can instantly destabilize an exchange.

• Regulatory and legal actions:

Investigations, sanctions, or lawsuits may freeze exchange assets, triggering insolvency even if trading operations remain active.

• Bankruptcy process:

Once filed, withdrawals are frozen, and users become unsecured creditors. Recovery often takes years, with users receiving only a fraction of their original funds.

• Reputational contagion:

A single major collapse can erode trust in the entire sector, triggering mass withdrawals and liquidity stress at other platforms. 

Key Point: Users should not rely solely on exchanges for custody. Self-custody wallets, diversification across platforms, and exchanges with transparent proof-of-reserves, third-party audits, and insurance safeguards are essential to reduce exposure.

While centralized exchanges often advertise low fees, the true cost of trading is rarely so simple. In addition to the posted commission, users may face hidden charges through wide spreads, withdrawal fees, funding rates, or slippage that are not immediately obvious. Some platforms further obscure costs by structuring them in ways that make direct comparisons between exchanges difficult. This lack of transparency not only erodes profitability but also leaves users feeling misled about the real expenses involved.

For frequent traders, even small undisclosed costs can add up to a significant drag on returns over time. Surveys consistently show that many retail investors are dissatisfied with how clearly exchanges disclose fees. To protect users, greater transparency in fee structures, clearer reporting of execution costs, and standardized disclosure practices are essential. Ultimately, an exchange’s credibility depends not only on security but also on the clarity with which it communicates the true cost of trading.

As the popularity of cryptocurrency continues to grow, so do the risks associated with trading and storing digital assets on centralized exchanges. While these platforms offer convenience and liquidity, they also present vulnerabilities such as hacking, regulatory crackdowns, and operational failures. To protect your investments, it’s essential to adopt smart security practices and risk management strategies. Below are several key approaches to help safeguard your crypto assets when using centralized exchanges.

While centralized exchanges offer convenience and liquidity, they come with inherent risks that can jeopardize your digital assets. By understanding these risks and implementing proactive strategies, you can navigate the crypto landscape more securely. Remember, maintaining control over your assets and staying informed are key to safeguarding your investments in the dynamic world of cryptocurrency.

• CoinMarketCap-What Happens When a Crypto Exchange Goes Bankrupt?

• ChainAlysis-Crypto Crime Trends

• CoinTelegraph-Bitcoin storage mistakes

• DataGuard-Cyber security breaches