How Crypto Exchanges Work, Why They Fail, and How to Protect Yourself

Most people use crypto exchanges every day without understanding what actually happens to their money once it arrives on the platform. That gap between convenience and comprehension is where the most expensive mistakes begin.

Crypto exchanges are the platforms that match buyers and sellers of digital assets, converting fiat currency into cryptocurrency and facilitating trades between users. At Blockready, we built an entire module around exchange mechanics because this is one of those areas where surface-level knowledge creates a false sense of security. You can use an exchange for months without understanding the custody model you are operating under, and that gap only becomes visible when something goes wrong.

If you have ever bought, sold, or traded cryptocurrency, you have almost certainly used an exchange. They are the primary entry point into the crypto economy for most people, where dollars, euros, and pounds get converted into assets like Bitcoin or Ethereum.

But most people who use exchanges do not fully understand what happens to their money once it arrives on the platform. That is not because they are careless. It is because most guides cover the "what" without ever explaining the "how" or the "what could go wrong." This guide takes a different approach: it explains the mechanics, the failure patterns, and the operational habits that actually protect you.

What a Crypto Exchange Actually Does

At its core, a crypto exchange is a platform that matches buyers with sellers. If you want to buy Bitcoin, the exchange finds someone willing to sell it at a price you both agree on. If you want to sell Ethereum for dollars, the exchange finds a buyer. The exchange sits in the middle, facilitating the transaction and collecting a fee for doing so.

Simple enough on the surface. But the critical detail most guides skip is what happens to your money between the time you deposit it and the time you withdraw it. On a centralized exchange (the most common type), you do not hold your own cryptocurrency. The exchange holds it for you. You see a balance in your account, but the private keys that actually control those assets belong to the exchange, not to you.

This is the custody model, and understanding it is the single most important thing about using an exchange.

Think of it this way: a bank deposit comes with legal protections and insurance. A crypto exchange deposit does not. You are trusting a private company to safeguard your assets, to keep them separate from its own operations, and to remain solvent. That trust has been broken more than once, at enormous scale.

Centralized vs. Decentralized: Two Different Trust Models

There are two fundamentally different types of crypto exchanges, and the difference is not just technical. It is about who you are trusting with your money.

Centralized exchanges (CEXs) are run by companies. Coinbase, Binance, Kraken, and OKX are all centralized. You create an account, verify your identity, deposit money, and the exchange handles everything: order matching, custody, and transaction processing. They make trading fast and accessible, which is why most people start here. The trade-off is that you are trusting a company to safeguard your assets, and that trust has been broken more than once.

Decentralized exchanges (DEXs) work differently. Platforms like Uniswap and PancakeSwap do not hold your funds at all. Instead, they use smart contracts (self-executing code on a blockchain) to facilitate trades directly between users' wallets. There is no account creation, no identity verification, and no company in the middle. You connect your own wallet and trade peer-to-peer. The advantage is that you maintain custody of your own assets. The disadvantage is that if you make a mistake, there is no customer support to call, and smart contract vulnerabilities can still put your funds at risk.

Neither model is inherently "better." They serve different needs. Understanding which trust model you are operating under, and what risks come with it, is what matters.

How Exchanges Make Money

Exchanges are businesses, and understanding their revenue model helps you evaluate whether a platform's incentives align with your interests as a user.

Most centralized exchanges generate revenue through several types of fees. Trading fees are the most visible: when you buy or sell, the exchange takes a small percentage of the transaction, typically structured as maker/taker fees (makers add orders to the book and usually pay less; takers fill existing orders and pay more). Deposit fees vary by payment method. Bank transfers are often free, but credit card deposits can cost 2% to 5%. Withdrawal fees apply when you move crypto off the exchange to your own wallet or to another platform. And listing fees are paid by cryptocurrency projects to get their token listed on the exchange. For a detailed look at how one major platform structures these costs, our breakdown of Binance's fee mechanics walks through the full model.

That last one deserves attention. Some exchanges charge significant listing fees and may not conduct deep due diligence on every token they list. Just because a token appears on a major exchange does not mean it is legitimate or well-built. This is a common assumption that catches people off guard.

Decentralized exchanges typically charge a flat swap fee (often 0.3% per trade) that gets distributed to liquidity providers, the users who deposit their own tokens into the pools that make trading possible. There are no listing fees on most DEXs, which means the barrier to entry for new tokens is much lower. For better or worse.

What Happens When Exchanges Fail

Exchange failures are not rare outliers. They are a recurring pattern in crypto's history, and the scale has only grown over time.

The numbers tell a clear story. Billions of dollars have been lost across the industry, and the trend is not improving. In 2025 alone, over $3.4 billion was stolen from crypto platforms through early December, according to Chainalysis. The single largest incident was the Bybit hack in February 2025, where state-sponsored hackers linked to North Korea's Lazarus Group exploited hot wallet infrastructure and drained approximately $1.5 billion in Ethereum in a matter of minutes. That one breach accounted for nearly half the year's total losses. If you want the full mechanics of how that attack worked, our detailed breakdown of the Bybit hack traces the entire chain of events.

Understanding how exchanges work is not academic knowledge. It is the difference between keeping your funds in a system you understand and trusting a platform you have never audited. The common thread across nearly every major exchange failure is users who did not understand the custody model they were operating under.

But hacking is only part of the picture. The most instructive failure remains FTX, which collapsed in November 2022. FTX was the third-largest exchange in the world at the time, valued at $32 billion. The cause was not a hack. It was mismanagement: customer funds were quietly transferred to Alameda Research (a related trading firm) and used for high-risk investments, venture deals, and real estate purchases. When customers tried to withdraw their money, it was not there. The resulting bankruptcy left an $8 billion gap between what FTX owed and what it held.

The FTX collapse revealed a structural problem: on a centralized exchange, there is often no mechanism forcing the company to keep customer funds separate from its own operations. Without transparent reserves and independent audits, users have no way to verify that their money is actually there. This is the reason the "proof of reserves" movement gained momentum after FTX, with many exchanges now publishing cryptographic proof that they hold at least as much in assets as they owe to customers.

Before FTX, there was Mt. Gox, which was the largest Bitcoin exchange in the world when it collapsed in 2014 after losing approximately 850,000 Bitcoin to a combination of hacking and internal mismanagement. Creditors waited over a decade for partial recovery. The pattern across all of these failures is consistent: inadequate reserves, poor security practices, lack of transparency, and insufficient regulatory oversight.

How to Choose an Exchange You Can Trust

With roughly 600 cryptocurrency exchanges operating globally, many of them unregulated or lightly regulated, choosing the right platform requires more than picking the first name you recognize. Here is what to evaluate before you deposit any money.

Check regulatory status and licensing. Reputable exchanges register with financial regulators in the jurisdictions where they operate. In the United States, that means registration with FinCEN and compliance with Know Your Customer (KYC) and anti-money laundering (AML) requirements. In Europe, exchanges are increasingly subject to MiCA regulation. An exchange that operates without any regulatory oversight is a higher risk. Full stop.

Look for proof of reserves. After the FTX collapse, many exchanges began publishing proof-of-reserves reports, which use cryptographic methods to demonstrate that the exchange holds enough assets to cover customer deposits. Not all proof-of-reserves systems are equally rigorous (some are audited by third parties, others are self-reported), but their existence is a positive signal. Their absence in 2026 is a red flag.

Understand the fee structure. Fees differ significantly between platforms. Compare trading fees (maker/taker), deposit fees (especially for credit card or PayPal), and withdrawal fees (both fiat and crypto). Some exchanges disguise costs in wider spreads rather than explicit fees, so compare the actual amount of crypto you receive for your money across multiple platforms. CoinMarketCap's exchange rankings can help you compare volume, fees, and trust scores side by side.

Evaluate security practices. Look for cold storage policies (reputable exchanges keep 90% to 95% of customer funds offline), two-factor authentication options, and a public track record on handling security incidents. Exchanges that have been hacked before are not automatically disqualified, but how they responded matters. Did they reimburse users? Did they improve their systems? According to CoinGecko's 2026 trading activity report, centralized exchanges lost over $2 billion to hacks in the past year alone, with compromised private keys being the most common attack vector.

Check supported payment methods. Make sure the exchange supports the payment methods available in your country. The more options available (bank transfers, card payments, local rails), the more flexibility you have for depositing and withdrawing funds.

How to Stay Safe on Any Exchange

Choosing a reputable exchange is the first step. How you use it is the second. These operational practices apply regardless of which platform you are on.

Enable two-factor authentication (2FA) immediately. Use an authenticator app (Google Authenticator, Authy) rather than SMS-based 2FA. SMS verification is vulnerable to SIM-swapping attacks, where a hacker convinces your phone carrier to transfer your number to their device. Use 2FA on every platform and app that supports it, especially anything connected to money. If a financial app does not offer 2FA, treat that as a warning sign.

Use a strong, unique password. Generate a random password of at least 12 characters with uppercase letters, lowercase letters, numbers, and special characters. Use a password manager rather than trying to memorize it. Never reuse a password from another site.

Here is a mistake that costs people money more often than sophisticated hacking does: clicking a fake exchange login page. Phishing sites that mimic popular exchanges are one of the most common scam vectors in crypto. They replicate the login page exactly and capture your credentials. Bookmark the exchange URL in your browser and always access it through that bookmark, never through search engine results or links in emails. This single habit prevents the majority of phishing attacks. Apply it to any website where you store funds or sensitive information, including online banking.

Test small transactions first. When using an exchange for the first time, or when sending funds to a new wallet address, always start with a small test transaction. Blockchain transactions are irreversible. A typo in a wallet address, a wrong network selection (sending to the wrong blockchain), or an incorrect withdrawal setting can result in permanent loss. The small fee you pay for a test transaction is worth the assurance.

Do not leave large amounts on the exchange. Once you have completed a trade, consider moving your funds to a personal crypto wallet for safekeeping. Exchanges are prime targets for hackers because they hold large concentrations of crypto in one place. Even exchanges that are not hacked face the risk of business failure, regulatory action, or bankruptcy. Your personal wallet (especially a hardware wallet for larger holdings) puts you in control of your own private keys. Blockready's Module 7 (Exchanges) and Module 6 (Wallets) work as a sequence for exactly this reason: the course walks through exchange mechanics first, then teaches self-custody strategies so you understand when and how to move funds off-platform.

Understand KYC and withdrawal limits. Most centralized exchanges require identity verification to comply with regulatory standards. While this process enables higher withdrawal limits and additional features, it also means trusting the exchange with personal identification documents. Make sure you are comfortable with the platform's privacy policies and security practices before submitting sensitive data.

Be careful with API keys. If you use an API key to connect your exchange account to a portfolio tracker (like CoinStats or CoinGecko), always disable the withdraw and trade permissions when creating the key. If your API key is compromised and it has withdrawal access enabled, an attacker can drain your funds directly.

Review token listings critically. Some exchanges list tokens without thorough vetting, particularly smaller platforms that profit from listing fees. A token appearing on an exchange does not mean it is legitimate. Research the project's fundamentals, team credibility, and community before investing. Blockready's DYOR Checklist provides a structured 15-question framework for exactly this kind of evaluation.

The Bottom Line

Crypto exchanges serve a real purpose. They provide liquidity, price discovery, and a bridge between traditional money and digital assets. But the companies that have earned trust in this space, Coinbase, Kraken, Binance, and a handful of others, did not earn it just by being large. They earned it by investing in security, maintaining transparent reserves, and responding responsibly when things went wrong.

What matters more than which exchange you pick is whether you understand the system you are participating in. The custody model, the fee structure, the regulatory status, the security practices. Every major exchange failure, from Mt. Gox to FTX to Bybit, had warning signs that were visible to anyone who knew what to look for. The question is whether you have built that knowledge before you need it, or after.

That is a question worth sitting with.

Frequently Asked Questions