WALLETS & SECURITY
The Risks of Keeping Crypto on an Exchange (and Why You Shouldn't)
If you’ve bought crypto through an exchange and left it sitting there, you’re not alone. The majority of people who enter the crypto space do exactly this. It’s convenient, familiar, and feels safe enough. The exchange has a professional interface, customer support, and security marketing. What could go wrong?
Quite a lot, as it turns out. And when things go wrong on a centralised exchange, the consequences for users can be catastrophic and permanent. This resource covers exactly what the risks are, why they’re more serious than most people appreciate, and what you should be doing instead.
The Fundamental Problem: It's Not Your Crypto
This is the most important concept in this entire resource, and it needs to be stated clearly upfront.
When your crypto sits on an exchange, you do not own it in any meaningful sense. You own a claim on assets held by a third party. The exchange holds the private keys. The exchange controls the wallet addresses. The exchange decides whether and when you can access your funds.
This is the principle behind one of the most well-known phrases in crypto: “not your keys, not your coins.” It isn’t a slogan. It’s a precise description of the legal and technical reality of exchange custody.
In the traditional financial system, this arrangement is somewhat mitigated by government-backed deposit guarantees, regulatory oversight, and legal frameworks that protect depositors when institutions fail. In crypto, most of these protections either don’t exist or are far weaker than investors assume. When an exchange fails, users often become unsecured creditors in a bankruptcy proceeding, which in plain terms means they join a queue and hope there’s something left to recover.
Risk 1: Exchange Insolvency
The most dramatic and well-documented risk of exchange custody is insolvency. Exchanges can and do fail, and when they do, user funds are frequently lost or frozen for extended periods.
The collapse of FTX in November 2022 is the most prominent example. FTX was, at the time, one of the largest and most respected crypto exchanges in the world. It had celebrity endorsements, major sponsorship deals, and a founder who was widely regarded as one of the most credible figures in the industry. Within days of the first reports of financial irregularities, the exchange collapsed, approximately one million users lost access to their funds, and billions of dollars in customer assets were found to have been misappropriated.
FTX was not an isolated case. Celsius, Voyager, and BlockFi all failed within the same period, each freezing or losing user funds. Mt. Gox, once the largest Bitcoin exchange in the world, collapsed in 2014 after losing approximately 850,000 Bitcoin belonging to its users. Creditors waited nearly a decade for partial restitution.
The pattern across all of these cases is consistent: users trusted a platform with their assets, the platform failed, and the path to recovering those assets was long, uncertain, and in many cases incomplete.
Risk 2: Exchange Hacks
Even exchanges that are solvent and well-intentioned are targets for some of the most sophisticated hacking operations in the world. The concentration of assets on centralised exchanges makes them extraordinarily attractive targets. A successful hack on a major exchange can yield hundreds of millions of dollars in a single attack.
Exchange hacks are not rare events. They have occurred consistently throughout crypto’s history, affecting platforms of all sizes and reputations. The methods vary: exploiting software vulnerabilities, compromising employee credentials through social engineering, attacking third-party service providers with access to exchange systems, and sophisticated phishing campaigns targeting exchange staff.
When an exchange is hacked, the outcome for users depends entirely on the exchange’s financial position and insurance arrangements, neither of which is guaranteed. Some exchanges have covered losses from their own reserves. Others have passed those losses directly to users through socialised loss mechanisms or have simply been unable to make users whole.
A hardware wallet you control cannot be hacked remotely. An exchange holding your funds absolutely can.
Risk 3: Withdrawal Freezes and Restrictions
An exchange doesn’t need to collapse or get hacked to prevent you from accessing your funds. Withdrawal freezes are a real and documented risk that has affected users of multiple platforms during periods of market stress.
When crypto markets move sharply, exchange platforms can come under enormous operational pressure simultaneously. High volumes of withdrawal requests, liquidity stress, technical failures, and regulatory interventions have all resulted in platforms temporarily or permanently restricting user withdrawals.
The critical problem with withdrawal freezes is timing. They tend to occur precisely when you most want access to your funds: during market crashes, during periods of financial uncertainty, or during events that raise questions about the platform’s viability. The moment you most need to move your assets is often the moment you discover you can’t.
If your crypto is in a self-custody wallet that you control, no external decision can prevent you from moving it. That freedom is one of the most underappreciated advantages of self-custody.
Risk 4: Regulatory Intervention
Centralised exchanges operate within legal jurisdictions and are subject to regulatory action. Governments can order exchanges to freeze accounts, restrict withdrawals, or share user data with authorities. In some jurisdictions, regulatory actions have resulted in users losing access to their funds entirely.
In Australia, exchanges registered with AUSTRAC operate under compliance obligations that provide a degree of oversight. However, regulatory risk is not limited to enforcement actions against bad actors. Changes to crypto regulation, new licensing requirements, and broader financial system interventions can all affect your ability to access assets held on a platform.
This risk is covered in more detail in our resources on ATO crypto rules Australia and cryptocurrency tax Australia, which outline the current regulatory environment for Australian investors. Understanding KYC (Know Your Customer) requirements and how they affect your exchange account standing is also worth being across.
Risk 5: Account Compromises
Even if the exchange itself is secure, your individual account is a target. Credential theft, phishing attacks, SIM swapping, and social engineering are all active threats targeting exchange account holders.
If an attacker gains access to your exchange account, they can withdraw your assets to their own wallet with the same ease you would. Without two-factor authentication properly configured, this can happen faster than you can respond.
Our resource on advanced crypto security: protecting against malware and hacks covers the specific measures that protect your exchange accounts in detail. But it’s worth noting here that even with excellent personal security practices, you remain exposed to vulnerabilities in the exchange’s own systems and staff. A social engineering attack on an exchange employee can compromise your account regardless of how strong your personal security is.
Risk 6: Platform Terms of Service
Exchange terms of service are rarely read and frequently surprising. Many exchanges reserve the right to freeze accounts, restrict withdrawals, modify fee structures, delist assets, and change their services with limited or no notice. Some terms explicitly state that in the event of insolvency, user funds may be treated as exchange assets rather than client assets held in trust.
Before committing significant funds to any exchange, reading and understanding the terms of service is not optional. The fine print describes the actual relationship between you and the platform, and in several notable cases it has been far less protective of users than the marketing materials suggested.
When Is It Acceptable to Keep Crypto on an Exchange?
This resource is not arguing that exchanges are universally dangerous or that you should never hold any assets on one. Centralised exchanges serve important functions: they provide liquidity, fiat on and off ramps, and the infrastructure needed to actively trade. For these purposes, keeping a portion of your holdings on a reputable exchange is a practical necessity.
The key principle is: only keep on an exchange what you need for active trading or near-term use. Long-term holdings, assets you’re not actively trading, and any amount you cannot afford to lose in an exchange failure should be moved to self-custody.
Think of an exchange account the way you think of a physical wallet in your pocket. You carry enough cash for your immediate needs. You don’t carry your life savings.
The Alternative: Self-Custody
Self-custody means holding your own private keys in a wallet you control directly. When you hold your own keys, no exchange insolvency, hack, withdrawal freeze, regulatory action, or account compromise can prevent you from accessing your funds. You are the sole custodian.
The options for self-custody range from software wallets on your phone or computer to dedicated hardware wallets that keep your private keys completely offline. For anyone holding meaningful amounts of crypto, a hardware wallet is the appropriate solution.
Our Cryptopedia has comprehensive resources on choosing the right hardware wallet, which cryptocurrency wallet is right for you, and setup guides for Ledger, Trezor, Coldcard, SafePal, Bitbox, and Tangem to help you get set up correctly. Backing up your wallet properly from day one is equally critical, covered in our step-by-step crypto wallet backup guide.
Self-custody does come with its own responsibilities. Your seed phrase must be stored securely, because losing it means losing access to your funds permanently. Our resources on seed phrase storage advanced techniques and safely and securely using your crypto wallet cover exactly how to manage this correctly.
The responsibility of self-custody is real. But it is a responsibility you can learn, implement, and manage. The risks of exchange custody, on the other hand, are largely outside your control.
Choosing a Reputable Exchange for What You Do Keep There
For the portion of your holdings you do keep on an exchange, choosing the right platform matters significantly. Our best crypto exchanges Australia 2026 guide covers the leading options available to Australian investors in detail. Individual reviews for CoinSpot, Swyftx, Binance, Kraken, Coinbase, OKX, CoinJar, Independent Reserve, and Crypto.com are all available in the Cryptopedia.
Key factors to evaluate include AUSTRAC registration and regulatory compliance, proof of reserves publication, security track record, withdrawal policies, and the platform’s history of handling adverse events. Understanding the difference between centralised exchanges and decentralised exchanges is also worth your time if you haven’t already explored decentralised exchange alternatives.
Key Takeaways
Keeping crypto on an exchange means trusting a third party with assets you don’t technically own. Exchange insolvency, hacks, withdrawal freezes, regulatory intervention, account compromises, and unfavourable terms of service are all real risks that have affected real investors with real consequences. Only keep on an exchange what you need for active trading or near-term use. Move long-term holdings to a self-custody hardware wallet you control directly.
Not your keys, not your coins. It was true when the phrase was coined. Every major exchange failure since has only made it more true.
For investors ready to make the move to self-custody but unsure where to start, our Runite Tier Membership includes dedicated self-custody and security education designed to walk everyday investors through the process confidently and correctly. For serious investors managing significant holdings across multiple custody solutions, our Black Emerald and Obsidian Tier Members receive personalised guidance on building a complete custody framework tailored to their specific situation.
Find out more at shepleycapital.com/membership.
WRITTEN & REVIEWED BY Chris Shepley
UPDATED: MARCH 2026
Choose your next topic from our Cryptopedia
