Topic: [Guide] Stay safe when dealing with Exchanges. (Read 1031 times)

Just stop using KYC. It is not going to help you. You know you, not a criminal so you do not need it. How dare anyone impose this ridiculous bullshit on me. They really go overboard and it is mostly the USA.
Hyper paranoia and illogical fear of imaginary terrorists being funded by bitcoin. I mean, please. Grow up.




How often do we get new merits? I should be giing people some as well.

KYC is pretty much a double-edged sword. From the exchange's POV, they need it to ensure you're the legit owner of the account and of course track down individuals involved in fraud.

On the other hand, we users want everything to go on smoothly.

Without a doubt many find it annoying because we're giving away our info and many providers tend to take our identities for granted. Imagine if database breaches occur, what's worse than our KYCs being involved?

But then for your case, do you have the authority to tell them how to scrutinize their users? You're at their mercy the moment you register an account, remember that.

If you've nothing to lose from the closure, by all means, ignore their request for KYC. How much do you have in the account?

I just updated this thread and added a couple of more bad experiences that happened to me lately on exchanges.
The biggest problem is that some of the crypto exchanges force us to fulfill KYC which was not needed when I was registering.

Actually, I am talking about Nova exchange, which is closing soon and sent me a reminder to withdraw but first I have to fulfill KYC which I don't want to do.
I have never deposited any FIAT there so I don't understand this requirement and am not willing to do this because of many reasons.

First, I don't want to share my documents with an exchange that is closing and has not the best reputation. Second, was not needed before so why now?
I am curious about your opinions on this topic?

Another good suggestion.

Is now on my list: "When you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document this will prevent or make harder for hackers to use it."

If anybody has additional suggestions on how to stay safe on exchange and when dealing with support then please share. We will all benefit from the knowledge.


Thank you @LTU_btc for this suggestion and sorry that it took so long to respond. I was updating today this thread and read all answers to check if I haven't missed any and I found that indeed I missed a few quality posts.

I already had a similar point in my list and maybe that is why I haven't added it faster. Anyways, I adjusted this point and now looks like this: " Check exchange on google and their social network pages, in particular: Twitter, Facebook. Search for new complaints about coins or tokens, scam accusations, etc."

Of course, I am ok with that. This is still your thread but I have changed a few things and added all new suggestions. I keep translating all changes from your Polish thread too  . This is my first guide on BTT and I want it to be really good. I will wait for your update and add it here too of course. Don't have to ask me anymore for permission and you can do whatever you want with this text.

I see the list is growing and I will update all added points in my Polish thread if you don't mind @crypto mania?

There is a big chance to make a really good guide from this post for beginners.

I will add in the nearest future a few points to support guide.

I see a member which works as a support agent shared valuable info here in your thread and I will use it too in my Polish thread if you are ok with that?

Thank you for this suggestion, of course, will be added to my list.
I will try to award you with merit when I only get new once.

Also, when you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document. If your data are hacked or leaked and used on some other site .. you can trace where it was leaked. The identity thief will have to Photoshop the documents, before they use it and they will not want to go through all that trouble. They will much rather use someone else's documents, without this markings being done to the documents.

The exchange can still use the documents for verification, but they will see that you are cautious about the sensitivity of your personal documents. 

Thank you very much for this explanation because it changed my point of view about these exchanges. I assume that conversion is made also on the software level and indeed without sending money there will be no exchange. I have used ED a lot and indeed the funds were always safe and only hacked users using a phishing site but never by a hack on the exchange or related to.

Since I have been working in crypto industry for long, also since I work for Coinswitch, let me tell you, we handle support issues for all our partner exchanges, weather it is binance, changelly, changenow, idex, blocktrades, swaplabs etc. 1000s of orders are processed through them, and through us also. We have a fraud detection system enabled by which we find out addresses, which are processing orders through us who got hold of funds using incorrect practices. In case of local bitcoins I am not sure if you can identify a scammer, and find out how he got hold of his funds.

Yeah but that's if the coins actually reach the point where they are converted. If they don't then they still are in the hands of the provider.

There are other alternatives where you don't have to transfer to a trusted party eg. LocalBitcoins.

The point here is that stuff like Changelly is indeed more convenient. But is it safer? Absolutely not.

In exchanges like Changelly or Coinswitch - You indeed send them funds, but after conversion the funds are in your custody, in your wallet, in a DEX also you have to send funds, even if it is handled by a software, you have to send them funds. Without sending funds exchange is not possible. With regards to complaints against changelly or any such exchange, I can vouch for Coinswitch, I have worked there since the inception, and we interact with the support of changelly, binance, hitbtc, huobi, changnow on customer's behalf, since all these exchanges are our partner exchange, We make it sure that customers receive there funds and we try to provide a hassle free experience of trading. You may try us out with a small amount and then take your call.

It could be better when and if, set up correctly and not only to scam people in the end or to have such a possibility all the time to exit scam in any convenient time.
I don't know how these services work only assume from a post above that this is pure BS because you have to send them the money which is the third party trust problem and a red flag for me.
This could work if done correctly. Like cold storage with multi-sig wallets where you sent them and third-party escrow to manage the funds or any other set up which don't involve a thrust to a third party. Period

Can you explain how non-custodial exchanges like Changelly are safer?

https://changelly.com/how-it-works

If you look at the page above, you still need to transfer your funds to them (in Step 1). How is this any different from custodial exchanges?

Can see the point if you say it is more convenient but fail to see if when you say it is safer.

Oh and if you browse the forums, there are many complaints against such exchanges too. Example: https://bitcointalksearch.org/topic/changelly-simplex-is-a-scam-3765927

The best way to stay safe is, not trade via any exchange which are custodial and keep your coins within their wallet, so many times withdrawal is disabled, the coin wallet is at maintenance etc. Prefer to store coins within your own wallet, MetaMask for example works for all ERC20 Standard coins. I would recommend you to use Non Custodial exchanges, i.e instant exchanges, where you send coins from your own wallet and receive after trading in your own wallet.

Check this image -


You can compare the prices and trade, hassle free, with support  best in industry.

I don't think this will be possible to keep such an information secret.
I assume this would be against the law too if they kept it secret.
They are obligated to do this if such an event occurs, I think.

Thanks your appreciation matters to me and encouraged me to update once again this list. Here are the changes I have made today:

- Add 2FA authentication to your account and any other available security measures, such as the anti-phishing password for email, pin, additional security questions.
- Before logging in, double-check the URL of the site and bookmark it.
- Always check everything three times, especially the current information page (if available), which currently coins or tokens should be avoided, maintenance is carried out or there are any other problems, for example with synchronization, addresses, fees, times, etc.
- During the transaction itself (purchase/sale or deposit), use the triple check rule to check amounts, addresses, etc.
- Never deposit everything in one transaction.
- Send a small amount first and check if everything works (transfer, trade, withdrawal, confirmation).
- Continue depositing smaller amounts (smaller amounts mean less headache if something goes wrong).
- Withdraw each time before the next deposit, if possible.
- Never leave your coins or tokens on the exchange because it is not intended for that.
- Always remember that the exchange is not a wallet and is not secure.
- Never use exchange addresses for payments for bounty or for air-drops.
- Before each use of the exchange check its pages on social networks, in particular on Twitter, Facebook and see new complaints about coins or tokens.
- Be careful about the security of 2FA itself, keep the backup codes for each 2FA secured exchange (use Authy as 2FA due to the possibility of backups).
- TOTP for 2FA (you scan a QR code by Authy or a similar program which is implementing TOTP according to the specification in RFC 6238) it is a much better solution than authentication by means of incoming codes via SMS because it is not difficult to take over a phone number.
- Do not send scans of documents to an unknown stock exchange immediately after registration, usually, it is not necessary to trade only with cryptocurrencies.
- Diversification is very important. Trade on a few exchanges if possible because trading on one is associated with the risk of losing all capital.
- When selecting an exchange, you can use the Blockchain Transparency Institute as a guide. The list includes exchanges with suspicious trading and money laundering activities.
- Register on several exchanges, so you have plenty of options available. Do not wait for the crypto mania to run before attempting your registration. Sometimes you can not have an opportunity at all.

- While contacting customer service, try to wait at least the minimum response time, often inform about the minimum time to reply (do not create many queries).
- Try to get help on the official social media websites of a given exchange (sometimes it works great, sometimes not).
- Use various contact options such as chat, phone, WhatsApp or Skype if available.
- Be polite, do not lose your patience, provide all the documents they ask for (even if you have to send the same document several times).
- Do not give up when they say "no", be persistent (if you are right) and start from the beginning. Sometimes another agent will help you (they are just people and often make mistakes).

I hope You like it even better now   .

Additionally, I see that @wwzsocki the author of the main version has published lately this post in polish language https://bitcointalksearch.org/topic/bezpieczestwo-na-giedzie-i-rady-dotyczce-obsugi-klienta-5119320 and I updated a few added changes.

It's been a while I came across such a descriptive post here on the forum, nice work and very understandable steps which would be very useful to all enthusiasts.
I have also dropped you s merit for effort and relevance. I would surely be applying this steps next time I visit an exchange.

Thank you very much for your useful insights. I will add your suggestions to my list today.
If anybody has more great information such as these above please share so we can make the best guide ever possible

Useful information regarding security, thank you. I support KYC when it comes to secure trading and if possible, I always check teams' experiences to make sure.