Pages:
Author

Topic: [Guide] Stay safe when dealing with Exchanges. (Read 1077 times)

full member
Activity: 332
Merit: 103
October 13, 2019, 06:23:01 PM
#49
Just stop using KYC. It is not going to help you. You know you, not a criminal so you do not need it. How dare anyone impose this ridiculous bullshit on me. They really go overboard and it is mostly the USA.
Hyper paranoia and illogical fear of imaginary terrorists being funded by bitcoin. I mean, please. Grow up.



...when you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document...
Thank you for this suggestion, of course, will be added to my list.
I will try to award you with merit when I only get new once.

How often do we get new merits? I should be giing people some as well.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
I just updated this thread and added a couple of more bad experiences that happened to me lately on exchanges.

The biggest problem is that some of the crypto exchanges force us to fulfill KYC which was not needed when I was registering.

Actually, I am talking about Novaexchange which is closing soon and sent me a reminder to withdraw but first I have to fulfill KYC which I don't want to do.

I have never deposited any FIAT there so I don't understand this requirement and am not willing to do this because of many reasons.

First, I don't want to share my documents with an exchange that is closing and has not the best reputation.
Second, was not needed before so why now?

I am curious about your opinions on this topic?

KYC is pretty much a double-edged sword. From the exchange's POV, they need it to ensure you're the legit owner of the account and of course track down individuals involved in fraud.

On the other hand, we users want everything to go on smoothly.

Without a doubt many find it annoying because we're giving away our info and many providers tend to take our identities for granted. Imagine if database breaches occur, what's worse than our KYCs being involved?

But then for your case, do you have the authority to tell them how to scrutinize their users? You're at their mercy the moment you register an account, remember that.

If you've nothing to lose from the closure, by all means, ignore their request for KYC. How much do you have in the account?
member
Activity: 476
Merit: 92
I just updated this thread and added a couple of more bad experiences that happened to me lately on exchanges.
The biggest problem is that some of the crypto exchanges force us to fulfill KYC which was not needed when I was registering.

Actually, I am talking about Nova exchange, which is closing soon and sent me a reminder to withdraw but first I have to fulfill KYC which I don't want to do.
I have never deposited any FIAT there so I don't understand this requirement and am not willing to do this because of many reasons.

First, I don't want to share my documents with an exchange that is closing and has not the best reputation. Second, was not needed before so why now?
I am curious about your opinions on this topic?
member
Activity: 476
Merit: 92
Also, when you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document. If your data are hacked or leaked and used on some other site .. you can trace where it was leaked...

Another good suggestion.

Is now on my list: "When you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document this will prevent or make harder for hackers to use it."

If anybody has additional suggestions on how to stay safe on exchange and when dealing with support then please share. We will all benefit from the knowledge.

...And one point which wasn't mentioned by you, related to phishing scams. We often see various giveaways of BTC or ETH on social media posted with name of famous exchange. But it's always posted from fake accounts. Exchanges aren't giving money for free, these fake giveaways are made only to scam people.

Thank you @LTU_btc for this suggestion and sorry that it took so long to respond. I was updating today this thread and read all answers to check if I haven't missed any and I found that indeed I missed a few quality posts.

I already had a similar point in my list and maybe that is why I haven't added it faster. Anyways, I adjusted this point and now looks like this: " Check exchange on google and their social network pages, in particular: Twitter, Facebook. Search for new complaints about coins or tokens, scam accusations, etc."
member
Activity: 476
Merit: 92
I see the list is growing and I will update all added points in my Polish thread if you don't mind @crypto mania?
Of course, I am ok with that. This is still your thread but I have changed a few things and added all new suggestions. I keep translating all changes from your Polish thread too  Wink. This is my first guide on BTT and I want it to be really good. I will wait for your update and add it here too of course. Don't have to ask me anymore for permission and you can do whatever you want with this text.
legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
I see the list is growing and I will update all added points in my Polish thread if you don't mind @crypto mania?

There is a big chance to make a really good guide from this post for beginners.

I will add in the nearest future a few points to support guide.

I see a member which works as a support agent shared valuable info here in your thread and I will use it too in my Polish thread if you are ok with that?
member
Activity: 476
Merit: 92
...when you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document...
Thank you for this suggestion, of course, will be added to my list.
I will try to award you with merit when I only get new once.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Also, when you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document. If your data are hacked or leaked and used on some other site .. you can trace where it was leaked. The identity thief will have to Photoshop the documents, before they use it and they will not want to go through all that trouble. They will much rather use someone else's documents, without this markings being done to the documents.

The exchange can still use the documents for verification, but they will see that you are cautious about the sensitivity of your personal documents.  Wink
member
Activity: 476
Merit: 92
In exchanges like Changelly or Coinswitch - You indeed send them funds, but after conversion the funds are in your custody, in your wallet, in a DEX also you have to send funds, even if it is handled by a software, you have to send them funds. Without sending funds exchange is not possible. With regards to complaints against changelly or any such exchange, I can vouch for Coinswitch, I have worked there since the inception, and we interact with the support of changelly, binance, hitbtc, huobi, changnow on customer's behalf, since all these exchanges are our partner exchange, We make it sure that customers receive there funds and we try to provide a hassle free experience of trading. You may try us out with a small amount and then take your call.

Yeah but that's if the coins actually reach the point where they are converted. If they don't then they still are in the hands of the provider.

There are other alternatives where you don't have to transfer to a trusted party eg. LocalBitcoins.

The point here is that stuff like Changelly is indeed more convenient. But is it safer? Absolutely not.

Since I have been working in crypto industry for long, also since I work for Coinswitch, let me tell you, we handle support issues for all our partner exchanges, weather it is binance, changelly, changenow, idex, blocktrades, swaplabs etc. 1000s of orders are processed through them, and through us also. We have a fraud detection system enabled by which we find out addresses, which are processing orders through us who got hold of funds using incorrect practices. In case of local bitcoins I am not sure if you can identify a scammer, and find out how he got hold of his funds.

Thank you very much for this explanation because it changed my point of view about these exchanges. I assume that conversion is made also on the software level and indeed without sending money there will be no exchange. I have used ED a lot and indeed the funds were always safe and only hacked users using a phishing site but never by a hack on the exchange or related to.
member
Activity: 190
Merit: 15
Customer Support at https://coinswitch.co/
In exchanges like Changelly or Coinswitch - You indeed send them funds, but after conversion the funds are in your custody, in your wallet, in a DEX also you have to send funds, even if it is handled by a software, you have to send them funds. Without sending funds exchange is not possible. With regards to complaints against changelly or any such exchange, I can vouch for Coinswitch, I have worked there since the inception, and we interact with the support of changelly, binance, hitbtc, huobi, changnow on customer's behalf, since all these exchanges are our partner exchange, We make it sure that customers receive there funds and we try to provide a hassle free experience of trading. You may try us out with a small amount and then take your call.

Yeah but that's if the coins actually reach the point where they are converted. If they don't then they still are in the hands of the provider.

There are other alternatives where you don't have to transfer to a trusted party eg. LocalBitcoins.

The point here is that stuff like Changelly is indeed more convenient. But is it safer? Absolutely not.

Since I have been working in crypto industry for long, also since I work for Coinswitch, let me tell you, we handle support issues for all our partner exchanges, weather it is binance, changelly, changenow, idex, blocktrades, swaplabs etc. 1000s of orders are processed through them, and through us also. We have a fraud detection system enabled by which we find out addresses, which are processing orders through us who got hold of funds using incorrect practices. In case of local bitcoins I am not sure if you can identify a scammer, and find out how he got hold of his funds.
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
In exchanges like Changelly or Coinswitch - You indeed send them funds, but after conversion the funds are in your custody, in your wallet, in a DEX also you have to send funds, even if it is handled by a software, you have to send them funds. Without sending funds exchange is not possible. With regards to complaints against changelly or any such exchange, I can vouch for Coinswitch, I have worked there since the inception, and we interact with the support of changelly, binance, hitbtc, huobi, changnow on customer's behalf, since all these exchanges are our partner exchange, We make it sure that customers receive there funds and we try to provide a hassle free experience of trading. You may try us out with a small amount and then take your call.

Yeah but that's if the coins actually reach the point where they are converted. If they don't then they still are in the hands of the provider.

There are other alternatives where you don't have to transfer to a trusted party eg. LocalBitcoins.

The point here is that stuff like Changelly is indeed more convenient. But is it safer? Absolutely not.
member
Activity: 190
Merit: 15
Customer Support at https://coinswitch.co/
The best way to stay safe is, not trade via any exchange which are custodial and keep your coins within their wallet, so many times withdrawal is disabled, the coin wallet is at maintenance etc. Prefer to store coins within your own wallet, MetaMask for example works for all ERC20 Standard coins. I would recommend you to use Non Custodial exchanges, i.e instant exchanges, where you send coins from your own wallet and receive after trading in your own wallet.


Can you explain how non-custodial exchanges like Changelly are safer?

https://changelly.com/how-it-works

If you look at the page above, you still need to transfer your funds to them (in Step 1). How is this any different from custodial exchanges?

Can see the point if you say it is more convenient but fail to see if when you say it is safer.

Oh and if you browse the forums, there are many complaints against such exchanges too. Example: https://bitcointalksearch.org/topic/changelly-simplex-is-a-scam-3765927

In exchanges like Changelly or Coinswitch - You indeed send them funds, but after conversion the funds are in your custody, in your wallet, in a DEX also you have to send funds, even if it is handled by a software, you have to send them funds. Without sending funds exchange is not possible. With regards to complaints against changelly or any such exchange, I can vouch for Coinswitch, I have worked there since the inception, and we interact with the support of changelly, binance, hitbtc, huobi, changnow on customer's behalf, since all these exchanges are our partner exchange, We make it sure that customers receive there funds and we try to provide a hassle free experience of trading. You may try us out with a small amount and then take your call.
member
Activity: 476
Merit: 92
The best way to stay safe is, not trade via any exchange which are custodial and keep your coins within their wallet, so many times withdrawal is disabled, the coin wallet is at maintenance etc. Prefer to store coins within your own wallet, MetaMask for example works for all ERC20 Standard coins. I would recommend you to use Non Custodial exchanges, i.e instant exchanges, where you send coins from your own wallet and receive after trading in your own wallet.


Can you explain how non-custodial exchanges like Changelly are safer?

https://changelly.com/how-it-works

If you look at the page above, you still need to transfer your funds to them (in Step 1). How is this any different from custodial exchanges?

Can see the point if you say it is more convenient but fail to see if when you say it is safer.

Oh and if you browse the forums, there are many complaints against such exchanges too. Example: https://bitcointalksearch.org/topic/changelly-simplex-is-a-scam-3765927

It could be better when and if, set up correctly and not only to scam people in the end or to have such a possibility all the time to exit scam in any convenient time.
I don't know how these services work only assume from a post above that this is pure BS because you have to send them the money which is the third party trust problem and a red flag for me.
This could work if done correctly. Like cold storage with multi-sig wallets where you sent them and third-party escrow to manage the funds or any other set up which don't involve a thrust to a third party. Period
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
The best way to stay safe is, not trade via any exchange which are custodial and keep your coins within their wallet, so many times withdrawal is disabled, the coin wallet is at maintenance etc. Prefer to store coins within your own wallet, MetaMask for example works for all ERC20 Standard coins. I would recommend you to use Non Custodial exchanges, i.e instant exchanges, where you send coins from your own wallet and receive after trading in your own wallet.


Can you explain how non-custodial exchanges like Changelly are safer?

https://changelly.com/how-it-works

If you look at the page above, you still need to transfer your funds to them (in Step 1). How is this any different from custodial exchanges?

Can see the point if you say it is more convenient but fail to see if when you say it is safer.

Oh and if you browse the forums, there are many complaints against such exchanges too. Example: https://bitcointalksearch.org/topic/changelly-simplex-is-a-scam-3765927
member
Activity: 190
Merit: 15
Customer Support at https://coinswitch.co/
The best way to stay safe is, not trade via any exchange which are custodial and keep your coins within their wallet, so many times withdrawal is disabled, the coin wallet is at maintenance etc. Prefer to store coins within your own wallet, MetaMask for example works for all ERC20 Standard coins. I would recommend you to use Non Custodial exchanges, i.e instant exchanges, where you send coins from your own wallet and receive after trading in your own wallet.

Check this image -


You can compare the prices and trade, hassle free, with support  best in industry.
member
Activity: 476
Merit: 92
This could be a fake ad because hacker says that he has KYC data from Kraken, Bittrex, Poloniex and there was no information from these exchanges about hacked KYC data.
There is no way they'd publicly disclosed it if they don't even know their database has been hacked. It's quite easy for ICO project to get KYC actually, especially from greedy bounty hunters who don't mind sending their identity over the internet to somebody else. In fact, I see it myself that a team from bounty management might still have access to your KYC (if they don't have strict management policy). So it's not surprising if somebody sells them in the black market.
Also exchanges with false trading volumes, simply to attract investors, it's a bad sign and enough for me to stay away
So you use Forkdelta only? Or did you believe Binance has 100% legit volumes?

I don't think this will be possible to keep such an information secret.
I assume this would be against the law too if they kept it secret.
They are obligated to do this if such an event occurs, I think.
member
Activity: 476
Merit: 92
It's been a while I came across such a descriptive post here on the forum, nice work and very understandable steps which would be very useful to all enthusiasts.
I have also dropped you s merit for effort and relevance. I would surely be applying this steps next time I visit an exchange.

Thanks your appreciation matters to me and encouraged me to update once again this list. Here are the changes I have made today:

- Add 2FA authentication to your account and any other available security measures, such as the anti-phishing password for email, pin, additional security questions.
- Before logging in, double-check the URL of the site and bookmark it.
- Always check everything three times, especially the current information page (if available), which currently coins or tokens should be avoided, maintenance is carried out or there are any other problems, for example with synchronization, addresses, fees, times, etc.
- During the transaction itself (purchase/sale or deposit), use the triple check rule to check amounts, addresses, etc.
- Never deposit everything in one transaction.
- Send a small amount first and check if everything works (transfer, trade, withdrawal, confirmation).
- Continue depositing smaller amounts (smaller amounts mean less headache if something goes wrong).
- Withdraw each time before the next deposit, if possible.
- Never leave your coins or tokens on the exchange because it is not intended for that.
- Always remember that the exchange is not a wallet and is not secure.
- Never use exchange addresses for payments for bounty or for air-drops.
- Before each use of the exchange check its pages on social networks, in particular on Twitter, Facebook and see new complaints about coins or tokens.
- Be careful about the security of 2FA itself, keep the backup codes for each 2FA secured exchange (use Authy as 2FA due to the possibility of backups).
- TOTP for 2FA (you scan a QR code by Authy or a similar program which is implementing TOTP according to the specification in RFC 6238) it is a much better solution than authentication by means of incoming codes via SMS because it is not difficult to take over a phone number.
- Do not send scans of documents to an unknown stock exchange immediately after registration, usually, it is not necessary to trade only with cryptocurrencies.
- Diversification is very important. Trade on a few exchanges if possible because trading on one is associated with the risk of losing all capital.
- When selecting an exchange, you can use the Blockchain Transparency Institute as a guide. The list includes exchanges with suspicious trading and money laundering activities.
- Register on several exchanges, so you have plenty of options available. Do not wait for the crypto mania to run before attempting your registration. Sometimes you can not have an opportunity at all.

- While contacting customer service, try to wait at least the minimum response time, often inform about the minimum time to reply (do not create many queries).
- Try to get help on the official social media websites of a given exchange (sometimes it works great, sometimes not).
- Use various contact options such as chat, phone, WhatsApp or Skype if available.
- Be polite, do not lose your patience, provide all the documents they ask for (even if you have to send the same document several times).
- Do not give up when they say "no", be persistent (if you are right) and start from the beginning. Sometimes another agent will help you (they are just people and often make mistakes).

I hope You like it even better now   Cool.

Additionally, I see that @wwzsocki the author of the main version has published lately this post in polish language https://bitcointalksearch.org/topic/bezpieczestwo-na-giedzie-i-rady-dotyczce-obsugi-klienta-5119320 and I updated a few added changes.
member
Activity: 210
Merit: 29
It's been a while I came across such a descriptive post here on the forum, nice work and very understandable steps which would be very useful to all enthusiasts.
I have also dropped you s merit for effort and relevance. I would surely be applying this steps next time I visit an exchange.
member
Activity: 476
Merit: 92
Hey OP great list! Some suggestions...

Diversify as much as possible. Trade across multiple exchanges for large sums. You may save on transaction fees by trading on a single exchange but this comes with risks. Example would be what happened to this guy. He sent funds to Quadriga and sought to withdraw them immediately but wasn't able to do so.

Diversifying also means signing up for multiple exchanges beforehand so that you have plenty of options on hand. Don't wait for the crypto mania to kick in before attempting to sign up. If not, you may not get be able to sign up at all.

On choosing reliable exchanges, users can refer to Blockchain Transparency Institute as a guide. The list includes exchanges with suspected wash trading activity.

On a final note, your list is incredibly detailed and we like it. Wish we could merit you but we don't have any. We previously did an article on cryptocurrency exchange safety which had not covered some of the points you raised. Would get down to updating our article in the future and would provide full credits back to your opening post.

Thanks.


Thank you very much for your useful insights. I will add your suggestions to my list today.
If anybody has more great information such as these above please share so we can make the best guide ever possible
full member
Activity: 1120
Merit: 200
Turkish Translator
Useful information regarding security, thank you. I support KYC when it comes to secure trading and if possible, I always check teams' experiences to make sure.
Pages:
Jump to: