Hey OP great list! Some suggestions...
Diversify as much as possible. Trade across multiple exchanges for large sums. You may save on transaction fees by trading on a single exchange but this comes with risks. Example would be what happened to this guy. He sent funds to Quadriga and sought to withdraw them immediately but wasn't able to do so.
Diversifying also means signing up for multiple exchanges before hand so that you have plenty of options on hand. Don't wait for the crypto mania to kick in before attempting to sign up. If not, you may not get be able to sign up at all.
On choosing reliable exchanges, users can refer to Blockchain Transparency Institute as a guide. The list includes exchanges with suspected wash trading activity.
On a final note, your list is incredibly detailed and we like it. Wish we could merit you but we don't have any. We previously did an article on cryptocurrency exchange safety which had not covered some of the points you raised. Would get down to updating our article in the future and would provide full credits back to your opening post.
Thanks.
Topic: [Guide] Stay safe when dealing with Exchanges. - page 2. (Read 1031 times)
any reason why you'd go with those listed from you?
Huobi as an example is one of the largest exchanges, and lists almost as many coins as Binance.
and is cheaper than Binance (and Liqui for that matter)
why not stick with the big exchanges?
My educated guess would be that those small exchanges are popular with the lesser-known tokens.
For the OP, crypto mania,
Firstly, I give you a round of applause for the helpful topic.
Secondly, I have a recommendation for you on the way you quoted others' posts.
For your next posts, you should avoid over-quotes or pyramid quotes to keep the topic clean, and easily to follow discussion as well as flow of ideas.
Avoiding over- or pyramid- quotes also help to protect forum users' fingers (because without pyramid quotes, they don't have to over scroll their computer or laptop mouses by their fingers and get them hurted).
There is my topic on tips to avoid pyramid quote:
Tips for newbies, who want to avoid over-quoting
For example, you can easily see how DdmrDdmr quoted and joined the discussion.
Firstly, I give you a round of applause for the helpful topic.
Secondly, I have a recommendation for you on the way you quoted others' posts.
For your next posts, you should avoid over-quotes or pyramid quotes to keep the topic clean, and easily to follow discussion as well as flow of ideas.
Avoiding over- or pyramid- quotes also help to protect forum users' fingers (because without pyramid quotes, they don't have to over scroll their computer or laptop mouses by their fingers and get them hurted).
There is my topic on tips to avoid pyramid quote:
Tips for newbies, who want to avoid over-quoting
For example, you can easily see how DdmrDdmr quoted and joined the discussion.
This could be a fake ad because hacker says that he has KYC data from Kraken, Bittrex, Poloniex and there was no information from these exchanges about hacked KYC data.
There is no way they'd publicly disclosed it if they don't even know their database has been hacked. It's quite easy for ICO project to get KYC actually, especially from greedy bounty hunters who don't mind sending their identity over the internet to somebody else. In fact, I see it myself that a team from bounty management might still have access to your KYC (if they don't have strict management policy). So it's not surprising if somebody sells them in the black market.
Also exchanges with false trading volumes, simply to attract investors, it's a bad sign and enough for me to stay away
So you use Forkdelta only? Or did you believe Binance has 100% legit volumes?
I always make sure to usd popular exchanges, the ones that have real volume and is widely used.
I never trade on new exchanges or any one that looks fishy or has any sort of negative feedback.this is one way I stay away from scan exchanges
Also exchanges with false trading volumes, simply to attract investors, it's a bad sign and enough for me to stay away
I never trade on new exchanges or any one that looks fishy or has any sort of negative feedback.this is one way I stay away from scan exchanges
Also exchanges with false trading volumes, simply to attract investors, it's a bad sign and enough for me to stay away
I've always check their volume and if they need KYC for a very small transaction, because I have bad for two exchanges just for withdrawing my 10 usd worth of token, I have to pass the KYC.
Lately, there are already started to pop up on the dark web sell offers with KYC data from major exchanges.
I will not share the link to the source to not advertise hackers if somebody wants to know more can search on google.
This could be a fake ad because hacker says that he has KYC data from Kraken, Bittrex, Poloniex and there was no information from these exchanges about hacked KYC data.
Let's hope this was a bad joke.
...why not stick with the big exchanges?
Sometimes I have tokens (bounty, airdrop) which are listed only on this scammy exchanges and that is why sometimes one has to be dealing with them.
Anyways during all these years and many problems along the road (look at the list), I was never hacked and finally always get paid (took 8 months once).
This is why I know that this guide works for everybody just stick to those few points and You will be relatively safe.
I've always check their volume and if they need KYC for a very small transaction, because I have bad for two exchanges just for withdrawing my 10 usd worth of token, I have to pass the KYC.
I am impressed with the level of explanation and guidance that have been given here on exchanges. I will take a cue from it and avoid mistakes when dealing with exchanges. Thank you
I have been doing the things you have mentioned constantly but before doing those I am focused on doing a background check on the exchange itself first. Doing a quick search in Google you will see if the exchange you are planning to trade with is either reliable or not. You will see a lot of past complaints, scandals, and even confirmed scams which will alert you with red flags on stepping away from that site. Even the big names in the industry there is nothing wrong on doing background checks as you might find something new that you won't like if your trade with their platform.
If any exchange have something bad happens to me, this shows that it is not worthy of my trust. Once I withdraw, I will never go there again.
Exchanges that has been blacklisted by me:(These are my personal views, others may not think so)
FatBTC:No withdrawal channel after the token is removed.
Liqui:Change deposit address many times.
stocks: Withdraw fee too high. it is very very high.
yobit: Too many scam coins,and service attitude is very bad.
FCoin: Price manipulation, liar.
CoinBene:Too many MLM coins, and some of which are their own.
For the beginners, 3 points of advice.
1. Deposit security is always the first,So choose only those exchanges with good reputation, such as binance,Huobi. At least they won't swindle your money.
2. Be cautious about unfamiliar exchanges,especially for exchanges that you have not heard of, if you want to deposit, please be sure to deposit a small amount first.
3. Before depositing, it is important to check whether the address is accurate. If it is an ERC20 token, you need to check whether the contract address are consistent. I used to deposit the same name token. Unfortunately, they are different tokens, so my token is lost.
Exchanges that has been blacklisted by me:(These are my personal views, others may not think so)
FatBTC:No withdrawal channel after the token is removed.
Liqui:Change deposit address many times.
stocks: Withdraw fee too high. it is very very high.
yobit: Too many scam coins,and service attitude is very bad.
FCoin: Price manipulation, liar.
CoinBene:Too many MLM coins, and some of which are their own.
For the beginners, 3 points of advice.
1. Deposit security is always the first,So choose only those exchanges with good reputation, such as binance,Huobi. At least they won't swindle your money.
2. Be cautious about unfamiliar exchanges,especially for exchanges that you have not heard of, if you want to deposit, please be sure to deposit a small amount first.
3. Before depositing, it is important to check whether the address is accurate. If it is an ERC20 token, you need to check whether the contract address are consistent. I used to deposit the same name token. Unfortunately, they are different tokens, so my token is lost.
any reason why you'd go with those listed from you?
Huobi as an example is one of the largest exchanges, and lists almost as many coins as Binance.
and is cheaper than Binance (and Liqui for that matter)
why not stick with the big exchanges?
Very nice guide and great suggestions. I also want to say few words. Some exchanges have sms 2FA which aren't very safe. Always use Google 2FA if possible and don't forget to backup your recovery code. Once I had problem on Bittrex. I didn't cared much about security and someone hacked my account. And hacker added his 2FA on my Bittrex account and I wasn't able to login. Fortunately support helped to recover my account and hacker wasn't able to withdraw my money. Since then I always use 2FA on exchanges.
And one point which wasn't mentioned by you, related to phishing scams. We often see various giveaways of BTC or ETH on social media posted with name of famous exchange. But it's always posted from fake accounts. Exchanges aren't giving money for free, these fake giveaways are made only to scam people.
And one point which wasn't mentioned by you, related to phishing scams. We often see various giveaways of BTC or ETH on social media posted with name of famous exchange. But it's always posted from fake accounts. Exchanges aren't giving money for free, these fake giveaways are made only to scam people.
I will add a suggestion about KYC.
Don't send your documents scans to an unknown exchange especially when you will be dealing only with cryptocurrencies.
There are plenty of decentralized and P2P exchanges which are capable to do this same with lower fees and full anonymity.
These shady exchanges ask for your documents only to scam you later by selling them or even worse they will use it to hack you.
Not a joke with this hack because a friend of mine was hacked lately 2 days after the first time he sends documents to an unknown crypto exchange only to be able to lift crypto withdrawal limits.
This exchanges do it on purpose and remember that they have a lot of info about you and the capacity of your wallet.
Don't forget that your documents and all additional info this exchanges already have (emails, phones, addresses, coin holdings, etc.) about you combined together are a very solid tool for an attacker.
Don't send your documents scans to an unknown exchange especially when you will be dealing only with cryptocurrencies.
There are plenty of decentralized and P2P exchanges which are capable to do this same with lower fees and full anonymity.
These shady exchanges ask for your documents only to scam you later by selling them or even worse they will use it to hack you.
Not a joke with this hack because a friend of mine was hacked lately 2 days after the first time he sends documents to an unknown crypto exchange only to be able to lift crypto withdrawal limits.
This exchanges do it on purpose and remember that they have a lot of info about you and the capacity of your wallet.
Don't forget that your documents and all additional info this exchanges already have (emails, phones, addresses, coin holdings, etc.) about you combined together are a very solid tool for an attacker.
This is also a valid suggestion @wwzsocki. Thank you for input. I will add this one too.
I thought that P2P and decentralized exchanges will change the crypto landscape when there where all this new peer to peer exchanges ICO's running last year. As we see they haven't disrupted anything because people need the possibility to withdraw at some point in FIAT, I assume.
What are your thought about this exchanges?
I will add a suggestion about KYC.
Don't send your documents scans to an unknown exchange especially when you will be dealing only with cryptocurrencies.
There are plenty of decentralized and P2P exchanges which are capable to do this same with lower fees and full anonymity.
These shady exchanges ask for your documents only to scam you later by selling them or even worse they will use it to hack you.
Not a joke with this hack because a friend of mine was hacked lately 2 days after the first time he sends documents to an unknown crypto exchange only to be able to lift crypto withdrawal limits.
This exchanges do it on purpose and remember that they have a lot of info about you and the capacity of your wallet.
Don't forget that your documents and all additional info this exchanges already have (emails, phones, addresses, coin holdings, etc.) about you combined together are a very solid tool for an attacker.
Don't send your documents scans to an unknown exchange especially when you will be dealing only with cryptocurrencies.
There are plenty of decentralized and P2P exchanges which are capable to do this same with lower fees and full anonymity.
These shady exchanges ask for your documents only to scam you later by selling them or even worse they will use it to hack you.
Not a joke with this hack because a friend of mine was hacked lately 2 days after the first time he sends documents to an unknown crypto exchange only to be able to lift crypto withdrawal limits.
This exchanges do it on purpose and remember that they have a lot of info about you and the capacity of your wallet.
Don't forget that your documents and all additional info this exchanges already have (emails, phones, addresses, coin holdings, etc.) about you combined together are a very solid tool for an attacker.
<…>
Just a quick note regarding 2FA on exchanges: while it is very important to add in my opinion, we must also be wary about the security of the 2FA itself, keeping the backup codes for every exchange we protect with 2FA (and better still, use Authy as a 2FA due to it’s backup capabilities). Recently I encountered a case on my local board of a person who has 2FA all around, and had his phone stolen. He didn’t have the backup codes to each 2FA protected exchange, and spent many hours trying to remove 2FA on each exchange/site and reinstall it with his new phone. One exchange in particular is a real pain: Hitbtc. The security measures are really high when it comes to trying to disable 2FA after a theft/loss, and you need to prove a bunch of things: IdCard, photos, videos with written specific text, Hash of TXs that served to load assets onto Hitbtc (this can be quite difficult to retrieve), a lot of headaches and time, and the issue is still ongoing after weeks.
In summary: Activating 2FA on exchanges is a yes, but extra care of keeping the backup codes.
Thank you very much for your support @DdmrDdmr.
I will add this suggestion to my guide because I think is a really important one.
This example you provided is exactly what I am afraid of lately.
I am using personally 2FA overall when possible. I have so many codes on my phone that I scroll sometimes a few seconds to find the right one.
I try to have all codes saved and backup but I just can't stop thinking how many hours this will take to recover all these accounts if anything happens with my phone and how not secure is to store this codes all over the computer, phone, tablet, etc. in my case.
I know that sometimes I haven't saved any code when enabling 2FA because there was no code provided. I was sure that in such a situation the main google codes are enough to recover 2FA on each account but lately when I started to write this guide, I learned that this is not the case and 2FA is not so secure especially when on the phone.
<…>
Just a quick note regarding 2FA on exchanges: while it is very important to add in my opinion, we must also be wary about the security of the 2FA itself, keeping the backup codes for every exchange we protect with 2FA (and better still, use Authy as a 2FA due to it’s backup capabilities). Recently I encountered a case on my local board of a person who has 2FA all around, and had his phone stolen. He didn’t have the backup codes to each 2FA protected exchange, and spent many hours trying to remove 2FA on each exchange/site and reinstall it with his new phone. One exchange in particular is a real pain: Hitbtc. The security measures are really high when it comes to trying to disable 2FA after a theft/loss, and you need to prove a bunch of things: IdCard, photos, videos with written specific text, Hash of TXs that served to load assets onto Hitbtc (this can be quite difficult to retrieve), a lot of headaches and time, and the issue is still ongoing after weeks.
In summary: Activating 2FA on exchanges is a yes, but extra care of keeping the backup codes.
Just try to keep this thread alive because is a useful guide for crypto beginners especially when they start to use exchanges.
If you have your own additional security checks or have any tips/suggestions on how to improve this guide then share and I will be happy to use it.
If you have your own additional security checks or have any tips/suggestions on how to improve this guide then share and I will be happy to use it.
Just try to keep this thread alive because is a useful guide for crypto beginners especially when they start to use exchanges.
If you have your own additional security checks or have any tips/suggestions on how to improve this guide then share and I will be happy to use it.
If you have your own additional security checks or have any tips/suggestions on how to improve this guide then share and I will be happy to use it.
You are right is a very good guide and is worth to keep it visible. It would be nice if people share their appreciation and comment to bump it further.
I have merited you too because I think is just not right that such helpful guides are not merited at all when other members get 50 merits for one line comments.
There are a few easy steps when dealing with an exchange to be safe:
- Add 2FA authentication to your account and any other available security measures like anti-phishing password, etc.
- Always triple check everything, especially coin info page if available, addresses, amounts, fees...
- Never deposit your entire stack in one transaction.
- Send first small amount and check if everything works (transfer, trading, withdrawal).
- If everything works still continue with smaller amounts (smaller amounts equals smaller headache).
- Withdraw each time before next deposit.
- Never leave your coins on the exchange.
- Always remember this is not a wallet and is not secure.
- Never use exchange addresses for bounty or airdrop payments.
- Check exchange social media pages, especially Twitter and Facebook before trading, deposit, withdraw, etc.(read new complaints and which coins to avoid).
What I always do in checking with the exchange is always double or triple check the website url, you might get phish if you're using the wrong one. Honestly, I always use the exchanges that are on coinmarketcap.com, in that way you can avoid scam exchanges. And always add 2FA authentication to your account if possible because it is very important security measure that everybody uses.- Add 2FA authentication to your account and any other available security measures like anti-phishing password, etc.
- Always triple check everything, especially coin info page if available, addresses, amounts, fees...
- Never deposit your entire stack in one transaction.
- Send first small amount and check if everything works (transfer, trading, withdrawal).
- If everything works still continue with smaller amounts (smaller amounts equals smaller headache).
- Withdraw each time before next deposit.
- Never leave your coins on the exchange.
- Always remember this is not a wallet and is not secure.
- Never use exchange addresses for bounty or airdrop payments.
- Check exchange social media pages, especially Twitter and Facebook before trading, deposit, withdraw, etc.(read new complaints and which coins to avoid).
Thank you very much for your suggestion. You are of course right and this is very important to check URL and bookmark it for later.
Added as the second point in my guide because you can be in real deep shit when using phishing exchange URL.
There are a few easy steps when dealing with an exchange to be safe:
- Add 2FA authentication to your account and any other available security measures like anti-phishing password, etc.
- Always triple check everything, especially coin info page if available, addresses, amounts, fees...
- Never deposit your entire stack in one transaction.
- Send first small amount and check if everything works (transfer, trading, withdrawal).
- If everything works still continue with smaller amounts (smaller amounts equals smaller headache).
- Withdraw each time before next deposit.
- Never leave your coins on the exchange.
- Always remember this is not a wallet and is not secure.
- Never use exchange addresses for bounty or airdrop payments.
- Check exchange social media pages, especially Twitter and Facebook before trading, deposit, withdraw, etc.(read new complaints and which coins to avoid).
What I always do in checking with the exchange is always double or triple check the website url, you might get phish if you're using the wrong one. Honestly, I always use the exchanges that are on coinmarketcap.com, in that way you can avoid scam exchanges. And always add 2FA authentication to your account if possible because it is very important security measure that everybody uses. - Add 2FA authentication to your account and any other available security measures like anti-phishing password, etc.
- Always triple check everything, especially coin info page if available, addresses, amounts, fees...
- Never deposit your entire stack in one transaction.
- Send first small amount and check if everything works (transfer, trading, withdrawal).
- If everything works still continue with smaller amounts (smaller amounts equals smaller headache).
- Withdraw each time before next deposit.
- Never leave your coins on the exchange.
- Always remember this is not a wallet and is not secure.
- Never use exchange addresses for bounty or airdrop payments.
- Check exchange social media pages, especially Twitter and Facebook before trading, deposit, withdraw, etc.(read new complaints and which coins to avoid).
Jump to: