Author

Topic: [Guide] Stay safe when dealing with Exchanges. (Read 1077 times)

full member
Activity: 332
Merit: 103
October 13, 2019, 06:23:01 PM
#49
Just stop using KYC. It is not going to help you. You know you, not a criminal so you do not need it. How dare anyone impose this ridiculous bullshit on me. They really go overboard and it is mostly the USA.
Hyper paranoia and illogical fear of imaginary terrorists being funded by bitcoin. I mean, please. Grow up.



...when you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document...
Thank you for this suggestion, of course, will be added to my list.
I will try to award you with merit when I only get new once.

How often do we get new merits? I should be giing people some as well.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
I just updated this thread and added a couple of more bad experiences that happened to me lately on exchanges.

The biggest problem is that some of the crypto exchanges force us to fulfill KYC which was not needed when I was registering.

Actually, I am talking about Novaexchange which is closing soon and sent me a reminder to withdraw but first I have to fulfill KYC which I don't want to do.

I have never deposited any FIAT there so I don't understand this requirement and am not willing to do this because of many reasons.

First, I don't want to share my documents with an exchange that is closing and has not the best reputation.
Second, was not needed before so why now?

I am curious about your opinions on this topic?

KYC is pretty much a double-edged sword. From the exchange's POV, they need it to ensure you're the legit owner of the account and of course track down individuals involved in fraud.

On the other hand, we users want everything to go on smoothly.

Without a doubt many find it annoying because we're giving away our info and many providers tend to take our identities for granted. Imagine if database breaches occur, what's worse than our KYCs being involved?

But then for your case, do you have the authority to tell them how to scrutinize their users? You're at their mercy the moment you register an account, remember that.

If you've nothing to lose from the closure, by all means, ignore their request for KYC. How much do you have in the account?
member
Activity: 476
Merit: 92
I just updated this thread and added a couple of more bad experiences that happened to me lately on exchanges.
The biggest problem is that some of the crypto exchanges force us to fulfill KYC which was not needed when I was registering.

Actually, I am talking about Nova exchange, which is closing soon and sent me a reminder to withdraw but first I have to fulfill KYC which I don't want to do.
I have never deposited any FIAT there so I don't understand this requirement and am not willing to do this because of many reasons.

First, I don't want to share my documents with an exchange that is closing and has not the best reputation. Second, was not needed before so why now?
I am curious about your opinions on this topic?
member
Activity: 476
Merit: 92
Also, when you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document. If your data are hacked or leaked and used on some other site .. you can trace where it was leaked...

Another good suggestion.

Is now on my list: "When you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document this will prevent or make harder for hackers to use it."

If anybody has additional suggestions on how to stay safe on exchange and when dealing with support then please share. We will all benefit from the knowledge.

...And one point which wasn't mentioned by you, related to phishing scams. We often see various giveaways of BTC or ETH on social media posted with name of famous exchange. But it's always posted from fake accounts. Exchanges aren't giving money for free, these fake giveaways are made only to scam people.

Thank you @LTU_btc for this suggestion and sorry that it took so long to respond. I was updating today this thread and read all answers to check if I haven't missed any and I found that indeed I missed a few quality posts.

I already had a similar point in my list and maybe that is why I haven't added it faster. Anyways, I adjusted this point and now looks like this: " Check exchange on google and their social network pages, in particular: Twitter, Facebook. Search for new complaints about coins or tokens, scam accusations, etc."
member
Activity: 476
Merit: 92
I see the list is growing and I will update all added points in my Polish thread if you don't mind @crypto mania?
Of course, I am ok with that. This is still your thread but I have changed a few things and added all new suggestions. I keep translating all changes from your Polish thread too  Wink. This is my first guide on BTT and I want it to be really good. I will wait for your update and add it here too of course. Don't have to ask me anymore for permission and you can do whatever you want with this text.
legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
I see the list is growing and I will update all added points in my Polish thread if you don't mind @crypto mania?

There is a big chance to make a really good guide from this post for beginners.

I will add in the nearest future a few points to support guide.

I see a member which works as a support agent shared valuable info here in your thread and I will use it too in my Polish thread if you are ok with that?
member
Activity: 476
Merit: 92
...when you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document...
Thank you for this suggestion, of course, will be added to my list.
I will try to award you with merit when I only get new once.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Also, when you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document. If your data are hacked or leaked and used on some other site .. you can trace where it was leaked. The identity thief will have to Photoshop the documents, before they use it and they will not want to go through all that trouble. They will much rather use someone else's documents, without this markings being done to the documents.

The exchange can still use the documents for verification, but they will see that you are cautious about the sensitivity of your personal documents.  Wink
member
Activity: 476
Merit: 92
In exchanges like Changelly or Coinswitch - You indeed send them funds, but after conversion the funds are in your custody, in your wallet, in a DEX also you have to send funds, even if it is handled by a software, you have to send them funds. Without sending funds exchange is not possible. With regards to complaints against changelly or any such exchange, I can vouch for Coinswitch, I have worked there since the inception, and we interact with the support of changelly, binance, hitbtc, huobi, changnow on customer's behalf, since all these exchanges are our partner exchange, We make it sure that customers receive there funds and we try to provide a hassle free experience of trading. You may try us out with a small amount and then take your call.

Yeah but that's if the coins actually reach the point where they are converted. If they don't then they still are in the hands of the provider.

There are other alternatives where you don't have to transfer to a trusted party eg. LocalBitcoins.

The point here is that stuff like Changelly is indeed more convenient. But is it safer? Absolutely not.

Since I have been working in crypto industry for long, also since I work for Coinswitch, let me tell you, we handle support issues for all our partner exchanges, weather it is binance, changelly, changenow, idex, blocktrades, swaplabs etc. 1000s of orders are processed through them, and through us also. We have a fraud detection system enabled by which we find out addresses, which are processing orders through us who got hold of funds using incorrect practices. In case of local bitcoins I am not sure if you can identify a scammer, and find out how he got hold of his funds.

Thank you very much for this explanation because it changed my point of view about these exchanges. I assume that conversion is made also on the software level and indeed without sending money there will be no exchange. I have used ED a lot and indeed the funds were always safe and only hacked users using a phishing site but never by a hack on the exchange or related to.
member
Activity: 190
Merit: 15
Customer Support at https://coinswitch.co/
In exchanges like Changelly or Coinswitch - You indeed send them funds, but after conversion the funds are in your custody, in your wallet, in a DEX also you have to send funds, even if it is handled by a software, you have to send them funds. Without sending funds exchange is not possible. With regards to complaints against changelly or any such exchange, I can vouch for Coinswitch, I have worked there since the inception, and we interact with the support of changelly, binance, hitbtc, huobi, changnow on customer's behalf, since all these exchanges are our partner exchange, We make it sure that customers receive there funds and we try to provide a hassle free experience of trading. You may try us out with a small amount and then take your call.

Yeah but that's if the coins actually reach the point where they are converted. If they don't then they still are in the hands of the provider.

There are other alternatives where you don't have to transfer to a trusted party eg. LocalBitcoins.

The point here is that stuff like Changelly is indeed more convenient. But is it safer? Absolutely not.

Since I have been working in crypto industry for long, also since I work for Coinswitch, let me tell you, we handle support issues for all our partner exchanges, weather it is binance, changelly, changenow, idex, blocktrades, swaplabs etc. 1000s of orders are processed through them, and through us also. We have a fraud detection system enabled by which we find out addresses, which are processing orders through us who got hold of funds using incorrect practices. In case of local bitcoins I am not sure if you can identify a scammer, and find out how he got hold of his funds.
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
In exchanges like Changelly or Coinswitch - You indeed send them funds, but after conversion the funds are in your custody, in your wallet, in a DEX also you have to send funds, even if it is handled by a software, you have to send them funds. Without sending funds exchange is not possible. With regards to complaints against changelly or any such exchange, I can vouch for Coinswitch, I have worked there since the inception, and we interact with the support of changelly, binance, hitbtc, huobi, changnow on customer's behalf, since all these exchanges are our partner exchange, We make it sure that customers receive there funds and we try to provide a hassle free experience of trading. You may try us out with a small amount and then take your call.

Yeah but that's if the coins actually reach the point where they are converted. If they don't then they still are in the hands of the provider.

There are other alternatives where you don't have to transfer to a trusted party eg. LocalBitcoins.

The point here is that stuff like Changelly is indeed more convenient. But is it safer? Absolutely not.
member
Activity: 190
Merit: 15
Customer Support at https://coinswitch.co/
The best way to stay safe is, not trade via any exchange which are custodial and keep your coins within their wallet, so many times withdrawal is disabled, the coin wallet is at maintenance etc. Prefer to store coins within your own wallet, MetaMask for example works for all ERC20 Standard coins. I would recommend you to use Non Custodial exchanges, i.e instant exchanges, where you send coins from your own wallet and receive after trading in your own wallet.


Can you explain how non-custodial exchanges like Changelly are safer?

https://changelly.com/how-it-works

If you look at the page above, you still need to transfer your funds to them (in Step 1). How is this any different from custodial exchanges?

Can see the point if you say it is more convenient but fail to see if when you say it is safer.

Oh and if you browse the forums, there are many complaints against such exchanges too. Example: https://bitcointalksearch.org/topic/changelly-simplex-is-a-scam-3765927

In exchanges like Changelly or Coinswitch - You indeed send them funds, but after conversion the funds are in your custody, in your wallet, in a DEX also you have to send funds, even if it is handled by a software, you have to send them funds. Without sending funds exchange is not possible. With regards to complaints against changelly or any such exchange, I can vouch for Coinswitch, I have worked there since the inception, and we interact with the support of changelly, binance, hitbtc, huobi, changnow on customer's behalf, since all these exchanges are our partner exchange, We make it sure that customers receive there funds and we try to provide a hassle free experience of trading. You may try us out with a small amount and then take your call.
member
Activity: 476
Merit: 92
The best way to stay safe is, not trade via any exchange which are custodial and keep your coins within their wallet, so many times withdrawal is disabled, the coin wallet is at maintenance etc. Prefer to store coins within your own wallet, MetaMask for example works for all ERC20 Standard coins. I would recommend you to use Non Custodial exchanges, i.e instant exchanges, where you send coins from your own wallet and receive after trading in your own wallet.


Can you explain how non-custodial exchanges like Changelly are safer?

https://changelly.com/how-it-works

If you look at the page above, you still need to transfer your funds to them (in Step 1). How is this any different from custodial exchanges?

Can see the point if you say it is more convenient but fail to see if when you say it is safer.

Oh and if you browse the forums, there are many complaints against such exchanges too. Example: https://bitcointalksearch.org/topic/changelly-simplex-is-a-scam-3765927

It could be better when and if, set up correctly and not only to scam people in the end or to have such a possibility all the time to exit scam in any convenient time.
I don't know how these services work only assume from a post above that this is pure BS because you have to send them the money which is the third party trust problem and a red flag for me.
This could work if done correctly. Like cold storage with multi-sig wallets where you sent them and third-party escrow to manage the funds or any other set up which don't involve a thrust to a third party. Period
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
The best way to stay safe is, not trade via any exchange which are custodial and keep your coins within their wallet, so many times withdrawal is disabled, the coin wallet is at maintenance etc. Prefer to store coins within your own wallet, MetaMask for example works for all ERC20 Standard coins. I would recommend you to use Non Custodial exchanges, i.e instant exchanges, where you send coins from your own wallet and receive after trading in your own wallet.


Can you explain how non-custodial exchanges like Changelly are safer?

https://changelly.com/how-it-works

If you look at the page above, you still need to transfer your funds to them (in Step 1). How is this any different from custodial exchanges?

Can see the point if you say it is more convenient but fail to see if when you say it is safer.

Oh and if you browse the forums, there are many complaints against such exchanges too. Example: https://bitcointalksearch.org/topic/changelly-simplex-is-a-scam-3765927
member
Activity: 190
Merit: 15
Customer Support at https://coinswitch.co/
The best way to stay safe is, not trade via any exchange which are custodial and keep your coins within their wallet, so many times withdrawal is disabled, the coin wallet is at maintenance etc. Prefer to store coins within your own wallet, MetaMask for example works for all ERC20 Standard coins. I would recommend you to use Non Custodial exchanges, i.e instant exchanges, where you send coins from your own wallet and receive after trading in your own wallet.

Check this image -


You can compare the prices and trade, hassle free, with support  best in industry.
member
Activity: 476
Merit: 92
This could be a fake ad because hacker says that he has KYC data from Kraken, Bittrex, Poloniex and there was no information from these exchanges about hacked KYC data.
There is no way they'd publicly disclosed it if they don't even know their database has been hacked. It's quite easy for ICO project to get KYC actually, especially from greedy bounty hunters who don't mind sending their identity over the internet to somebody else. In fact, I see it myself that a team from bounty management might still have access to your KYC (if they don't have strict management policy). So it's not surprising if somebody sells them in the black market.
Also exchanges with false trading volumes, simply to attract investors, it's a bad sign and enough for me to stay away
So you use Forkdelta only? Or did you believe Binance has 100% legit volumes?

I don't think this will be possible to keep such an information secret.
I assume this would be against the law too if they kept it secret.
They are obligated to do this if such an event occurs, I think.
member
Activity: 476
Merit: 92
It's been a while I came across such a descriptive post here on the forum, nice work and very understandable steps which would be very useful to all enthusiasts.
I have also dropped you s merit for effort and relevance. I would surely be applying this steps next time I visit an exchange.

Thanks your appreciation matters to me and encouraged me to update once again this list. Here are the changes I have made today:

- Add 2FA authentication to your account and any other available security measures, such as the anti-phishing password for email, pin, additional security questions.
- Before logging in, double-check the URL of the site and bookmark it.
- Always check everything three times, especially the current information page (if available), which currently coins or tokens should be avoided, maintenance is carried out or there are any other problems, for example with synchronization, addresses, fees, times, etc.
- During the transaction itself (purchase/sale or deposit), use the triple check rule to check amounts, addresses, etc.
- Never deposit everything in one transaction.
- Send a small amount first and check if everything works (transfer, trade, withdrawal, confirmation).
- Continue depositing smaller amounts (smaller amounts mean less headache if something goes wrong).
- Withdraw each time before the next deposit, if possible.
- Never leave your coins or tokens on the exchange because it is not intended for that.
- Always remember that the exchange is not a wallet and is not secure.
- Never use exchange addresses for payments for bounty or for air-drops.
- Before each use of the exchange check its pages on social networks, in particular on Twitter, Facebook and see new complaints about coins or tokens.
- Be careful about the security of 2FA itself, keep the backup codes for each 2FA secured exchange (use Authy as 2FA due to the possibility of backups).
- TOTP for 2FA (you scan a QR code by Authy or a similar program which is implementing TOTP according to the specification in RFC 6238) it is a much better solution than authentication by means of incoming codes via SMS because it is not difficult to take over a phone number.
- Do not send scans of documents to an unknown stock exchange immediately after registration, usually, it is not necessary to trade only with cryptocurrencies.
- Diversification is very important. Trade on a few exchanges if possible because trading on one is associated with the risk of losing all capital.
- When selecting an exchange, you can use the Blockchain Transparency Institute as a guide. The list includes exchanges with suspicious trading and money laundering activities.
- Register on several exchanges, so you have plenty of options available. Do not wait for the crypto mania to run before attempting your registration. Sometimes you can not have an opportunity at all.

- While contacting customer service, try to wait at least the minimum response time, often inform about the minimum time to reply (do not create many queries).
- Try to get help on the official social media websites of a given exchange (sometimes it works great, sometimes not).
- Use various contact options such as chat, phone, WhatsApp or Skype if available.
- Be polite, do not lose your patience, provide all the documents they ask for (even if you have to send the same document several times).
- Do not give up when they say "no", be persistent (if you are right) and start from the beginning. Sometimes another agent will help you (they are just people and often make mistakes).

I hope You like it even better now   Cool.

Additionally, I see that @wwzsocki the author of the main version has published lately this post in polish language https://bitcointalksearch.org/topic/bezpieczestwo-na-giedzie-i-rady-dotyczce-obsugi-klienta-5119320 and I updated a few added changes.
member
Activity: 210
Merit: 29
It's been a while I came across such a descriptive post here on the forum, nice work and very understandable steps which would be very useful to all enthusiasts.
I have also dropped you s merit for effort and relevance. I would surely be applying this steps next time I visit an exchange.
member
Activity: 476
Merit: 92
Hey OP great list! Some suggestions...

Diversify as much as possible. Trade across multiple exchanges for large sums. You may save on transaction fees by trading on a single exchange but this comes with risks. Example would be what happened to this guy. He sent funds to Quadriga and sought to withdraw them immediately but wasn't able to do so.

Diversifying also means signing up for multiple exchanges beforehand so that you have plenty of options on hand. Don't wait for the crypto mania to kick in before attempting to sign up. If not, you may not get be able to sign up at all.

On choosing reliable exchanges, users can refer to Blockchain Transparency Institute as a guide. The list includes exchanges with suspected wash trading activity.

On a final note, your list is incredibly detailed and we like it. Wish we could merit you but we don't have any. We previously did an article on cryptocurrency exchange safety which had not covered some of the points you raised. Would get down to updating our article in the future and would provide full credits back to your opening post.

Thanks.


Thank you very much for your useful insights. I will add your suggestions to my list today.
If anybody has more great information such as these above please share so we can make the best guide ever possible
full member
Activity: 1120
Merit: 200
Turkish Translator
Useful information regarding security, thank you. I support KYC when it comes to secure trading and if possible, I always check teams' experiences to make sure.
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
Hey OP great list! Some suggestions...

Diversify as much as possible. Trade across multiple exchanges for large sums. You may save on transaction fees by trading on a single exchange but this comes with risks. Example would be what happened to this guy. He sent funds to Quadriga and sought to withdraw them immediately but wasn't able to do so.

Diversifying also means signing up for multiple exchanges before hand so that you have plenty of options on hand. Don't wait for the crypto mania to kick in before attempting to sign up. If not, you may not get be able to sign up at all.

On choosing reliable exchanges, users can refer to Blockchain Transparency Institute as a guide. The list includes exchanges with suspected wash trading activity.

On a final note, your list is incredibly detailed and we like it. Wish we could merit you but we don't have any. We previously did an article on cryptocurrency exchange safety which had not covered some of the points you raised. Would get down to updating our article in the future and would provide full credits back to your opening post.

Thanks.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10

any reason why you'd go with those listed from you?
Huobi as an example is one of the largest exchanges, and lists almost as many coins as Binance.
and is cheaper than Binance (and Liqui for that matter)

why not stick with the big exchanges?


My educated guess would be that those small exchanges are popular with the lesser-known tokens.
hero member
Activity: 2366
Merit: 838
For the OP, crypto mania,

Firstly, I give you a round of applause for the helpful topic.
Secondly, I have a recommendation for you on the way you quoted others' posts.
For your next posts, you should avoid over-quotes or pyramid quotes to keep the topic clean, and easily to follow discussion as well as flow of ideas.
Avoiding over- or pyramid- quotes also help to protect forum users' fingers (because without pyramid quotes, they don't have to over scroll their computer or laptop mouses by their fingers and get them hurted).
There is my topic on tips to avoid pyramid quote:
Tips for newbies, who want to avoid over-quoting

For example, you can easily see how DdmrDdmr quoted and joined the discussion.
legendary
Activity: 2170
Merit: 1789
This could be a fake ad because hacker says that he has KYC data from Kraken, Bittrex, Poloniex and there was no information from these exchanges about hacked KYC data.

There is no way they'd publicly disclosed it if they don't even know their database has been hacked. It's quite easy for ICO project to get KYC actually, especially from greedy bounty hunters who don't mind sending their identity over the internet to somebody else. In fact, I see it myself that a team from bounty management might still have access to your KYC (if they don't have strict management policy). So it's not surprising if somebody sells them in the black market.

Also exchanges with false trading volumes, simply to attract investors, it's a bad sign and enough for me to stay away

So you use Forkdelta only? Or did you believe Binance has 100% legit volumes?
member
Activity: 154
Merit: 24
The future of security tokens
I always make sure to usd popular exchanges, the ones that have real volume and is widely used.
I never trade on new exchanges or any one that looks fishy or has any sort of negative feedback.this is one way I stay away from scan exchanges
Also exchanges with false trading volumes, simply to attract investors, it's a bad sign and enough for me to stay away
legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold

I've always check their volume and if they need KYC for a very small transaction, because I have bad for two exchanges just for withdrawing my 10 usd worth of token, I have to pass the KYC.
exactly good point. I understand that KYC is needed when the exchange is fully regulated. You are right that some of the exchanges are misusing KYC and take advantage of it. One can never know if KYC which is asked to do is really needed because of regulators or because of the exchange self.

Lately, there are already started to pop up on the dark web sell offers with KYC data from major exchanges.

 I will not share the link to the source to not advertise hackers if somebody wants to know more can search on google.

This could be a fake ad because hacker says that he has KYC data from Kraken, Bittrex, Poloniex and there was no information from these exchanges about hacked KYC data.

Let's hope this was a bad joke.
member
Activity: 476
Merit: 92
...why not stick with the big exchanges?

Sometimes I have tokens (bounty, airdrop) which are listed only on this scammy exchanges and that is why sometimes one has to be dealing with them.
Anyways during all these years and many problems along the road (look at the list), I was never hacked and finally always get paid (took 8 months once).
This is why I know that this guide works for everybody just stick to those few points and You will be relatively safe.
member
Activity: 742
Merit: 11

I've always check their volume and if they need KYC for a very small transaction, because I have bad for two exchanges just for withdrawing my 10 usd worth of token, I have to pass the KYC.
newbie
Activity: 14
Merit: 1
I am impressed with the level of explanation and guidance that have been given here on exchanges. I will take a cue from it and avoid mistakes when dealing with exchanges. Thank you
hero member
Activity: 1680
Merit: 655
I have been doing the things you have mentioned constantly but before doing those I am focused on doing a background check on the exchange itself first. Doing a quick search in Google you will see if the exchange you are planning to trade with is either reliable or not. You will see a lot of past complaints, scandals, and even confirmed scams which will alert you with red flags on stepping away from that site. Even the big names in the industry there is nothing wrong on doing background checks as you might find something new that you won't like if your trade with their platform.
BQ
member
Activity: 616
Merit: 53
CoinMetro - the future of exchanges
If any exchange have something bad happens to me, this shows that it is not worthy of my trust. Once I withdraw, I will never go there again.
Exchanges that has been blacklisted by me:(These are my personal views, others may not think so)
FatBTC:No withdrawal channel after the token is removed.
Liqui:Change deposit address many times.
stocks: Withdraw fee too high. it is very very high.
yobit: Too many scam coins,and service attitude is very bad.
FCoin: Price manipulation, liar.
CoinBene:Too many MLM coins, and some of which are their own.

For the beginners, 3 points of advice.
1. Deposit security is always the first,So choose only those exchanges with good reputation, such as binance,Huobi. At least they won't swindle your money.
2. Be cautious about unfamiliar exchanges,especially for exchanges that you have not heard of, if you want to deposit, please be sure to deposit a small amount first.
3. Before depositing, it is important to check whether the address is accurate. If it is an ERC20 token, you need to check whether the contract address are consistent. I used to deposit the same name token. Unfortunately, they are different tokens, so my token is lost.

any reason why you'd go with those listed from you?
Huobi as an example is one of the largest exchanges, and lists almost as many coins as Binance.
and is cheaper than Binance (and Liqui for that matter)

why not stick with the big exchanges?
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
Very nice guide and great suggestions. I also want to say few words. Some exchanges have sms 2FA which aren't very safe. Always use Google 2FA if possible and don't forget to backup your recovery code. Once I had problem on Bittrex. I didn't cared much about security and someone hacked my account. And hacker added his 2FA on my Bittrex account and I wasn't able to login. Fortunately support helped to recover my account and hacker wasn't able to withdraw my money. Since then I always use 2FA on exchanges.
And one point which wasn't mentioned by you, related to phishing scams. We often see various giveaways of BTC or ETH on social media posted with name of famous exchange. But it's always posted from fake accounts. Exchanges aren't giving money for free, these fake giveaways are made only to scam people.
member
Activity: 476
Merit: 92
I will add a suggestion about KYC.

Don't send your documents scans to an unknown exchange especially when you will be dealing only with cryptocurrencies.

There are plenty of decentralized and P2P exchanges which are capable to do this same with lower fees and full anonymity.

These shady exchanges ask for your documents only to scam you later by selling them or even worse they will use it to hack you.

Not a joke with this hack because a friend of mine was hacked lately 2 days after the first time he sends documents to an unknown crypto exchange only to be able to lift crypto withdrawal limits.

This exchanges do it on purpose and remember that they have a lot of info about you and the capacity of your wallet.

Don't forget that your documents and all additional info this exchanges already have (emails, phones, addresses, coin holdings, etc.) about you combined together are a very solid tool for an attacker.

This is also a valid suggestion @wwzsocki. Thank you for input. I will add this one too.

I thought that P2P and decentralized exchanges will change the crypto landscape when there where all this new peer to peer exchanges ICO's running last year. As we see they haven't disrupted anything because people need the possibility to withdraw at some point in FIAT, I assume.

What are your thought about this exchanges?
legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
I will add a suggestion about KYC.

Don't send your documents scans to an unknown exchange especially when you will be dealing only with cryptocurrencies.

There are plenty of decentralized and P2P exchanges which are capable to do this same with lower fees and full anonymity.

These shady exchanges ask for your documents only to scam you later by selling them or even worse they will use it to hack you.

Not a joke with this hack because a friend of mine was hacked lately 2 days after the first time he sends documents to an unknown crypto exchange only to be able to lift crypto withdrawal limits.

This exchanges do it on purpose and remember that they have a lot of info about you and the capacity of your wallet.

Don't forget that your documents and all additional info this exchanges already have (emails, phones, addresses, coin holdings, etc.) about you combined together are a very solid tool for an attacker.
member
Activity: 476
Merit: 92
<…>
Just a quick note regarding 2FA on exchanges: while it is very important to add in my opinion, we must also be wary about the security of the 2FA itself, keeping the backup codes for every exchange we protect with 2FA (and better still, use Authy as a 2FA due to it’s backup capabilities).

Recently I encountered a case on my local board of a person who has 2FA all around, and had his phone stolen. He didn’t have the backup codes to each 2FA protected exchange, and spent many hours trying to remove 2FA on each exchange/site and reinstall it with his new phone. One exchange in particular is a real pain: Hitbtc. The security measures are really high when it comes to trying to disable 2FA after a theft/loss, and you need to prove a bunch of things: IdCard, photos, videos with written specific text, Hash of TXs that served to load assets onto Hitbtc (this can be quite difficult to retrieve), a lot of headaches and time, and the issue is still ongoing after weeks.

In summary: Activating 2FA on exchanges is a yes, but extra care of keeping the backup codes.


Thank you very much for your support @DdmrDdmr.

I will add this suggestion to my guide because I think is a really important one.

This example you provided is exactly what I am afraid of lately.

I am using personally 2FA overall when possible. I have so many codes on my phone that I scroll sometimes a few seconds to find the right one.

I try to have all codes saved and backup but I just can't stop thinking how many hours this will take to recover all these accounts if anything happens with my phone and how not secure is to store this codes all over the computer, phone, tablet, etc. in my case.

I know that sometimes I haven't saved any code when enabling 2FA because there was no code provided. I was sure that in such a situation the main google codes are enough to recover 2FA on each account but lately when I started to write this guide, I learned that this is not the case and 2FA is not so secure especially when on the phone.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
<…>
Just a quick note regarding 2FA on exchanges: while it is very important to add in my opinion, we must also be wary about the security of the 2FA itself, keeping the backup codes for every exchange we protect with 2FA (and better still, use Authy as a 2FA due to it’s backup capabilities).

Recently I encountered a case on my local board of a person who has 2FA all around, and had his phone stolen. He didn’t have the backup codes to each 2FA protected exchange, and spent many hours trying to remove 2FA on each exchange/site and reinstall it with his new phone. One exchange in particular is a real pain: Hitbtc. The security measures are really high when it comes to trying to disable 2FA after a theft/loss, and you need to prove a bunch of things: IdCard, photos, videos with written specific text, Hash of TXs that served to load assets onto Hitbtc (this can be quite difficult to retrieve), a lot of headaches and time, and the issue is still ongoing after weeks.

In summary: Activating 2FA on exchanges is a yes, but extra care of keeping the backup codes.
member
Activity: 476
Merit: 92
Just try to keep this thread alive because is a useful guide for crypto beginners especially when they start to use exchanges.

If you have your own additional security checks or have any tips/suggestions on how to improve this guide then share and I will be happy to use it.
legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
Just try to keep this thread alive because is a useful guide for crypto beginners especially when they start to use exchanges.

If you have your own additional security checks or have any tips/suggestions on how to improve this guide then share and I will be happy to use it.


You are right is a very good guide and is worth to keep it visible. It would be nice if people share their appreciation and comment to bump it further.

I have merited you too because I think is just not right that such helpful guides are not merited at all when other members get 50 merits for one line comments.
member
Activity: 476
Merit: 92
There are a few easy steps when dealing with an exchange to be safe:

- Add 2FA authentication to your account and any other available security measures like anti-phishing password, etc.
- Always triple check everything, especially coin info page if available, addresses, amounts, fees...
- Never deposit your entire stack in one transaction.
- Send first small amount and check if everything works (transfer, trading, withdrawal).
- If everything works still continue with smaller amounts (smaller amounts equals smaller headache).  
- Withdraw each time before next deposit.
- Never leave your coins on the exchange.
- Always remember this is not a wallet and is not secure.
- Never use exchange addresses for bounty or airdrop payments.
- Check exchange social media pages, especially Twitter and Facebook before trading, deposit, withdraw, etc.(read new complaints and which coins to avoid).
What I always do in checking with the exchange is always double or triple check the website url, you might get phish if you're using the wrong one. Honestly, I always use the exchanges that are on coinmarketcap.com, in that way you can avoid scam exchanges. And always add 2FA authentication to your account if possible because it is very important security measure that everybody uses.

Thank you very much for your suggestion. You are of course right and this is very important to check URL and bookmark it for later.

Added as the second point in my guide because you can be in real deep shit when using phishing exchange URL.
member
Activity: 616
Merit: 18
📱CARTESI 📱INFRASTRUCTURE FOR DAPPS
There are a few easy steps when dealing with an exchange to be safe:

- Add 2FA authentication to your account and any other available security measures like anti-phishing password, etc.
- Always triple check everything, especially coin info page if available, addresses, amounts, fees...
- Never deposit your entire stack in one transaction.
- Send first small amount and check if everything works (transfer, trading, withdrawal).
- If everything works still continue with smaller amounts (smaller amounts equals smaller headache).  
- Withdraw each time before next deposit.
- Never leave your coins on the exchange.
- Always remember this is not a wallet and is not secure.
- Never use exchange addresses for bounty or airdrop payments.
- Check exchange social media pages, especially Twitter and Facebook before trading, deposit, withdraw, etc.(read new complaints and which coins to avoid).
What I always do in checking with the exchange is always double or triple check the website url, you might get phish if you're using the wrong one. Honestly, I always use the exchanges that are on coinmarketcap.com, in that way you can avoid scam exchanges. And always add 2FA authentication to your account if possible because it is very important security measure that everybody uses.
member
Activity: 476
Merit: 92
This is not the first time that something bad happens to me on an exchange when depositing/withdraw or trade coins/tokens. I try to avoid this exchanges next time but some of the coins/tokens are listed or have a decent volume only there.

There are a few easy steps when dealing with an exchange to be safe:

- Add 2FA authentication to your account and any other available security measures like anti-phishing password, etc.
- Always triple check everything, especially coin info page if available, addresses, amounts, fees...
- Never deposit your entire stack in one transaction.
- Send first small amount and check if everything works (transfer, trading, withdrawal).
- If everything works still continue with smaller amounts (smaller amounts equals smaller headache). 
- Withdraw each time before next deposit.
- Never leave your coins on the exchange.
- Always remember this is not a wallet and is not secure.
- Never use exchange addresses for bounty or airdrop payments.
- Check exchange social media pages, especially Twitter and Facebook before trading, deposit, withdraw, etc.(read new complaints and which coins to avoid).

This list is growing every time I have a new problem with an exchange so it will be updated frequently  Wink.

Already experienced all kinds of issues but luckily I was always able to withdraw. Sometimes with a big loss after a few months from the deposit.
Support works slow and they need almost 2 months on Cryptopia to answer the ticket of course with an automated message.

- When dealing with support try to wait (don't create multiple tickets).
- Try to get help using their official social media pages (sometimes works great, sometimes not).
- Be polite, don't lose your temper, provide all docs they ask.
- Don't give up when they say "no" be persistent if you think you are right and start all over again (took me 5 support tickets to resolve my case, 4 times rejected in a row).

Avoid small not established exchanges if you don't have to trade there. If we all stop using this scammy exchanges they will finally have to do something.
This will be an exit scam or they evolve and become a trusted exchange. With some volume, they make a lot of money on fees and listings and don't need to scam their clients additionally.

I hope my first guide/tutorial will help to save a few coins/tokens.

Hi crypto mania,

Great initiative!

We have recently written a Guide on Cryptocurrency Security Measures. Anything in there that you find helpful and would like to include in this thread? That would of course make us very happy.

All the best,
Cryptowisser


Thanks, Cryptowisser. Of course, I will add anything that could be useful.

If you think that there is a matching content from yours please don't hesitate to provide here and will add after review.

We can create a super guide if we merge threads together and later manually rewrite the content. It would be nice to create a guide nobody forget and members will show as an example.

If you want to talk about shoot me a PM or just write here.


jr. member
Activity: 252
Merit: 4
This is not the first time that something bad happens to me on an exchange when depositing/withdraw or trade coins/tokens. I try to avoid this exchanges next time but some of the coins/tokens are listed or have a decent volume only there.

There are a few easy steps when dealing with an exchange to be safe:

- Add 2FA authentication to your account and any other available security measures like anti-phishing password, etc.
- Always triple check everything, especially coin info page if available, addresses, amounts, fees...
- Never deposit your entire stack in one transaction.
- Send first small amount and check if everything works (transfer, trading, withdrawal).
- If everything works still continue with smaller amounts (smaller amounts equals smaller headache).  
- Withdraw each time before next deposit.
- Never leave your coins on the exchange.
- Always remember this is not a wallet and is not secure.
- Never use exchange addresses for bounty or airdrop payments.
- Check exchange social media pages, especially Twitter and Facebook before trading, deposit, withdraw, etc.(read new complaints and which coins to avoid).

This list is growing every time I have a new problem with an exchange so it will be updated frequently  Wink.

Already experienced all kinds of issues but luckily I was always able to withdraw. Sometimes with a big loss after a few months from the deposit.
Support works slow and they need almost 2 months on Cryptopia to answer the ticket of course with an automated message.

- When dealing with support try to wait (don't create multiple tickets).
- Try to get help using their official social media pages (sometimes works great, sometimes not).
- Be polite, don't lose your temper, provide all docs they ask.
- Don't give up when they say "no" be persistent if you think you are right and start all over again (took me 5 support tickets to resolve my case, 4 times rejected in a row).

Avoid small not established exchanges if you don't have to trade there. If we all stop using this scammy exchanges they will finally have to do something.
This will be an exit scam or they evolve and become a trusted exchange. With some volume, they make a lot of money on fees and listings and don't need to scam their clients additionally.

I hope my first guide/tutorial will help to save a few coins/tokens.

Hi crypto mania,

Great initiative!

We have recently written a Guide on Cryptocurrency Security Measures. Anything in there that you find helpful and would like to include in this thread? That would of course make us very happy.

All the best,
Cryptowisser
member
Activity: 476
Merit: 92
If any exchange have something bad happens to me, this shows that it is not worthy of my trust. Once I withdraw, I will never go there again.
Exchanges that has been blacklisted by me:(These are my personal views, others may not think so)
FatBTC:No withdrawal channel after the token is removed.
Liqui:Change deposit address many times.
stocks: Withdraw fee too high. it is very very high.
yobit: Too many scam coins,and service attitude is very bad.
FCoin: Price manipulation, liar.
CoinBene:Too many MLM coins, and some of which are their own.

For the beginners, 3 points of advice.
1. Deposit security is always the first,So choose only those exchanges with good reputation, such as binance,Huobi. At least they won't swindle your money.
2. Be cautious about unfamiliar exchanges,especially for exchanges that you have not heard of, if you want to deposit, please be sure to deposit a small amount first.
3. Before depositing, it is important to check whether the address is accurate. If it is an ERC20 token, you need to check whether the contract address are consistent. I used to deposit the same name token. Unfortunately, they are different tokens, so my token is lost.

Thanks for sharing this scammy exchanges. I have quoted you to be sure that your post stays visible even if deleted somehow.

Exactly that is why I wrote this guide to share some useful info about exchanges and tips on how to avoid problems.

If every member shares something useful in this thread we will finally have the best guide ever written  Wink
member
Activity: 476
Merit: 92
If any exchange have something bad happens to me, this shows that it is not worthy of my trust. Once I withdraw, I will never go there again.
Exchanges that has been blacklisted by me:(These are my personal views, others may not think so)
FatBTC:No withdrawal channel after the token is removed.
Liqui:Change deposit address many times.
stocks: Withdraw fee too high. it is very very high.
yobit: Too many scam coins,and service attitude is very bad.
FCoin: Price manipulation, liar.
CoinBene:Too many MLM coins, and some of which are their own.

For the beginners, 3 points of advice.
1. Deposit security is always the first,So choose only those exchanges with good reputation, such as binance,Huobi. At least they won't swindle your money.
2. Be cautious about unfamiliar exchanges,especially for exchanges that you have not heard of, if you want to deposit, please be sure to deposit a small amount first.
3. Before depositing, it is important to check whether the address is accurate. If it is an ERC20 token, you need to check whether the contract address are consistent. I used to deposit the same name token. Unfortunately, they are different tokens, so my token is lost.

Thanks for sharing this scammy exchanges. I have quoted you to be sure that your post stays visible even if selected somehow.

Exactly that is why I wrote this guide to share some useful info about exchanges and tips on how to avoid problems.

If every member shares something useful in this thread we will finally have the best guide ever written if summarised together.
member
Activity: 476
Merit: 92
I never had any issue yet on using cryptopia before and I think you must add 2FA authentication in your cryptopia account to protect your account from being compromised and always use a unique password to protect your account from other websites or email.

I use Cryptopia to exchange some bounties and to exchange my mining coins because some coins that I mining is only supported on Cryptopia and until now I still using it without any problem.

You are right added 2FA to my guide, thanks.


-snip-
Like I said:

"I try to avoid this exchange but some of the coins are listed or have a decent volume only there".

Why? I don't see any reason to avoid using this exchange.

Lucky you but as you can see I had quite a few problems when using this exchange. Of course few of them were my own fault like not checking the coin page and status of cryptocurrencies before use/transfer and many others/additional issues because of Cryptopia fault.

Like I said this guide is for every exchange and I would be happy to read it before my first deposit on Cryptopia.
legendary
Activity: 1638
Merit: 1046
-snip-
Like I said:

"I try to avoid this exchange but some of the coins are listed or have a decent volume only there".

Why? I don't see any reason to avoid using this exchange.
legendary
Activity: 1638
Merit: 1046
I never had any issue yet on using cryptopia before and I think you must add 2FA authentication in your cryptopia account to protect your account from being compromised and always use a unique password to protect your account from other websites or email.

I use Cryptopia to exchange some bounties and to exchange my mining coins because some coins that I mining is only supported on Cryptopia and until now I still using it without any problem.
member
Activity: 476
Merit: 92
I think the best solution is if you don't like that exchange is to never use it if you always face a problem there. I'm sure there's another exchange that also trade the cryptocurrency you have. Why would you still use the exchange if you always had a problem with their exchange?, the answer would be find another exchange and never use that again.

Like I said:

"I try to avoid this exchange but some of the coins are listed or have a decent volume only there".
member
Activity: 168
Merit: 47
False Moon
If any exchange have something bad happens to me, this shows that it is not worthy of my trust. Once I withdraw, I will never go there again.
Exchanges that has been blacklisted by me:(These are my personal views, others may not think so)
FatBTC:No withdrawal channel after the token is removed.
Liqui:Change deposit address many times.
stocks: Withdraw fee too high. it is very very high.
yobit: Too many scam coins,and service attitude is very bad.
FCoin: Price manipulation, liar.
CoinBene:Too many MLM coins, and some of which are their own.

For the beginners, 3 points of advice.
1. Deposit security is always the first,So choose only those exchanges with good reputation, such as binance,Huobi. At least they won't swindle your money.
2. Be cautious about unfamiliar exchanges,especially for exchanges that you have not heard of, if you want to deposit, please be sure to deposit a small amount first.
3. Before depositing, it is important to check whether the address is accurate. If it is an ERC20 token, you need to check whether the contract address are consistent. I used to deposit the same name token. Unfortunately, they are different tokens, so my token is lost.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
I think the best solution is if you don't like that exchange is to never use it if you always face a problem there. I'm sure there's another exchange that also trade the cryptocurrency you have. Why would you still use the exchange if you always had a problem with their exchange?, the answer would be find another exchange and never use that again.
member
Activity: 476
Merit: 92
This is not the first time that something bad happens to me on an exchange when depositing/withdraw or trade coins/tokens.
I try to avoid these exchanges next time but some of the coins/tokens are listed or have a decent volume only there.

There are a few easy steps when dealing with an exchange to be safe:

- Add 2FA authentication to your account and any other available security measures, such as the anti-phishing password for email, pin, additional security questions.
- Before logging in, double-check the URL of the site and bookmark it.
- Always check everything three times, especially the current information page (if available) for information: currently which coins/tokens should be avoided, if maintenance is carried
   out or if there are any other problems, for example with synchronization, addresses, fees, times, etc.
- During the transaction itself (purchase/sale, withdraw or deposit), use the triple check rule to check amounts, addresses, etc.
- Never deposit everything in one transaction.
- Send a small amount first and check if everything works (transfer, trade, withdrawal, confirmation).
- Continue depositing smaller amounts (smaller amounts mean less headache if something goes wrong).
- Withdraw each time before the next deposit, if possible.
- Never leave your coins or tokens on the exchange, because is not intended for that.
- Always remember that the exchange is not a wallet and is not secure.
- Never use exchange addresses for payments for bounty or for air-drops, mining, etc.
- Check exchange on google and their social network pages, in particular: Twitter, Facebook. Search for new complaints about coins or tokens, scam accusations, etc.
- Be careful about the security of 2FA itself, keep the backup codes for each 2FA secured exchange (use Authy as 2FA due to the possibility of backups).
- TOTP for 2FA (you scan a QR code by Authy or a similar program which is implementing TOTP according to the specification in RFC 6238) it is a much better solution than
  authentication by means of incoming codes via SMS because it is not difficult to take over a phone number.
- Do not send scans of documents for KYC to an unknown stock exchange immediately after registration, usually, it is not necessary to trade only with cryptocurrencies.
- Diversification is very important. Trade on a few exchanges if possible because trading on one is associated with the risk of losing all capital.
- When selecting an exchange, you can use the Blockchain Transparency Institute as a guide. The list includes exchanges with suspicious trading and money laundering
  activities.
- Register on several exchanges, so you have plenty of options available. Do not wait for the crypto mania to run before attempting your registration. Sometimes you can not have an
  opportunity at all.
- When you scan your KYC documents for verification, make a copy first and write the exchange URL or name on the document this will prevent or make it harder for hackers to use it.
- Avoid small not established exchanges if you don't have to trade there.

This list is growing every time I have a new problem with an exchange so it will be updated frequently  Wink.

I already experienced all kinds of issues but luckily I was always able to withdraw. Sometimes with a big loss after a few months from the deposit.
Support sometimes works slow and needs almost 2 months to answer a ticket, of course with an automated message.

When dealing with support

- While contacting customer service, try to wait at least the minimum response time, often they inform about the minimum time to reply (do not create multiple tickets).
- Try to get help on the official social media website (Twitter, Facebook) if available (sometimes it works great, sometimes not).
- Use various contact options such as chat, phone, WhatsApp or Skype if available.
- Be polite, do not lose your patience, provide all the documents, they ask for (even if you have to send this same document several times).
- Do not give up when they say "no", be persistent (if you are right) and start from the beginning. Sometimes another agent will help you (they are just people and often make mistakes).

I hope my first guide will help to save a few coins/tokens or a headache.


@wwzsocki the author of the main version has published lately this post in polish language https://bitcointalksearch.org/topic/bezpieczestwo-na-giedzie-i-rady-dotyczce-obsugi-klienta-5119320
Jump to: