Topic: Reminder: Your funds are NOT safe in third-party wallets (Read 505 times)

All Custodial Exchanges hold private key on your behalf which means that the wallet is no longer yours. Thus it is always better to use non-custodial exchange.

Few tips to self guard your funds:

• Use hardware wallets to store your funds. Few good hardware wallets are Trezor, Ladger nano S
• Do not leave your funds in Exchange
• Use non-custodial Exchange to buy or trade. Few good Non-custodial Exchanges are: Changelly.com, CoinSwitch.co, Shapeshift etc.,
• Try to use a separate phone to manage 2FA and keep it offline
• Double check the address before you click on transfer. As  there are malwares that change the address.

Please add if I missed few points.

As much as this is true, feel safer != safer. I get that a lot of people would prefer to use centralized services for peace of mind/convenience, but that's exactly what these kinds of posts advocate against. These third parties are taking over the responsibility of taking care of your coins for you, yes, but in the event that you lose your coins, you'll find that most of them would say that it's not their responsibility. If they're not going to do anything in case of losses, and they're the least secure of all safekeeping options, what's the point?

Not everyone wants to be their own bank, but not many of them know that it's easy. People can do whatever they want at the end of the day, but I feel that it's important for them to know the implications of their actions.

Enough cannot be said on this issue really and for sure people will still leave their coins on exchanges for reasons ranging from convenience to cost of transaction fees, moving the coins in and out.
Really there are trusted exchanges, and one can afford to trust to a certain extent, but even though,leaving coins in there could be risky, but yet understandable
When it becomes foolish is when you leave your coins in an exchange that's yet to gain any sort of ground in the cryptocurrency world, then the risk is more and it's best you move them either to your wallet or exchanges with the best form of security

Generally if your funds are not in your wallet you are at a risk no matter where your funds are.
Always apply caution when it come with your funds

Another possible scenario for keeping some assets on an exchange is due to the aggregate amount being small, and the withdrawal fees representative in relation to the amounts held at the exchange. Additionally, some of the assets may not be exportable to the current user’s wallets, and would require installing specific wallets for some of those assets. Also, on occasions, the withdraws have associated limitations (i.e. minimum amounts).

These factors should not be an obstacle when the assets on the exchange add up to a fair share, but as I said, for smaller amounts they may lead one to leave them there for not being worth the hassle/withdrawl cost.

I have heard users saying they keep funds on wallets on exchanges because they are involved in daily trading. They don't feel like moving the funds out because they are afraid to miss a good opportunity. During the time it takes to deposit the funds and them being credited into your account one could miss the window to make profit. This is understandable but still dangerous due to the many hacking incidents that several exchanges have experienced.

Even if you store up your assets on an exchange, you still have access to it, and in your scenario can be tortured to give it up. Only when you assets is on an exchange it can also be stolen without any negligence from your end. I would say it is much safer with you, and safely in a wallet, preferably a hardware wallet.

Yes we know of this and this is good for other users to get an idea to avoid depositing their crypto in a third party website like online exchange wallets. This is really vulnerable hi jacking and the hi jackers could take all your money in the exchange. The sad thing is that you could not ask for any replacement, refund or insurance for.the loss.

I agree with you about that we can't expect something it could possibly happen even if you think you're money is safe but it's totally not. The risk is always there, people who have bad intentions is also there so we should not be inhabited.

Thanks for the input and the provided source, looking at the chart I'm wondering about the same thing, either 27% is wrong or the pie chart they provided, unless 27% is the percentage that is the final result of another comparison though I'm not seeing anything else regarding that, these all kind of makes me doubt the validity of data they provided whatever that might be, it's not that hard to draw a simple chart or get the numbers right...

Looks like 45% to me for the exchanges slice and ~20% for the consumers one:

I was trying to find some stats that would break-up the amounts stolen from exchanges vs those stolen from our private wallets, in order to get a sense of the magnitude of each. I stumbled upon a report by a cybersecurity company called "Carbon Black 2019 global threat report", wherein it contains s section specifically on Cryptocurrency attacks. In summary, the reports states:

-   Crypto thefts during 2018 amounted around 1.8 billion USD.

-   Out of all crypto related attacks, 27% were exchange related (there is a chart on the report that breaks crypto attacks by families of Exchange, Business, Government and Consumers where the Consumers segment is about half the size of the Exchanges segment, although the size of the segments on the chart do not match correctly when compared to the alleged 27% of attacks on exchanges).

-   Monero is now used in 44% of all attacks (Fortnite now accepts Monero in its merchandising store, but I don’t get where they get the 44% from).

Source (a pdf): https://www.carbonblack.com/wp-content/uploads/2019/01/carbon-black-global-threat-report-year-of-the-next-gen-cyberattack-012419.pdf

Although exchanges are the primal target for attacks, home kept personal wallets are not a small sum, and, as we know. Keeping personal security up around a hostile anonymous environment is paramount to ensure that the mantra that states that it is best to keep your personal keys that have your crypto on an exchange lives up to its name.

Those who don't want to be their own bank, are sure to be the first to mention that the exchange or third-party wallet is scam and all that attempt to blame someone for an error of his own.

Nothing is better than having control over your funds, even if it is not 100% secure. I transfer to the exchange only when I want to trade and I withdraw quickly...

I agree that not everyone wants to be their own bank. And even the ones that does want, doesn't want to hold all their money by themselves.

But the idea to remove funds from exchanges is that it's much safer.

So security of your device is that much weak to copy the clipboard of you.But copy clipboard is not like just you mentioned,while you are login to not trusted site they may copy what you have on clipboard and can steal your private keys if you have on it and access you wallets later.

Your own wallet can be accessed by hackers using many different tecnique or strategy by hackers. Examples like clipboard hijacking in which hackers are able to change the information you copy like wallet address and when you paste the wallet address is not the same as you copy and they able to take you cryptos when someone got hijacked and trying to send btc to someone.

only software wallet or even online wallet but you must be in control of private key of address you have, only that guarantees you control over your coins, letting 3rd party to do that, is putting trust in this 3rd party and bitcoin was designed to be able to not need to trust anybody other than yourself

You are right but the true essence of crypto wont really fit out yet entrusting your funds will be most likely with fiat banks.Nothing is really safe but
holding your funds with your own wallet do really gives out some convenience compared to other.

Exactly, furthermore reputation of exchange implies not a great deal, there always a way an exchange could get compromised. In case, we should be mindful to deal such of exchange. Store coins yourself, offline wallet where you hold your private keys.

@VB1001 was compiling a nice list of hacked exchanges between 2011 and 2019 (see List Exchanges Hacked 2011 / 2019). Some of the names on the list may actually surprise us, since they are still up and running and many of us are unaware of the fact that they got hacked to some extent in the past (i.e Poloniex, Bitfinex). A few of the cases were covered by the exchanges themselves, whilst others led to the end of its existence.

Of course the other side of the coin is not a guaranteed safe haven either: people lose their crypto even if they are in control of their private keys for multiple reasons: hardware failures, hard drive formatting, software hack, keyloggers, fake wallets, etc. Of course, a great part is down to how responsible one is, but yet we see cases regularly of some sort of issue or other that leads to plenty of people losing their crypto assets.

It looks like anyone can open an exchange at moment. There isn’t any legal licence or security to protect customers, right now it is still free market, and we take our own risk to put our fund on the exchange. I am totally agree we need to carefully select which exchange to invest and don’t put everything on one exchange, the best safest way off course is to store your fund in your own wallet.

Nothing is ever 100% safe, even with your private keys hidden someone can physically attack you and torture you until you give them up.  In some cases people feel safer with a 3rd party.  Not everyone wants to be their own bank.

One of those reasons is due to fact they can't find a single wallet to hold all their coins/tokens because they invested in multiple shitprojects from misunderstanding the concept, "Don't keep all your eggs in one basket" not knowing it's ever worst when you keep your eggs in multiple unsafe baskets all in the name of investing in multiple source of income when technically they're investing in one (cryptocurrency investment).

Before we start advicing newbie to stop storing their coins on exchange, they have to first be educated on investing wisely.

Did you even read that wall of text ? or you just read the title and assumed it could be replaced with that one liner ?

The whole purpose of this thread is not about me just telling others not to use exchange wallet as a bank, but to give them reasons why it's absolutely necessary not to do so.

This is "beginners and help" section and many are new to all of this, I believe every single one of them should know the reason/reasons as to why they should listen and follow these advices they hear all over the forum.


Thanks for the insight but I pointed this out in the OP :

They didn't forget those exchanges hacked in history. It's just that they used exchanges because of various purposes e.g buy,sell,deposits, withdraw,convert,less hassle trades etc.

There are lots of reasons why people used exchanges. Remember that not all people does have the same purpose of holding coins for long period. They already understand the risks so to minimized that they will stick to those reputable ones. We can't just say to people to stay away from exchanges but instead give them some enlightment about all the associated risks they will faced once they put money on exchange.

For holding purposes for quiet long period, obviously it's basic that people should not used an exchange wallet.

You can replace all this wall of text for:
Remove your money from exchanges and put them in a wallet where you hold your private keys.

This is probably among the most basic things which anyone that uses cryptocurrencies should know, if it's not in your personal wallet it's not yours yet, as simple as that, but surprisingly enough there are actually people that really think that their tokens/coins are totally safe in exchanges, if you ask those people why are they so sure and feel safe, most of them will probably just say because they trust the exchange or something like that.

Seems to me some people tend to forget previous incidents regarding exchanges getting hacked rather quickly, BitGrail hack that during the incident millions of XRB(Rebranded and known as nano now) got removed from their wallet and the cryptopia hack that happened recently and it wasn't even this exchange's first time that experienced an incident like this and then again people trusted this exchange enough to keep their funds on there, why would anyone trust an exchange with all those previous fishy incidents (like the time when they were having something around 1 month or even more for a simple withdarawal action) and such really?

I'm not talking about the amount that you are trading daily or weekly obviously, this is about medium/long term holds, the tokens, coins or even stable coins that you're not going to exchange them anytime soon, so just don't go ahead and put your life savings on exchanges and use them as a bank no matter how trusted and reputable that exchange is, you can only use your personal wallet (preferably offline) as some kind of a bank, even if we assume that one exchange is really trusted and they're not going to go offline the next hour or tomorrow there's still a chance (even if it's really low) that the exchange that is trusted by you and many others just gets hacked and all your funds on there goes poof.