Exchange Risk

Exchange risk encompasses several distinct failure modes: insolvency (exchange operates fractional reserves and can't cover withdrawals), fraud (executives misuse funds, as in FTX), hacking (exchange hot wallets are compromised), regulatory seizure (exchange is shut down by governments), and technical failure (exchange bugs or errors cause fund loss). All of these have occurred at major exchanges: Mt. Gox (Bitcoin's largest exchange) lost 850,000 BTC (~$450M at the time, $50B+ at peak prices) to hacking in 2014. Quadriga CX's founder reportedly died with the only exchange keys in 2019, trapping $190M. FTX misappropriated $8B+ in customer funds for Alameda Research trading in 2022.

'Not your keys, not your coins' is the foundational principle: if you don't hold the private keys, you don't truly own the crypto. Exchange account balances are IOUs — claims on the exchange's reserves. When Celsius Network, BlockFi, Voyager, and FTX all failed in 2022, users discovered their 'balances' were unsecured creditor claims in bankruptcy, not actual crypto. Recovery varied from partial to nothing. Crypto held in self-custody (private keys in your control) cannot be touched by exchange failure.

For users who must use centralized exchanges (unavoidable for fiat on/off ramps, certain derivatives, high-frequency trading), risk mitigation includes: Proof of Reserves verification (check if the exchange publishes cryptographic attestations of its reserves — though even these can be manipulated as FTX demonstrated), keeping only trading amounts on exchange (withdraw to cold storage after buying), diversifying across multiple regulated exchanges, and preferring regulated exchanges in strong jurisdictions (Coinbase US, Kraken US/EU, Bitstamp EU).