When buying and selling cryptocurrency, you’ll probably want to get set up with either a broker or a cryptocurrency exchange. If you opt for a broker, then be sure to check out the best crypto brokers, but here we’re going to take a look at crypto exchanges, revealing which are the safest and most secure to use.
Both of these allow you to trade crypto tokens, with the key difference being that brokers as traditional financial service providers are operating in a heavily regulated environment as compared to crypto exchanges where this safety net is almost completely missing. Hence one of the most important things within the crypto ecosystem is to stay and keep your crypto ‘SAFU’. (a cryptocurrency term that means that assets are safe).
One of the main missions of BrokerChooser is to help people to find the financial service provider most suitable to their needs and to bring clarity and transparency to the selection process. We feel that, as compared to the traditional financial services sector, people excited about crypto are way more in need of help and guidance in order to stay ‘SAFU’.
Apart from the ‘Virtual Markets Integrity Initiative Report’ published by the Office of the New York State Attorney General (which was important, well designed but limited in scope), to date we have not seen a comprehensive assessment of the different safety features of crypto exchanges.
In addition, relying on different ‘trust scores’ or ‘exchange scores’ on popular and well-known pricing and data aggregator websites like CoinMarketCap or CoinGecko also carries risks stemming from potential conflict of interest issues.
These websites are either owned and/or operated by crypto exchanges (CoinMarketCap) or often compensated for the customers they generate and send via affiliate links to crypto exchanges, so these so-called rankings often involve sub-optimal vetting from a safety and soundness standpoint.
Hence it is important to note that BrokerChooser is neither in an affiliate marketing relationship with nor earning compensation, commission or any form of inducement from the exchanges included in our ranking.
Zoltan Kormanyos, head of legal at BrokerChooser said of our research: “To help investors navigate the risky and mostly unregulated world of crypto exchanges, we have analyzed in-depth 20 of the largest crypto exchanges ranking them according to our proprietary safety methodology (see details below) ranging from regulation and market fairness to consumer protection and transparency.”
Crypto Exchange Safety Index
The safest crypto exchanges overall
1. Coinbase - Overall safety score: 4.1 / 5
The safest crypto exchange overall is Coinbase, which is also the largest crypto exchange in the US by trading volume.
Coinbase was ranked as a tier 1 exchange for the majority of sub-categories and is well known for its robust security features.
For example, Coinbase holds an insurance policy covering clients’ digital assets that it holds and stores U.S dollar balances in Federal Deposit Insurance Corporation (FDIC)-insured bank accounts separately from its own funds.
The only two factors where Coinbase was placed in tier 3 were hacking incidents and restrictions on proprietary trading, having seen multiple recent hacks and also stating in their trading rules that they trade their own corporate funds on Coinbase.
2. FTX US Derivatives - Overall safety score: 4.0 / 5
In second place is FTX US Derivatives, formerly known as LedgerX, a digital currency futures and options exchange and clearinghouse.
FTX US Derivatives is regulated by the Commodity Futures Trading Commission (CFTC) which sees it fall into tier 1 for the majority of the factors in our index.
While it scored highly for each of the other pillars, FTX US Derivatives was somewhat let down when it comes to transparency, with a score of 2.3, offering little to no financial or legal transparency and complex products.
3. Bitstamp - Overall safety score: 3.8 / 5
Completing the top three safest crypto exchanges is Bitstamp, a UK-Luxembourg-based exchange that also allows trading between crypto and fiat currencies.
Bitstamp keeps 98% of assets offline in cold crypto storage, which is the most secure form of crypto storage as it is protected from potential hacking breaches.
The exchange also offers simple, straightforward products, hasn’t experienced any regulatory incidents in the last five years and has an added layer of protection with a crime insurance policy covering theft, and also uses two-factor authentication and address whitelisting.
4. Bittrex - Overall safety score: 3.7 / 5
Two exchanges are tied in fourth place, the first of which is Bittrex. Bittrex is a well-established exchange that has been around since 2014.
Bittrex scored particularly well when it comes to market fairness, with a perfect score of 5 / 5 and has a number of advanced security features to help protect your funds.
For example, the majority of user funds are kept in cold storage, with other measures such as two-factor authentication and wallet and IP address whitelisting.
On top of this, they also provide their users with guidance on best practices such as how to keep your password secure, avoid phishing attacks and disable your account if hacked.
5. Gemini - Overall safety score: 3.7 / 5
Also achieving a score of 3.7 out of 5 is Gemini, which has the New York State Department of Financial Services (NYDFS) as its principal regulator.
The majority of funds on Gemini are held in an offline, air-gapped cold storage system, with all USD balances in segregated bank accounts covered by the Federal Deposit Insurance Corporation (FDIC) insurance.
The platform also offers additional security features for institutional traders and insures its wallet against security breaches and fraudulent actions by relying on a solution called captive insurance.
While these are the safest crypto exchanges around, if you choose to opt for a broker, be sure to check out the best crypto brokers to ensure you choose a reliable option.
Crypto Exchange Safety Index
The safest exchanges for regulation
FTX US Derivatives, Gemini & Kraken Futures: 5 / 5
Three exchanges scored a perfect score of 5 out of 5 when it came to regulation: FTX US Derivatives, Gemini & Kraken Futures.
All of these exchanges are based in a tier 1 country, possessing tier 1 regulatory licenses, and haven’t had any formal investigation resulting in a regulatory action by their regulators in the last five years.
Crypto Exchange Safety Index
The least safe exchanges for regulation
KuCoin & Bybit: 1 / 5
However, two exchanges (KuCoin and Bybit) scored just 1 out of 5 when it came to regulation, the lowest possible score.
Both of these exchanges are unregulated and have had regulatory investigations against them recently. KuCoin was issued a court order in Singapore in March 2020, and faced regulatory action in Ontario and also a class-action lawsuit in the US in April 2020.
As for Bybit, they are currently undergoing a regulatory investigation in Canada about operating an unregistered crypto asset trading platform.
Crypto Exchange Safety Index
The safest exchange for consumer protection
Gemini: 4.8 / 5
When it comes to consumer protection, no exchange scored a perfect 5 out of 5, but the best performing exchange in this regard was Gemini, with 4.8.
Gemini offers a high level of protection for both crypto and fiat holdings, hasn’t experienced a hacking incident in the last five years and has sophisticated systems and processes in place to ensure operational resiliency.
Crypto Exchange Safety Index
The least safe exchange for consumer protection
OKX: 1 / 5
The worst performing exchange for protecting its users is OKX, the only exchange to score just 1 out of 5 for this pillar.
OKX offers no information about how they protect either crypto or fiat holdings and have had two major hacking incidents recently.
In the first, in October 2017, around $3 million worth of crypto was stolen, with $5.6 million being taken in a separate incident in August 2020.
Crypto Exchange Safety Index
The safest exchanges for market fairness
FTX US Derivatives & Bittrex: 5 / 5
Two exchanges got full marks when it comes to the pillar of market fairness: FTX US Derivatives and Bittrex.
Both of these exchanges have appropriate policies in place to restrict proprietary trading and employee trading and either provide fairly detailed coin listing criteria on their websites or potential issues arising from coin listing are not relevant in their case (e.g. at FTX US Derivatives).
Crypto Exchange Safety Index
The least safe exchange for market fairness
OKX, Gate.io & Bybit: 1 / 5
Again, OKX and Bybit come out as the worst performing exchanges in this pillar, although they are joined by Gate.io too when it comes to market fairness, with each scoring the minimum score of 1 out of 5.
On top of having no credible information about measures in place against prop trading and employee trading (or detailed coin listing criteria), each of these exchanges also issues their own utility tokens and uses and makes available shady stablecoins on their platform.
Crypto Exchange Safety Index
The most transparent exchange
Coinbase: 4.8 / 5
Transparency is key to ensuring that consumers feel protected and for this pillar, Coinbase was once again the top-ranking exchange.
As one of the world’s biggest crypto exchanges, Coinbase does a good job of making information readily available to the public in terms of its corporate structure, financial statements and legal documents as well as having a relatively simple product offering.
Crypto Exchange Safety Index
The least transparent exchange
Binance, OKX, KuCoin, Gate.io, Bybit, Phemex: 1 / 5
A large number of exchanges scored poorly when it comes to a lack of transparency, with six different exchanges all scoring just 1 out of 5 for this factor.
This means that they all offer limited or no information about their finances and products, or that the information that they do offer isn’t credible, or is too complex for the average consumer to understand.
Crypto Exchange Safety Index
FRAMEWORK AND SCORING
- Our safety methodology is built on the following four main pillars: regulation, consumer protection, market fairness and transparency.
- Each of these pillars contains four sub-categories, to give 16 sub-categories in total.
- Each sub-category consists of several qualitative and/or quantitative factors trying to grasp key aspects of each such sub-category.
- Each sub-category is then divided further into three different TIERs and crypto exchanges are ranked and assigned to a particular TIER.
- Best performing crypto exchanges were assigned to TIER 1 and given 5 points out of 5, crypto exchanges with ‘average’ results were assigned to TIER 2 and given 3 points out of 5 and worst-performing crypto exchanges were assigned to TIER 3 and given 1 point out of 5.
- Given that assessments here might involve judgment calls and deal with elements that are hard to quantify, there is a subjective overwrite mechanism built into the methodology allowing one extra point either to be added to or deducted from an exchange falling between two TIERs.
- Points received based on TIER rankings for each sub-category within each pillar are added together and divided by four (the number of sub-categories within each pillar) resulting in an average score (on a scale of 1 to 5) for each pillar.
- Then such average scores are also added together and divided by four again (the number of pillars), given that (like sub-categories) pillars are also equally weighted.
- As a result, we get a comparable final safety score for every exchange.
Jurisdiction: an internal list of 50 jurisdictions was created by using indices published by the World Justice Project, the World Bank, the United Nations and Transparency International (all of them focusing on different aspects of the countries’ regulatory environment and justice system). Crypto exchanges established and/or operating from a country within the top 25 countries got a TIER 1 designation, crypto exchanges established and/or operating from a country falling between the 26th and 50th on our list went to TIER 2 and crypto exchanges established and/or operating from a country not included in our list went to TIER 3.
License: reference point of the assessment here is the EU regulatory regime. Deemed equivalency might be established when an entity established and/or operating within a TIER 1 or TIER 2 jurisdiction is also subject to authorisation, supervision (conduct, prudential etc.) corresponding to the relevant EU regulatory regime and is authorised to perform relevant investment and ancillary services a defined under the EU regulatory regime. TIER 1 category here consists of crypto exchanges that are holding a MiFID II or equivalent license, TIER 2 category includes crypto exchanges operating as payment service providers or e-money issuers holding a PSD2 or equivalent license and unregulated entities and entities where there was no information found went to TIER 3.
Regulatory incidents: mean either ongoing investigations launched by a government agency, authority or other official body having jurisdiction over the crypto exchange and/or its owners, directors, officers, employees etc. or any regulatory fine or sanction imposed on a crypto exchange and/or its owners, directors, officers, employees etc. by such entities. TIER 1 category here consists of crypto exchanges where there were no ongoing investigation(s) and/or regulatory fines, other sanctions in the last 5 years, TIER 2 category includes crypto exchanges where there were no ongoing investigation(s) but regulatory fine(s), other sanction(s) with minor implications were imposed in the last 5 years and crypto exchanges where there were either ongoing investigation(s) or regulatory fine(s), other sanction(s) with major implications in the last 5 years went to TIER 3. Differentiation between minor and major implications is to be made on a reasonable basis taking into account all the relevant circumstances and available information.
Membership in self-regulatory organizations (SROs): because there is no uniform regulatory regime for the crypto industry, SROs might play an important role in shaping future regulatory agendas by participating in discussions with regulators and policymakers. Hence we decided to include them in our methodology. We have selected nine SROs based on a number of criteria including number of members; their legal status; composition of their board/leadership and their documented involvement in rulemaking and/or policy discussions about regulation concerning the crypto ecosystem. TIER 1 category here consists of crypto exchanges with memberships in multiple self-regulatory organisations, TIER 2 category includes crypto exchanges with membership at least in one self-regulatory organisation and crypto exchanges with no membership or no public information about membership(s) went to TIER 3.
CONSUMER PROTECTION PILLAR
Protection for crypto holdings: as traditional deposit insurance schemes are not covering crypto assets, commercial, captive or other self-made insurance solutions are trying to fill the gap. TIER 1 category here consists of crypto exchanges holding commercial and/or captive insurance policies, TIER 2 category includes crypto exchanges operating with self-made insurance solutions (i.e. internal consumer protection funds being basically a pool of certain segregated crypto assets maintained and controlled by such exchanges on the blockchain) and crypto exchanges where either no credible information available or no insurance is being provided went to TIER 3.
This sub-category is not relevant at pure derivatives exchanges like Kraken Futures or FTX US Derivatives where either no or fairly minimal crypto asset is actually being held (as margin) on behalf of customers hence such entities automatically received TIER 1 categorization given that consumer protection issues resulting from the lack or inadequacy of the available protection do not arise in their case.
Protection for fiat holdings: this factor is measuring the level of consumer protection for fiat assets held at a given crypto exchange on behalf of customers (but also providing useful information about banking relationships of such crypto exchanges). TIER 1 category here consists of crypto exchanges where there is (pass-through) deposit insurance (meaning that the exchange is holding client money segregated from its own at banks participating in deposit insurance schemes), TIER 2 category includes crypto exchanges where deposit insurance is not available and it is clearly communicated to customers and entities where no credible information found went to TIER 3.
Hacking incidents: the term ‘hacking incident’ covers any successful attack against the systems of a crypto exchange whether it resulted in a monetary loss, loss of crypto-assets and/or loss of customer data or other data leakage. We have compiled publicly available data about hacking incidents going back to the Mt. Gox hack in 2014 and calculated the average dollar amount of the losses resulting from these hacks for each year and then for the entire period between 2014 and April 2022. When calculating the average, we have assigned zero value to hacks which resulted “only” in data loss/data leakage or where the lost amount was not disclosed. The loss which is either equal to or greater than 50% of such average amount (2014-2022) will be taken as an incident having a major implication and anything less than this threshold will be taken as an incident having a minor implication. TIER 1 category encompasses crypto exchanges where there were no incident and/or no successful hacking attack in the last 5 years, TIER 2 category includes crypto exchanges suffered a hacking incident with minor implications in the last 5 years and entities suffered either a hacking incident with major implications or multiple hacking attacks in the last 5 years went to TIER 3.
Operational resiliency: covering the following aspects: (i) having a trade surveillance system in place (to monitor trading activity and fight market manipulation), (ii) having a bug bounty programs or penetration testing (to continuously test safety and resiliency) (iii) having third party security assessment and certification (to obtain verification from a credible and independent source) and (iv) having a business continuity/disaster recovery plan. TIER 1 category encompasses crypto exchanges having four out of four elements in place, TIER 2 category includes crypto exchanges having three out of four elements in place and entities with two or fewer elements in place went to TIER 3.
MARKET FAIRNESS PILLAR
Restrictions on exchange proprietary trading: in case crypto exchanges engage in proprietary trading on their own venue this means that a customer’s order to buy or sell crypto could have been filled not by another customer, but by a “trading desk” run by the crypto exchange itself, trading on behalf of the crypto exchange for its own account. As compared to the traditional financial sector there is much less guarantee to ensure that such trading desks do not have an informational advantage over customers. This risk does often materialize within contractual terms when allowing such trading for profit to happen. However, it is possible that crypto exchanges might act as market makers submitting both buy and sell orders for the same assets in order to promote liquidity. Such activity is common in the traditional securities marketplace, particularly in broker-operated alternative trading systems but it requires a significant commitment to customer protections and transparency to remain in compliance with applicable laws and there is way less transparency in the crypto sphere. In addition, when a significant percentage of the volume in one or more crypto assets on a venue is attributable to one source, customers face the risk that the availability of liquidity in those assets could change, without notice and at any time, including when liquidity is needed most – namely, in times of market turmoil which calls into question whether the market for crypto on those platforms is as robust as customers might believe it to be. TIER 1 category encompasses crypto exchanges where clear and detailed information / confirmation about such restrictions can be found on the exchange’s website, TIER 2 category includes crypto exchanges where some information is publicly available outside the website but not enough to have a satisfactory answer as whether such practice is prohibited or not and entities where either no restriction is imposed or no credible information available at all about such restrictions went to TIER 3.
Restrictions on employee trading: another feature that distinguishes crypto exchanges from traditional securities markets is that owners and employees can trade directly on their own platforms which is another potential source of conflict of interest. TIER 1 category encompasses crypto exchanges where clear and detailed information/confirmation about restrictions on employee trading can be found on the exchange’s website or can be obtained from a credible source, TIER 2 category includes crypto exchanges where some information is publicly available outside the website but not enough to have a satisfactory answer whether there is a restriction imposed on employee trading or not and entities where either no restriction is imposed or no credible information available at all about such restrictions went to TIER 3.
Coin listing criteria/asset framework: in the majority of the cases crypto exchanges are compensated for listing crypto assets. As of today, there are no regulatory standards for determining whether a particular virtual asset can or should be listed on a trading platform, it is important to have a look at what internal rules are governing this activity at crypto exchanges. TIER 1 category encompasses crypto exchanges having clear and detailed information/methodology on the website either as a standalone document or part of standard documents, TIER 2 category includes crypto exchanges having some information on the website but not enough to have a satisfactory overview/understanding about the listing rules/asset framework and entities where either no information or no credible information available went to TIER 3.
This sub-category is not relevant at pure derivatives exchanges such as Kraken Futures or FTX US Derivatives where no coin is listed hence such entities automatically received TIER 1 categorization given that issues resulting from the lack of or a non-transparent coin listing criteria/asset framework do not arise in their case.
Exchange issued utility tokens and ‘shady’ stablecoins: utility tokens carry a potential conflict of interest issues resulting from their different functionalities as they can be (i) ‘gas tokens’ fuelling transactions within different ecosystems, (ii) ‘crypto flavoured loyalty tokens’ granting discounts on trading fees and (iii) instruments you can trade like altcoins. However, the vast majority of such utility tokens only imitate crypto as they are issued entirely privately, traded on different exchanges and the issuer crypto exchanges control almost everything about them and they tend to work however issuers need them to at the time. Large portions of such utility tokens are owned by the issuers’ founding team (increasing the risk of insider trading) and some of these tokens are also used to back internal consumer protection funds. ‘Shady stablecoins’ mean stablecoins where either no or minimal credible information is available about the assets backing them (for example available auditor attestations about underlying assets do not seem to be published on a regular (i.e. monthly) but rather on an ad hoc basis, accounting firms providing them changed several times in the last couple of years and/or there are also proven cases when their issuers made false representations about the availability of underlying assets. TIER 1 category encompasses crypto exchanges where neither utility token nor stablecoin is issued by the crypto exchange (and/or its affiliate) and listed on the crypto exchange, TIER 2 category includes crypto exchanges where only own stablecoin (with credible information about the assets backing such coin) is issued by the crypto exchange (and/or its affiliate) and also listed on the crypto exchange and entities where either own utility token or shady stablecoin is issued by the crypto exchange (and/or its affiliate) and also listed on the crypto exchange went to TIER 3.
This sub-category is not relevant at pure derivatives exchanges such as Kraken Futures or FTX US Derivatives where no utility token and/or shady stablecoin is listed hence these entities automatically received TIER 1 categorization given that issues resulting from the issuance and/or use of their own utility token and/or shady stablecoin do not arise in their case. As part of the subjective overwrite mechanism where there is a possibility for derivative products to be either settled and/or margined in shady stablecoins, one point was deducted.
Corporate transparency: covering the availability of sufficient information about a crypto exchange’s (i) foundation date, (ii) corporate structure, (iii) ownership structure and (iv) senior management on such crypto exchange’s own website. TIER 1 category here consists of crypto exchanges where 3 out of 4 of information is publicly available on the exchange’s website, TIER 2 category includes crypto exchanges where 2 out of 4 of information is publicly available on the exchange’s website and entities where 2 or less information out of 4 is publicly available on the exchange’s website went to TIER 3.
Financial transparency: means the availability of a crypto exchange’s audited financial statements and/or annual or half-yearly reports and/or other equivalent financial information. TIER 1 category here consists of crypto exchanges where these documents are publicly available on the exchange’s website, TIER 2 category includes crypto exchanges where financial information is published on the exchange’s website but is not audited and entities where these documents are not available went to TIER 3.
Product transparency: looks at the product spectrum offered by crypto exchanges and follows ‘the simpler the better’ approach by relying on empirical evidence about retail investors’ vulnerability to significant decision making weaknesses and biases, having a limited ability to monitor risks. Keeping in mind that this is the case in the traditional financial sector then it can be assumed that the problem is all the more prevalent within the crypto ecosystem which is way less regulated and continuously makes available complex and largely unregulated products. There is a sharp contrast here with the sophisticated product oversight regime (e.g. under MiFID II) which used to cover and regulate the whole product life-cycle along with liability aspects. TIER 1 category here consists of crypto exchanges with simple and relatively easily understandable product offerings (mostly buying and selling crypto on the spot market), TIER 2 category includes crypto exchanges with intermediate product complexity (e.g. spot crypto and other relatively simple products like simple staking, earning and/or properly regulated tokenized traditional financial instruments (for example tokenized shares) and entities with complex product offering (e.g. spot crypto and various crypto derivatives, leveraged tokens, earning, staking, liquidity farming, crypto loans, crypto savings account, NFTs etc.) went to TIER 3.
Our internal minimum criteria looks into whether key customer contract(s) contain clear and detailed provisions about (i) contracting legal entity acting on behalf of the crypto exchange as well as the capacity in which is acting, (ii) governing law (must be the law of a TIER 1 or TIER 2 jurisdiction), (iii) dispute resolution where arbitration is not the only option for the customer and (iv) terms of the key customer contract must be fair and transparent (the legal basis for transparency and fairness assessment is the UK Consumer Rights Act 2015 (and associated CMA guidance).