There are many reasons why you should never store crypto on exchanges.

Not your keys, not your crypto

Simple rule. If you control the keys, it’s your bitcoin. If you don’t control the keys, it’s not your bitcoin. Your keys? Your bitcoin. Not your keys? Not your bitcoin. Andreas Antonopoulos

When your crypto is on an exchange you do not control the private keys. Thus, you should never store an amount greater than what you can afford to lose on an exchange.

Lack of regulatory oversight

The maximum amount of time I have left currency, crypto or fiat, on an exchange is 15 minutes. Andreas Antonopoulos

This is understandable considering how most exchanges lack the security architecture of banks. Lack of funding or regulations has contributed to this. For example, only 39% of fiat-supporting crypto exchanges hold an operating license. Thus, funds stored on them are more susceptible to theft and fraud.

The absence of regulations has led to surprising ways in which losses have happened. One such example would be the death of Quadriga CX CEO, Gerald Cotten who supposedly passed on a trip to India. What’s surprising was that Gerald was the sole owner of passwords to customer funds. As a result, hundreds of millions of customer funds remain inaccessible.

Attractive target to hackers

Exchanges contain vast stores of crypto and are thus prime targets for hackers. The threats from hackers continue to be very real as recent incidents have shown.

Custody risk

Another risk of leaving your funds on exchanges? Custody Risk. One Binance user holding 1.2k BTC found this out the hard way after the blocking of his account.

Recently, exchanges like Gemini have announced they have acquired digital assets insurance. Should you then store your crypto on such exchanges? Personally, we would not. Gemini’s policy does not protect against all forms of loss on their exchange as shown below. Emphasis ours.

Our policy insures against the theft of Digital Assets from our Hot Wallet that results from a security breach or hack, a fraudulent transfer, or employee theft. Our policy does not cover any losses resulting from any unauthorized access to your User Account . You agree and understand that you are solely responsible (and you will not hold us responsible) for managing and maintaining the security of your User Account login credentials.

Before we end this section, here are some thoughts from cybersecurity firm Group IB in their 2018 report on cryptocurrency exchanges.