Critical Flaws in Binance and Other Crypto Exchanges

For most of 2022, financial news has been filled with stories about big losses across all asset classes. But one of the biggest losers has been cryptocurrencies like Bitcoin and Ethereum. This has led to many investors reconsidering their allocations to cryptocurrency. I don’t recommend cryptocurrencies as an investment for any of my clients, but the topic does come up occasionally. But let’s set aside any recommendation I have about cryptocurrencies themselves. I’d like to bring up a recommendation I have about the various methods of cryptocurrency investing. In short, I strongly recommend against using an online exchange such as Binance to invest in cryptocurrencies.

an example of a mobile investing platform like Binance

Keeping your keys private is Rule #1 for crypto

I won’t get into the nuts and bolts of cryptocurrencies (which I have done here). Let me just say, maintaining control of the private keys for your cryptocurrency is central to the entire crypto philosophy. The base principle of Bitcoin is that the holder of a private key is the indisputable owner of the Bitcoins. If you ever hand your private keys over to anyone else, including a “trusted” 3rd party, you are handing over ownership rights to that currency that are completely equal to your own rights.

Mt. Gox, the old Binance

Let’s say you manage your cryptocurrencies through an exchange like Binance. If Binance gets compromised, including by the FBI, anyone who gains access to your private keys can now spend your currency. There is no Customer Support line you can call to reverse the transaction. If this sounds far-fetched to you, consider Binance’s spiritual predecessor, Mt. Gox.

Mt. Gox was the equivalent of Binance in 2014, handling over 70% of bitcoin transactions. That year, hackers stole 750,000 BTC owned by its clients and 100,000 BTC owned by the firm. I write “hackers”, but it’s entirely possible this was an “inside job”. This represented about 7% of the entire bitcoin market. There was essentially no recourse for users. There is nothing preventing the same thing happening at Binance.

De-anonymizing anonymous currencies

Apart from that, signing up for an exchange like Binance means tying all of your cryptocurrency activity to your own personally identifiable information. This is a far cry from the anonymous cipher punk origins of the entire asset class.

Crypto exchange client assets might not be ring-fenced

Apart from the risk of a malevolent actor, exchanges like Binance also expose their clients to bankruptcy risks. I doubt many exchange users are aware of this risk.

In a normal bank or securities brokerage, client-owned securities are ring fenced in a special legal area of the firm. If the firm goes into a bankruptcy proceeding, these assets are completely safe from the firm’s creditors. These creditors include unpaid employees, unpaid vendors, and other financial institutions that have lent the firm money. So if you hold your securities with a broker that goes bankrupt, you don’t have to get in line to get paid. Getting in line could risk delaying your funds and potentially lowering your recovery value. Instead, the firm returns investments to clients before the bankrupt firm starts to reorganize or liquidate.

Somewhat shockingly, Coinbase (another crypto exchange), in their most recent quarterly report, noted that this ring-fencing might not legally apply to their firm. These types of firms are new and haven’t ever gone through a restructuring. So, it’s not clear how bankruptcy courts would handle this. Coinbase stock value plummeted when this report came out.

Is there a better way to store crypto?

So what’s the alternative? I recommend any cryptocurrency investments to be managed with something called a cold wallet. A cold wallet is a specialized computer device, about the size of a thumb drive. It generates cryptographic key pairs for almost any currency you’d like to invest in, and it keeps those private keys safe on a device that only you control.

They are less user friendly than other key management options, but are still fairly simple if you follow the very clear instructions that come in the box. In particular, you have to be very careful about securely storing the recovery passphrase that you generate at first use. In fact, from a technical point of view, the passphrase itself is the key to your keys, more so even than the cold wallet device. Two of the most popular cold wallets are Trezor and Ledger. Both are great! I use a Trezor One.

Leave a Reply

Your email address will not be published. Required fields are marked *