A crypto exchange is a marketplace that matches buyers and sellers of digital assets — and it’s where a lot of people get into trouble without realizing it. Underneath the simple premise are custody risk, regulatory identity checks, fees, and a history of platforms taking customer funds down with them when they failed. Understanding those pieces before you sign up anywhere matters more than the signup itself.
What an exchange actually does
In traditional finance, a stock exchange connects buyers and sellers of shares. A crypto exchange does the same for digital assets: you arrive with dollars (or euros, or won), the platform finds a counterparty, and you leave with Bitcoin, Ether, or whatever you traded for — minus a fee.
Most exchanges also act as a custodian. When you buy crypto on a centralized platform, it doesn’t automatically land in a wallet you control. The exchange holds it on your behalf, the same way a brokerage holds your stocks. You see a balance in your account; the actual asset sits in the platform’s wallet. That distinction matters enormously, and we’ll get to why.
Centralized exchanges (CEX): the familiar model
A centralized exchange is run by a company. Think of it as the bank branch of crypto: staff, compliance teams, customer support, and a terms-of-service agreement you click through.
What they offer:
- Fiat on-ramps — you can deposit dollars or euros directly, often by bank transfer or card
- High liquidity, meaning large orders fill quickly without moving the price much
- Customer support (variable in quality, but it exists)
- Familiar interface — order books, charts, and account dashboards most traders recognize
What they require:
- Identity verification (KYC) — more on this below
- You trust the company with your funds
As of 2026, centralized exchanges still dominate global trading volume. DEXs account for roughly 12–20% of global spot trading depending on market conditions, per industry research; CEXs handle the rest. For most beginners, CEXs are the first stop because they accept fiat currency and have onboarding flows designed for non-technical users.
Decentralized exchanges (DEX): no middleman
A decentralized exchange runs on smart contracts — self-executing code deployed on a blockchain. There’s no company in the middle holding your funds. You connect a wallet you control, the contract handles the swap, and the coins land back in your wallet.
What that looks like in practice:
- No account to create, often no KYC
- You keep custody of your assets throughout the trade
- Trades happen on-chain, visible to anyone
- You can access tokens that haven’t been listed on any CEX
The trade-offs:
- No fiat on-ramps — you need crypto to start, which means a CEX first anyway for most people
- Thinner liquidity on many pairs, especially newer tokens
- Smart contract risk — bugs in the code can be exploited; bridges between chains have been a recurring attack surface
- Gas fees (network transaction fees) are paid on top of the exchange’s own fee
Many experienced users settle on a hybrid approach: use a regulated CEX to convert fiat into crypto, then move assets to a personal wallet and use DEXs for specific swaps. Neither model is universally safer; they carry different risks.
Why exchanges ask for your ID (KYC explained)
KYC stands for Know Your Customer. It’s a legal requirement, not a platform quirk.
Regulators worldwide classify crypto exchanges as financial service providers subject to anti-money laundering (AML) laws. In the EU, the Markets in Crypto-Assets Regulation (MiCA) required full authorization for Crypto-Asset Service Providers by July 1, 2026, with mandatory KYC and ongoing transaction monitoring built in. In the US, FinCEN requires exchanges to operate a Customer Identification Program and comply with the Bank Secrecy Act. Starting in 2026, US exchanges must also issue Form 1099-DA to users, reporting capital gains to the IRS — which only works if they know who their customers are.
The enforcement picture has sharpened: in the first half of 2025, regulators issued 139 fines totaling $1.23 billion for AML, KYC, and sanctions violations — a 417% increase in value compared to the same period in 2024, according to compliance industry data.
A typical KYC process involves:
- Submitting a government-issued photo ID (passport, driver’s license)
- Proof of address (utility bill, bank statement)
- A selfie or short liveness-check video
- Sometimes, a source-of-funds declaration for larger deposits
Verification timelines vary — some exchanges process in minutes, others take days. Unverified accounts usually face strict limits on deposit amounts and withdrawal caps.
If a platform claims to require no KYC and accepts large fiat deposits, that’s a flag worth pausing on. It may be unregistered, operating outside regulated jurisdictions, or both. “We don’t ask questions” is only appealing until you need someone to ask questions on your behalf.
The custody risk: “not your keys, not your coins”
This is the section that matters most.
When your crypto sits on an exchange, you don’t hold the private keys — the exchange does. You have a contractual claim to those assets, not direct possession. If the exchange fails, freezes withdrawals, or is hacked, you are typically an unsecured creditor in a bankruptcy proceeding. That means waiting years, and often receiving only cents on the dollar.
This is not theoretical. History is specific, and for anyone who has watched this space long enough, it’s also repetitive:
- In 2022, FTX — at the time one of the largest exchanges in the world — collapsed within days after it emerged that customer funds had been commingled with a related trading firm. Roughly $8 billion in customer funds disappeared. Customers became unsecured creditors; the criminal case against the founder ended in a decades-long prison sentence.
- Also in 2022, Celsius and Voyager froze withdrawals and entered bankruptcy. The Federal Reserve Bank of Chicago counted five major platform failures that year, affecting approximately $46.5 billion across 4.3 million users.
- In February 2025, exchange Bybit suffered the largest cryptocurrency theft on record: approximately $1.5 billion in ETH stolen by attackers the FBI attributed to North Korea’s Lazarus Group. Bybit survived the incident and covered losses, but it was a stark reminder that even large, established platforms face catastrophic security events.
Crypto held on an exchange is not covered by FDIC or SIPC insurance. There is no government backstop.
Self-custody — moving assets off an exchange into a wallet where you hold the private keys — eliminates counterparty risk. It introduces its own responsibility: lose your seed phrase, and there’s no recovery option. The Crypto Wallets Explained post on this site covers the mechanics of how wallets work and how to back them up safely.
How exchange fees work
Fees are how exchanges make money, and they compound faster than most new users expect. The main categories:
Trading fees (maker/taker): Most CEXs use a maker/taker model. A “maker” places a limit order that sits in the order book; a “taker” fills an existing order. Takers usually pay slightly more. Fee rates vary widely:
- Some major platforms charge 0.1% or less per side on standard trades
- Consumer-facing, beginner-friendly interfaces often charge 0.4%–0.6% or more at the base tier
- High-volume traders can negotiate lower tiers or use native-token discounts
Withdrawal fees: Every time you move crypto off an exchange, there’s typically a network fee (paid to miners/validators) plus possibly a platform fee on top. These vary by asset and by which blockchain network you’re withdrawing on. On a congested network, withdrawal costs can exceed the value of small transactions.
Spread: Simpler apps that don’t show order books often bake their margin into the buy/sell spread rather than a visible fee. The price you buy at and the price shown on a market tracker won’t match — that difference is the cost.
Deposit fees: Bank transfers are usually free; card purchases often carry a 1.5%–3.5% surcharge because card networks charge the exchange.
Before trading, check the full fee schedule, not just the headline trading rate.
What to look for in a regulated exchange
This is not a recommendation of any specific platform. It’s a list of things to check before trusting any exchange with funds.
Regulation and licensing. Is the exchange registered with a financial regulator in your jurisdiction? In the EU, MiCA authorization. In the US, FinCEN registration and, where applicable, state money-transmitter licenses. In the UK, FCA registration. A regulated exchange is not risk-free, but operating outside regulation removes a layer of accountability entirely.
Proof of reserves. Since FTX, many reputable exchanges publish regular attestations from independent auditors confirming they hold assets to match customer balances. Look for this. Absence of any reserve transparency is a warning sign.
Asset segregation. Customer funds should be kept separate from the company’s operating capital. This is both a regulatory requirement in many jurisdictions and the most basic protection against an FTX-style commingling scenario.
Withdrawal controls. Understand the limits: daily caps, whitelisting of withdrawal addresses, and two-factor authentication requirements. These protect you from unauthorized withdrawals if your account is ever compromised.
Security track record. No exchange is unhackable, but how a platform has responded to past incidents matters. Did they cover user losses? Were they transparent? Did they improve their security posture afterward?
Fee transparency. Can you find the full fee schedule easily? Are withdrawal fees published per asset? Platforms that obscure fees typically aren’t making them lower.
For more on the broader landscape of risks — scams, phishing, and social engineering that often start at or imitate exchanges — see how to avoid crypto scams.
FAQ
Do I have to verify my identity to use a crypto exchange? On any regulated centralized exchange, yes. KYC is a legal requirement under AML frameworks in the EU (MiCA), US (Bank Secrecy Act), UK (FCA), and most other jurisdictions. Decentralized exchanges generally don’t require identity verification, but they also don’t accept fiat currency — you need crypto already in a wallet to start.
What happens to my crypto if an exchange goes bankrupt? You typically become an unsecured creditor, meaning you join a queue behind secured lenders and have no guarantee of full recovery. The FTX bankruptcy, for example, took years to resolve partial repayment. Crypto on an exchange is not FDIC- or SIPC-insured. Moving assets to a self-custody wallet eliminates this specific risk.
Is a DEX safer than a CEX? Different risks, not simply “safer.” A DEX removes counterparty and custody risk — the exchange can’t steal your funds. But smart contract bugs and bridge exploits have caused significant losses on DEXs, and there’s no customer support if something goes wrong. A CEX adds counterparty risk but also provides a more controlled environment for beginners. Understanding crypto wallets is essential before using a DEX.
What’s the difference between a trading fee and a gas fee? A trading fee is charged by the exchange for executing your trade. A gas fee is a network fee paid to the blockchain’s validators for processing the transaction — it’s separate, varies with network congestion, and exists whether you’re on a DEX or withdrawing from a CEX. Both come out of your pocket.
Browse more plain-English crypto explainers in the Crypto section, starting with What Is Cryptocurrency? for the fundamentals. About the author — Theo is a developer who has followed crypto since the early days and writes about it without the hype. Not a financial advisor; just here to explain how things work.