NEOAcademy
Lv 100
Security BasicsLesson 7 of 9

Should you leave crypto on an exchange?

An exchange is easy and has a support line, but they hold the keys. Your own wallet is harder and has nobody to call, but the funds are really yours. A practical look at when each one is the right choice.

7 min read4 quiz questions +1 +10 on pass

Almost every crypto journey starts the same way. You sign up to an exchange, prove who you are, send some money, and buy a small amount of something. The exchange shows your balance in a clean app, you can sell back to local currency with a few taps, and customer support exists if anything goes wrong. It feels like a normal financial product.

And for many uses, that is the right starting point. The question this lesson is about is when, and how much, to move off the exchange into a wallet you actually control. The answer is not "always" and it is not "never." It is a practical line that depends on how much you hold and how long you plan to hold it.

Who actually holds the crypto?

When you "buy bitcoin on an exchange," you are not really getting bitcoin sent to your wallet. The exchange owns the actual bitcoin and adds a credit to your account in their internal database. When you sell, the credit goes away and they pay you cash. The crypto, in the technical sense, never moves to you unless you withdraw it to a wallet you control.

This is called custodial holding. They hold the keys; you hold an IOU. It is the same model as a regular bank: when your balance says $1,000, the bank does not have a literal $1,000 with your name on it; you have a claim against the bank for $1,000. As long as the bank is healthy, the claim is as good as cash. When the bank fails, the claim is what it is worth.

Custody options, end to end
  1. Exchange custody
    they hold the keys
  2. Custodial wallet
    a company still holds them
  3. Self-custody hot wallet
    you hold them, online
  4. Self-custody hardware wallet
    you hold them, offline

"Not your keys, not your coins"

This is the most repeated phrase in crypto for a reason. If you do not control the keys, you do not really own the coins. You own a promise from the company that holds the keys. The promise is usually fine. Sometimes it is not.

The clearest example of why this matters: in late 2022, FTX, the second-largest crypto exchange in the world, went from "well-respected" to bankrupt in a week. Customer funds had quietly been used internally for things that lost a lot of money. When customers tried to withdraw, withdrawals were blocked, and then the platform was insolvent. Several million people lost some or all of what they had on the exchange.

FTX is not unique. Mt. Gox in 2014, Celsius and BlockFi in 2022, QuadrigaCX in 2019, and many smaller examples. Some recovered partial funds for users years later. Some never did. In every case, the people who had moved their crypto to self-custody before the collapse were fine. The people who had not lost access to their crypto, often permanently.

What an exchange is good for

This is not an argument that exchanges are bad and self-custody is good. Both have a place. Exchanges genuinely solve problems that a self-custody wallet does not solve well:

  • Buying crypto with local currency and selling back to it.
  • Trading between many different coins at lower fees than DeFi tools.
  • A familiar account-based experience for someone learning the space.
  • Account recovery if you lose your password (something self-custody cannot do).

For most ordinary use, you do not avoid an exchange. You use it for what it is good at and you do not use it as a long-term vault.

What self-custody is good for

Self-custody is the right choice when the value of "really owning it" outweighs the inconvenience of being responsible for it. That usually happens at one of three thresholds:

  • You are holding for a long time. If you are planning to hold for years, the chance that something happens to the exchange in that window is not small.
  • The amount has grown to a level where losing it would seriously hurt. The cost of a $100 hardware wallet is small at that point.
  • You want to do things on-chain (DeFi, NFTs, lending, governance) that the exchange does not let you do.

A practical split

A simple, defensible setup that most people who hold crypto seriously end up with:

  • A small "spending" balance on a hot wallet on your phone or browser, for paying, swapping, and trying things out.
  • A "long-term" balance on a hardware wallet, in self-custody, that you do not touch every week.
  • Optionally, a small balance on an exchange, only for the times when you actually need to convert to or from local currency. Not as a vault.

This isolation matters. If your hot wallet gets compromised, the savings on the hardware wallet are still safe. If the exchange has a bad week, your long-term holdings are unaffected. One mistake is annoying. One mistake taking everything is the thing you are trying to avoid.

Picking an exchange

If you do use an exchange, the choice matters. Not all of them are the same risk. A few rough guides:

  • Prefer larger, regulated exchanges in jurisdictions you understand. Coinbase, Kraken, and similar are heavily monitored, which constrains some of the worst behavior.
  • Avoid exchanges that offer "high yield" on your deposit. That yield comes from lending your crypto to people you cannot see, which is exactly what got the failed platforms into trouble.
  • Avoid keeping more on an exchange than you would on a poorly insured bank in a country you do not live in.
  • Withdraw to your own wallet periodically. The longer you go without doing it, the harder it gets to start.

Proof of reserves and what to actually check

After 2022, larger exchanges started publishing what they call proof of reserves: cryptographic snapshots showing that they hold at least as much customer crypto as they owe. This is a real improvement, but it is not the same as "your money is safe." It tells you what is on the asset side at a moment in time. It does not show liabilities, debts, or what the company might do tomorrow.

Treat proof of reserves as a useful signal among others, not a guarantee. The most useful thing you can do is reduce your exposure to any single exchange. The math of self-custody is harder to fake than the math of "trust us."

Moving funds for the first time

If you have never withdrawn crypto from an exchange to a self-custody wallet, here is the careful version of the move:

  • Set up the destination wallet first. Self-custody, recovery phrase saved.
  • Copy your wallet address from the wallet app, not from somewhere else.
  • On the exchange, initiate a small withdrawal first, like $10 worth.
  • Confirm it arrived. Check the address on a block explorer if you want to see it on the chain.
  • Once you have confirmed the small one, send the larger amount in one transaction.

Sending a test amount feels like overkill until the first time you would have typed an address wrong. Two minutes of patience saves you everything else.

An exchange is where you trade. Your wallet is where you hold. Confusing the two is the most common expensive mistake in crypto.

The last lesson before the security routine wraps up the part you actually do every time you use crypto: signing transactions, approving things, and the unique scams that target that step.