Casa Blog - Bitcoin Security Made Easy

Bitcoin investors have a complex relationship with exchanges. On one hand, exchanges play a vital role in helping us upgrade our money from government currency to bitcoin. At the same time, exchanges pose a major security threat to your bitcoin.

In this overview, we’ll cover several basic considerations for buying bitcoin on exchanges, so you can get the most out of them and your self-custody.

Exchanges: Good for buying and selling

Bitcoin originated as a peer-to-peer network, but it’s hard to trade only with peers all the time. Your friends might not always have bitcoin to sell you.

That’s where exchanges come in. Exchanges are platforms and businesses where you can swap government-issued currency, such as euros or U.S. dollars, for bitcoin. Most exchanges also allow you to trade a wide assortment of crypto assets for bitcoin, though the supported assets tend to differ from exchange to exchange.

Most exchanges are centralized institutions and therefore subject to government regulations. To comply with these regulations, exchanges usually require you to identify yourself, and they can prevent you from buying or selling if they suspect you of suspicious activity or if your government disapproves of your behavior, rightfully or not.

You can think of exchanges as a bridge between your nation’s currency and bitcoin, and this relationship is why exchanges are sometimes referred to as “on-ramps” and “off-ramps.”

Exchanges: Bad for securing long-term holdings

The bitcoin community has a saying: “Not your keys, not your coins.” Whoever has your bitcoin’s private key has control over your bitcoin. To spend your bitcoin, you need to have access to your private key. Until you withdraw bitcoin to your own custody with your own private key, the bitcoin isn’t totally yours and it’s up to the exchange to keep it safe.

This is a problem because exchanges and custodians have security risks, too. They’re simply subject to a different set of risks than individuals. In fact, attackers are more inclined to target exchanges than individuals because a lot more bitcoin passes through exchanges.

Ever since bitcoin was created, exchanges have had a hard time keeping bitcoin safe. In 2014, the popular exchange Mt. Gox lost somewhere between 650,000 and 850,000 bitcoin and filed for bankruptcy, setting off a legal saga that continues to this day.

Even in the present day, exchange customers still see their assets in harm's way. In 2022, FTX collapsed in spectacular fashion after billions in customers funds were misappropriated. The painful memories of Mt. Gox and FTX live on as a reminder to all investors of the dangers of leaving someone else in charge of your money.

Take back the power with self-custody

When you hold the private keys to your bitcoin, ether, or other cryptocurrency, you ensure you alone can transact with your assets without having to trust a third party, such as an exchange or custodian. This act is known as self-custody.

But before you can take self-custody, you need to create your own key. Hardware wallets are a solid bet for generating a secure key, and our multisig vaults allow you to protect your assets with resilience against single points of failure. This security guide can show you how to choose the right setup for your assets.

How much security do you really need for your bitcoin?
Casa offers a way to hold your own bitcoin without worrying about loss or theft.

Minimize your exposure to exchanges

If you’re new to bitcoin, now’s a good time to develop some good habits when it comes to exchanges. The best way to protect your bitcoin from exchange hacks is to keep as little bitcoin on an exchange as possible.

It’s up to you to determine an acceptable amount, but gauge it within your overall bitcoin investing strategy. If you do a lot of high-frequency trading, consider leaving only the assets you use to trade on the exchange and transferring your long-term stack to self-custody. Otherwise, if you just want to buy and hold, it may not make sense to leave bitcoin on exchanges at all.

It’s easy to get busy with life and accidentally leave bitcoin on an exchange — out of sight, out of mind. Exchanges often have waiting periods before you can withdraw your purchased bitcoin. Consider setting a reminder when you make a purchase so you can transfer your bitcoin later.

Adopt a robust form of two-factor authentication

Wealth security is about balancing the right amount of access. Passwords allow us to safeguard access behind a key phrase, but technology has grown to a point where we can’t safely rely on passwords alone. If a hacker seizes control of your email address, they can just reset your password.

Today, most exchanges and financial institutions have adopted two-factor authentication (2FA) as an additional security layer. For instance, when you log into an account, you may receive a SMS text message or email with a one-time passcode.

While 2FA is a positive development, it’s important to take steps to prevent your 2FA method from being compromised. Bad actors can perform a SIM swap attack to seize control of your phone number. This tactic and similar exploits are frequently used to drain exchange accounts. Below is an example of a massive breach.

Hackers rob thousands of Coinbase customers using MFA flaw
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature.

If you use 2FA to protect your exchange account, choose a strong form of 2FA. We like hardware security keys, such as YubiKeys, for authentication on exchanges that support them. These devices are easy to use and require a level of physical interaction, making it exponentially harder for attackers to commandeer your account from a remote location.

If your exchange doesn’t support hardware security keys, consider using authenticator apps, such as Google Authenticator, for they are also a major upgrade from SMS text messages.

Withdraw early and often

Whenever you set up an account on an exchange, it’s good to test out the basic features ahead of time, such as deposits and withdrawals. That way, if you ever need to withdraw bitcoin quickly, you’re not dealing with a learning curve.

It’s best to withdraw bitcoin to your own custody before it’s obvious that you need to. There’s not much telling when an exchange will disable withdrawals temporarily, close down, or mysteriously go offline.

One good technique for facilitating a move to self-custody to set up automatic withdrawals and whitelist addresses. That ensures your assets will only move to the address you designate once your balance reaches a certain threshold.

Go ahead and familiarize yourself with the withdrawal process so your exchange account doesn’t become a single point of failure. You never know until it’s suddenly too late.

Don’t trust — verify (as much as possible)

As a system, bitcoin was designed to give you the most control over your money without having to rely on trusted third parties. That includes exchanges.

Buying bitcoin on a centralized exchange requires some level of trust, but there’s some balance to be found here if you keep your exposure low and don’t leave your bitcoin on an exchange.

It’s wise to research multiple exchanges and their security policies before settling on one. Some exchanges strive to adopt leading-edge security practices. For instance, Kraken curates several helpful security resources and performs Proof of Reserves audits to help customers. While self-custody is the best way to alleviate security concerns, we believe these efforts are a positive step forward.

Final thoughts

Being your own bank comes with personal responsibility. With some extra attention and effort, you can greatly reduce the risk of losing bitcoin on an exchange and set an excellent foundation for your bitcoin custody.

Say goodbye to risky exchanges

Start your self-custody right with your very own multisig vault and get institutional-grade protection for your assets. Already have a hardware wallet? Our 3-key vault lets you add two more keys for greater protection against hacks and accidents. Learn more here.