Crypto exchanges are the key entry point for new and existing users. They can be very profitable for their owners, but users are advised to do due diligence before entrusting their assets to an exchange.

A cryptocurrency exchange is an online platform where you can buy, sell and trade cryptocurrencies. Some will allow you to trade using fiat currencies like the USD, and others allow trading only through another digital currency — BTC (Bitcoin) or ETH (Ethereum).

That sounds fairly straightforward until we remember that

· There are currently 2,000 cryptocurrencies being traded, with new ones knocking at the doors

· There are over 200 exchanges to choose from, with new ones launching all the time

· There is uncertainty about regulations, with changes being announced in different countries on an almost daily basis

Deciding on whether an exchange is “good”, “bad” or “ugly” may depend on whether you are a potential investor or trader wanting to make a profit, a new start-up desperate to have your new coin listed somewhere, or a regulator determined to protect the investor.

This article will be the first of several devoted to exchanges and will give a broad overview of profitability and security. Later articles will give more attention to liquidity issues, regulatory requirements in various jurisdictions as well as some of the how’s and why’s of crypto trading.

How profitable are crypto exchanges?

There may be jitters in the market, and there may be complaints about high fees, but a LOT of money is nonetheless being traded through crypto exchanges, with the exchanges themselves apparently being the biggest winners. According to a Bloomberg report in March 2018, top exchanges like Binance, Upbit, Huobi, Bitrex and others are earning millions of dollars per day in trading revenue, based on about 2% transaction fee. This translates into more than $1 billion a year.

We thought it was worth checking on how valid these claims were.

Analysis of trade volumes

The following analysis was done based on information taken from Coinmarketcap at the beginning of August 2018, when the price of Bitcoin was about $7,600. The information ranks 198 exchanges based on daily trade volumes.

Table 1: Ranking of exchanges based on daily traded volumes — 1 August as per https://coinmarketcap.com/exchanges/volume/24-hour/

Ranking of 198 exchanges

Daily trade

Examples

 

We can make some comments about exchanges based on these figures (as on 1 August 2018):

· The Top 3 (Binance, Huobi and OKEx) each did more than $1 billion trade volume on the day

· No 4 (Bitfinex) dropped off a long way to about $360m

· Only the top 20 exchanges did trades of more than $100m

· Only the top 66 (about a third of all exchanges) did more than $10m

· Nearly half of the exchanges (the bottom 95, from #104 — #198) did less than $2m

· The bottom third (from #133) did less than $500K

· The bottom 35 did less than $100K, with

o 25 of these doing less than $50K

o 11 doing less than $10K, with one as low as $29

So, the top third certainly have big volumes and big revenues. Any exchange with trade volumes above $150m would be earning at least $1 billion per year in revenue. The next group may not be earning billions, but they are certainly bringing in large revenues. Even at $2 million volume per day revenue would be over $14 million per year. Any daily volume above $150K would mean at least $1m in annual revenue.

And these revenues exclude the often-exorbitant fees charged to list a new coin on the exchange. This can run into millions of dollars.

Some exchanges may be quite small or poorly managed and so may struggle to be profitable. However, in general, there seem to be strong incentives for people to open exchanges.

How secure are crypto exchanges?

Crypto exchanges are the key entry point for new and existing users, and one of the main considerations in selecting one is security.

Examples of security breaches

There is a risk to investors that dishonest exchanges will just vanish, along with their investments. Examples include Bitcurix in 2017 (together with about 2,300 Bitcoin), Mycoin in 2015 (with $386 million in coins) and GBI in 2013 ( with Bitcoin valued then at $4,1million).

In addition, stories of exchanges being hacked are common. In fact, one statistic is that a third of all exchanges have been hacked at some point, and many have closed down as a result.

Some of the more famous hacks were the following:

· Mt Gox: Theft of hot wallet private keys, which at that time were not encrypted. Plus, there was an error in the system that did not recognize that wallets were being emptied, and actually read some of the movement as deposits. There was a very poor accounting system and poor adherence to tax and registration regulations.

· Bitstamp: Hackers undertook Skype phishing of Bitstamp employees. They then stole the employee’s credentials and hacked one of Bitstamp’s storage wallets.

· DAO: This was caused by a bug in the system itself. It highlighted the need to improve encryption in smart contracts.

· Bitfinex: There was a vulnerability in the multi-signature wallets.

· Coincheck: $530 million coins were stolen from hot wallets. $430 million was refunded to 260,000 hacked customers.

· Bithumb: Hacked twice within a year despite the company spending nearly $10m per month on security measures. Hackers are thought to have used phishing to get user details. Bithumb repaid investors for their losses.

Lessons learned

Convenience vs security

The lesson from many of these hacks is that both users and exchanges prioritize convenience and quick trading over security. Coincheck is a good example: It’s unthinkable that clients’ coins were stored in hot wallets (always connected to the internet) instead of offline in cold wallets.

It’s little wonder that regulators are finding it necessary to step in and set some rules, even in crypto-friendly countries like South Korea and Japan. However, users also have a responsibility to keep their account details secure.

Technical skill requirements

These events also highlight that hackers are smart and that the technical and development staff for exchanges will have to be smarter. It is one of the biggest cautions for traders to carefully check the credentials and the security processes of the exchanges they are dealing with. Likewise, exchanges must be more cautious of the coins and tokens that they list. They all come with their own specifications and bring security risks if they have not been properly secured. This seems to have been one of the reasons for the Coincheck hack.

One of the good-news stories was the attempted hack of some accounts on the Binance exchange early in 2018. This was a well-planned attempt to push up the price of the Viacoin. Hackers set up multiple user accounts and used phishing to get access to others’ accounts. They then used trading bots to coordinate an attack and to “trick” other bots into buying VIA coins from them in exchange for BTC. The BTC was paid into the hacker accounts. Fortunately, the Binance technical team immediately noticed and stopped the illegal trading. They were also able to freeze all the hacker accounts. They confiscated the ill-gotten BTC and donated them to charity. So, this was one case where the hackers lost. Unfortunately, those who had fallen prey to the phishing and revealed their account details also lost.

“Buyer beware”

Unfortunately, not everyone running an exchange is honest. And not everyone doing so has the required level of technical expertise to keep the funds in the exchange safe, or even to provide basic levels of customer service. Some may have liquidity problems either because they are too small or because they are trading unprofitable coins.

So, it would seem that, until such time as there are firm regulations on exchanges, it will be up to users to check on the credentials and the security measures of the exchanges they want to use.

What to look for in a crypto exchange

So, good, bad or ugly? For most owners of exchanges, it seems to be good. If you’re trying to get listed or you’re a trader, it pays to be very cautious and to shop around for the best rates and security levels if you’re wanting to avoid a bad or even ugly experience.

Advice from Sonya Kuhnel, the managing director of the Blockchain Academy is to properly research an exchange before you use it. This can be via comments on forums and in reviews. The exchange should have strong policies and action around KYC (know your customer) and AML (anti-money laundering). The exchange should keep at least 95% of all assets offline in cold wallets. She also recommends using exchanges with high volumes, as these will more accurately reflect the prices of cryptocurrencies.