Why you shouldn’t leave your crypto on exchanges

Whether you’re a complete beginner or a crypto OG, you will have no doubt heard the line “never leave your crypto on an exchange” more than once.

This is a common subject covered by a lot of crypto content creators and there is a lot of great instructional guides and advice already out there. But, we’ve not really found a blog or video that gives solid examples of what can happen if you don’t follow the basic crypto security best practices.

Moving your crypto off an exchange and into a private or cold wallet will help you to maximise your security, but there’s also the utility side to think about. If the majority of your crypto is in your Coinbase spot wallet you’re not fully supporting the projects you’re investing in or realising the benefits of the amazing blockchain tech that you’ve researched and invested in. And, as an investor, you’re also not maximising your potential returns. The best you can hope for if you leave your crypto on the exchanges is a rise in the fiat price or maybe an NFT airdrop with no utility!

So this blog and video is going to equip you with the knowledge you need to start taking your crypto more seriously in terms of security, integrity and investment strategy. And hopefully it gives you the confidence to move your coins out of your exchange accounts, start making some passive income and even start using them for what they were designed for.

We’ve done an article and video on crypto security and cold storage wallets before, so if you want to know more about that you can check it out here. 

What we haven’t done though is share any examples of what could happen if you keep your crypto on an exchange and were unlucky enough to get hacked!

That time crypto.com got hacked in January 2022

Let’s go back to January 22nd 2022. All was quiet on Crypto.com and then, out of the blue, they posted this blog post. Confession time. Crypto.com, one of the biggest crypto service providers in the world, had been compromised by “unauthorised activity”.

They went on to explain that on Tuesday 17th January this unauthorised activity affected 483 crypto.com users and took the shape of unauthorised withdrawals of 4,386.26 ETH, 443.93 BTC and some other currencies worth around 66,200 USD. Somehow the perpetrators had managed to circumvent crypto.com’s 2 factor authentication (2FA) measures and initiate withdrawals worth around $30M at the time.

It had taken crypto.com 5 days to officially acknowledge the hack and, as you can understand, they came under heavy criticism during those 5 days for their vague responses and lack of an official announcement. But, to be fair to crypto.com, they did eventually respond with a very clear and measured official statement that included all the details of what had happened, what the losses were and what they had done to compensate the affected users and prevent future attacks. They also went a step further and announced WAPP. Nothing to do with Cardi B, it’s the Worldwide Account Protection Program.

Did anyone lose money? Crypto.com say that nobody was left out of pocket. They had in fact detected the activity early on, which had “triggered an immediate response from multiple teams” and quickly suspended ALL withdrawals on their platform. This was a serious move because it left every crypto.com user unable to make withdrawals for 14 hours until the service was back online. If you wanted to move some crypto around that day you were stuffed! You can imagine how their twitter timeline looked that day!

As a further security measure every crypto.com user account was automatically logged out and everybody had to login again and set up a completely new 2FA token to make sure there was no more unauthorised activity. They also had to introduce a 24 hour delay between adding a new withdrawal address and actually making a withdrawal. This wasn’t great for users because they had to wait a day before making legitimate withdrawals because of the hack.

As a result of the hack crypto.com did respond internally very quickly and did a great job of containing the threat. They did full scale internal audits of their security systems and implemented improvements as well as engaging external specialists to make sure the loophole had been closed.

Then they announced WAPP which promised to move away from 2 factor authentication totally and implemented MFA – multi factor authentication. Under WAPP, each qualifying user is effectively insured for up to $250K worth of losses but also had to comply with some pretty stringent terms and conditions:

To qualify for the WAPP program, users must:

  • Enable Multi-Factor Authentication (MFA) on all transaction types where MFA is currently available,
  • Set up an anti-phishing code at least 21 days prior to the reported unauthorized transaction,
  • Not be using jailbroken devices,
  • File a police report and provide a copy of it to Crypto.com; and
  • Complete a questionnaire to support a forensic investigation.

In our opinion it’s much easier to buy your crypto on crypto.com, Coinbase or any other exchange and then, if you’re not planning on trading, move it to a secure wallet whether online or offline as quickly as possible. The process takes a few minutes and you know your crypto is safe and only accessible to you.

The potential for passive income with Staking and DeFI

There are lots of methods you could employ to try and make some passive income with your crypto. Staking and DeFi services are among the most popular, as well as the NFT market.

Staking is probably the simplest one to get started with and it’s what got the Upstream team excited and motivated to build and run our own staking pool. With staking, you’re unlocking your “proof of stake”, or PoS, coin’s utility by putting it to work on the blockchain.

We’ll explain PoS more in another blog, but for now, just know that staking is only available for PoS cryptocurrencies like Cardano, Solana and Algorand, not for Proof of Work, or PoW, crypto assets like Bitcoin or Doge. We’ll also explain PoW another time…

You can see the full list of PoS tokens on Coinmarketcap but here’s their top 3 by Market Cap at the time of writing:

  1. Solana SOL ($41.9B)
  2. Cardano ADA ($39.7B)
  3. Algorand ALGO ($5.7B)

Depending on what currency you choose and where you stake, you can see average annual returns of anything between 5 – 20+% , paid in the staked currency. Some crypto currencies, like LUNA, require you to lock your staked coins for a minimum period before you can earn rewards. One of the reasons we like Cardano is that your ADA is never locked in, so you’ve got the flexibility to move it around if the need arises.

What about DeFi yield farming?

There are other blockchain projects out there that allow you to participate in yield farming to generate returns by borrowing and lending tokens. The Terra blockchain is a good example of this. The Anchor protocol is a decentralised lending platform built on Terra which allows you to provide liquidity or borrow.

Participating in this ecosystem can reportedly earn you up to 20% returns on your investment but there is more risk involved in this strategy, and you could end up losing your investment if you don’t know what you’re doing. We’ll cover this in more detail in another blog.

So, as you can see, there is a lot more to the crypto world than buying tokens on an exchange, and if you do decide to invest in a project you should move your crypto into a private wallet and use it to support the project if you can. Doing this can also allow you to capitalise on the utility of the project and earn some passive rewards.