The signup page looks clean. The fees look competitive. And someone on Reddit said they’ve been using it for months without a problem. None of that tells you whether an exchange is safe.
Most people choose a crypto exchange the same way they pick a streaming service — by recognizing the name and scrolling past the fine print. That works fine until the platform freezes withdrawals, goes silent during a market crash, or disappears with everyone’s funds still inside. It’s happened to well-known platforms. It’ll happen again.
The good news: safe exchanges are verifiable. You don’t have to trust anyone’s word. Here are seven things worth checking before you deposit anything.
Criterion 1: Verify the License, Not Just the Claim
Nearly every exchange will tell you it’s “regulated.” Most of them are telling the truth — just not the whole truth.
There’s a real difference between being registered with a financial authority and holding an actual license. Registration, in most jurisdictions, means the exchange has filed paperwork for anti-money-laundering compliance. It doesn’t mean anyone has vetted its operations, financial controls, or how it handles customer funds in a crisis.
A license is different. Frameworks like the EU’s crypto licensing regime, Singapore’s Payment Services Act, or the UK’s FCA authorization require exchanges to meet specific standards — capital requirements, custody rules, regular audits. Claiming to be “regulated” without one of these in place is a bit like saying you’re a licensed driver because you know traffic laws exist.
Before you open an account, look up the exchange’s license number on the relevant regulator’s public register. Takes about five minutes.
Criterion 2: Check Where They’re Actually Operating
Exchanges often incorporate in one country and run their actual business somewhere else entirely. That’s not automatically suspicious — but it matters when something goes wrong.
If an exchange is registered in the Cayman Islands while its team is based in Singapore serving European customers, which regulator is actually watching it? The answer might be none. Or a patchwork of different rules with no clear authority over the thing that concerns you.
Before depositing, find out which jurisdiction covers your account. Does the exchange explicitly list your country as a supported market? Does it hold any local license or registration? If the answers are hard to find or vague, that’s worth treating as meaningful information.
Criterion 3: KYC Is a Feature, Not a Bureaucratic Headache
If an exchange lets you trade without verifying your identity, that’s not convenience. Run.
Know-your-customer (KYC) and anti-money-laundering rules are mandatory for regulated exchanges in virtually every major market. These requirements exist partly for compliance reasons — but the practical effect for you is that there’s a named, accountable entity with legal obligations. Someone you can actually point to if things go sideways.
Exchanges that skip identity verification often do so because they can’t pass regulatory scrutiny. They don’t eliminate fraud or theft risk; they remove the accountability layer that might otherwise help you recover something. Regulated exchanges that enforce KYC hold themselves to a higher standard by definition.
Mandatory ID checks are a trust signal. Don’t begrudge them.
Criterion 4: Cold Storage, Audits, and the Security Paper Trail
Established exchanges store the majority of customer funds offline — in cold storage — specifically because it’s harder to steal from systems with no internet connection. This is a baseline expectation, not a premium feature.
Industry reports put the total stolen in crypto hacks across 2024 at more than $2 billion — security researchers have put the figure higher in some years, lower in others, but it’s stayed in the billions for most of the last decade. Exchanges that survive those years without becoming a headline either got very lucky or built serious defences. Often both.
What to look for: a published cold storage ratio (above 90% is a reasonable bar), independent security audits like SOC 2, a bug bounty program — and some indication of how the exchange responded the last time something went wrong. Platforms that care about this make the information findable. That’s part of the point.
Criterion 5: Proof-of-Reserves — and Why “Self-Reported” Isn’t Good Enough
After several high-profile collapses earlier in the decade, proof-of-reserves became something of an industry standard. The idea is simple: an exchange publishes cryptographic evidence that the assets in customer accounts are actually sitting on-chain, not lent out or missing.
The problem is that not all proof-of-reserves reports are the same. Self-reported snapshots can be staged — temporarily borrowing funds before a snapshot, returning them after. What you want is a third-party attestation with a merkle-tree structure: a format that lets individual users verify their own balance is included in the published total, rather than just trusting the aggregate number.
You can take it a step further yourself. Some people use an on-chain portfolio tracker to independently monitor the wallet addresses publicly associated with an exchange — watching whether reserves shift in ways that don’t match official announcements. It won’t catch everything, but it’s a layer of visibility that didn’t exist a few years ago and costs nothing to use.
Third-party attestation, merkle-tree structure. Those are the two things worth Googling before you take any PoR report at face value.
Criterion 6: The Headline Fee Is Rarely the Real Cost
Most exchanges use a maker-taker model: the rate you pay depends on whether you’re placing an order that adds liquidity or filling one that was already there. The advertised rate is almost always the maker rate, which is the lower of the two.
Then there’s everything else — the spread between buy and sell prices, slippage when you’re trading larger amounts or less liquid pairs, withdrawal fees that vary by network and exchange, and fiat conversion costs if you’re moving money from a bank account.
Before comparing two exchanges on fees, run a realistic scenario: the actual size of a trade you’d typically make, plus a withdrawal. Calculate the all-in cost on both platforms. The difference is sometimes surprising — a lower headline fee can end up costing more in practice once you factor in the spread alone.
Criterion 7: Test Support Before You Ever Need It
The best time to discover your exchange’s support team doesn’t actually help you is before you’ve deposited anything.
Send a real question through their official channel — something specific, like asking how long a withdrawal to a particular network usually takes. Then pay attention to what happens. Does a human respond, or do you get a bot with a FAQ link? And does the reply arrive in a reasonable time with an answer that’s actually useful — not just technically correct while solving nothing?
Reputable exchanges maintain live support around the clock across more than one channel — live chat at minimum, plus email, plus a clear escalation path for account or compliance issues. During a market event or an account freeze, that capability is either there or it isn’t. You don’t want to find out which is true while you’re trying to access your funds.
Test it now. The ticket is free.
Your Seven-Question Checklist
There’s no single exchange that’s right for everyone, and this isn’t a list of recommended platforms. It’s seven things that tend to separate the trustworthy ones from the ones that will let you down.
Is it genuinely licensed, not just registered? Does it operate where it actually claims? Identity verification should be mandatory, not a choice the platform makes on your behalf. What does the security track record look like, and can you find the audit reports? Can you independently verify that reserves match what’s on paper? What does trading actually cost when you add everything up? And will someone knowledgeable answer the support channel at 2 a.m. on the day something goes wrong?
Ask those questions first. The rest is detail.
