Too many people get into Bitcoin without fully understanding the difference between an exchange and a wallet, and the importance of private keys.
Especially during the hype of November 2017, when Bitcoin broke through the $10,000 mark and everyone and their mom was passing around Coinbase referral links, newbies just focused on buying and "getting in", rather than learning about crypto safety.
Many of them still have those Bitcoins in their Coinbase account to this day (unless they panic sold them by February 2018...) Besides receiving that initial referral link, though, they didn't receive any education on how to keep their Bitcoins safe.
Centralised exchanges like Coinbase do not give you the private keys (=password) to your money. They only give you access to your money (with a user name and password) on their website. If their website suddenly disappears (something no newbie ever considers, because they treat it like their online banking service) your money will disappear with it.
You only have true "device independent" ownership of your money if you hold the private keys. And you should also be the only one holding those keys. If you do, it doesn't matter if a website is down, or if you lose your phone or a hardware device with your wallet app - you will be able to simply reinstall the app somewhere else and retrieve your money on a new device by entering your private keys.
You may say, "Ah, but learning about wallets and remembering a private key pass phrase - that sounds like too much hassle. How likely is it, really, that the website would just disappear? I'm sure I can trust Coinbase [or any other exchange I choose based on convenience]." And if that sounds like you, I'm pretty sure you entered the crypto space after 2014 and have never heard the name "Mt. Gox".
Here are five reasons why leaving your coins in an exchange is a very bad idea:
1. Exchanges can get hacked
This just recently happened with New Zealand exchange Cryptopia.
Two months in, while the Cryptopia team is diligently working on resolving this, it's still not clear how many customers lost some or all of their funds.
2. The owner of an exchange can die and take the private keys to his grave
One of the most bizarre stories in crypto history: Gerald Cotten, owner of Canadian exchange Quadriga, recently died on a trip to India. Customers lost access to their funds because Cotten was the only one, apparently, who knew the password.
That's not only unprofessional and stupid, but also so negligent that it seems almost impossible. The internet therefore thinks it's much more likely that Cotten faked his own death. Apparently death certificates are easy to obtain in India, and there are a number of other things that don't quite add up.
3. Your exchange may delist your coins
This is something normal, which happens when it becomes unprofitable for exchanges to carry certain coins, because there is simply not enough trading volume.
This recently happened to me with AGORAS (AGRS). I had bought 10 AGRS coins for about $10 last year. Since there wasn't really a wallet for those coins (at least not an easy one), I left those coins on Bittrex, because it was just a small amount.
At some point Bittrex delisted them - meaning, they removed the trading pair AGRS/BTS. I was not aware of that. They only informed their customers when they were about to remove the actual wallets - way after they removed the trading pairs. Since AGORAS' price had dropped by 95% by then, my tiny 10 coins were under the withdrawal limit.
So, I didn't have enough AGRS coins to withdraw.
I couldn't add any coins to reach my withdrawal limit, because the trading pair didn't exist anymore.
I also couldn't sell them for BTC, because, well, the trading pair didn't exist anymore.
My only choice was to leave them where they were, and watch Bittrex take them away from me. They may have been worth only $0.50 at that time, but who knows how much they could be worth in the future? There was a time when Bitcoin was worth only $0.50, after all.
And imagine how many customers this may have happened to? All these tiny amounts result in a big amount for Bittrex.
I'm normally quite happy with Bittrex, but this is theft in my eyes.
They should have sent reminders before they removed the trading pair, so their customers still had a chance to sell them, or buy more, to reach the withdrawal limit.
Very very bad business practices, Bittrex, and a sneaky way of enriching yourselves!
4. Your exchange might suddenly ask you to hand over all your personal details
This is what Poloniex did last year. Without any prior announcement, they just froze all accounts and forced their customers to fulfill the KYC requirements by verifying their identity and fully registering all their details.
There was no warning; there was no grace period in which users could withdraw their funds before they introduced this new policy. They just took their customers' freedom of choice away and basically stole money from the ones who were not prepared to do that.
5. It might turn out that your exchange has been working with teams of hackers that sold their users' data to third parties
No exchange is truly safe.
Make sure you only use exchanges to exchange - that’s what they’re meant for. Exchanges are for exchanging coins, wallets are for storing them.
If you have to leave some coins on an exchange, because you want to trade or lend them - only use amounts that you can afford to lose. You just never know - all of the above exchanges had/have pretty good reputations.
My favorite fiat-to-crypto exchange is Cryptopay.me (in Europe), which has served me well for over 2 years now and hasn’t had any negative press (yet).
My favorite crypto-to-crypto exchange is Binance (world wide), which is planning to launch a decentralised version soon. Decentralised means you will hold your private keys, instead of a central authority (= the exchange).
Anja Schuetz helps absolute beginners to become confident crypto investors and create a Plan B for their financial future. She is the author of How To Stay Safe in the Crypto Space and offers - a crypto safety guide for beginners - and has lots of free educational crypto resources on her website.
She also consults as a Customer Communication & Operations Manager for blockchain start-ups.