This is general information, not investment advice. Crypto is volatile and high-risk.
For most people, buying crypto means opening an account on an exchange. What that account actually is — and isn't — matters more than the price chart.
What a crypto exchange is
A crypto exchange is an online platform to buy, sell and trade cryptocurrencies — swapping dollars (fiat) for bitcoin or ether, or one coin for another. It plays a role like a stock brokerage: bringing buyers and sellers together and executing orders. But it operates in a very different legal and technical world, with far fewer of the protections bank and brokerage customers take for granted, as the SEC's Investor.gov cautions.
Two types: CEX and DEX
Centralized exchanges (CEXs) — Coinbase, Binance, Kraken — are run by companies that match orders, hold customer funds, and handle security and compliance. They're easy to use, offer support, and require identity verification (KYC). Decentralized exchanges (DEXs) — like Uniswap — have no company in the middle: trades happen peer-to-peer via smart contracts on a blockchain, you keep custody in your own wallet, and no ID is required (tie to our Ethereum/DeFi/wallet explainers). The trade-off: no support, more complexity, and total personal responsibility for security.
How a centralized exchange works
Most CEXs run an order book matching buy and sell orders. A market order fills now at the best price; a limit order waits for your price. Exchanges earn from trading fees (a fraction of a percent) and the spread (the gap between buy and sell prices — narrow for bitcoin, wide for obscure tokens), plus withdrawal fees. To open an account you complete KYC ("Know Your Customer") — uploading ID — a legal anti-money-laundering requirement.
The custody issue: 'not your keys, not your coins'
This is the single most important point. When you hold crypto on a centralized exchange, the exchange holds the private keys — you have a balance on its books, not direct control of coins on the blockchain. The industry adage "not your keys, not your coins" captures the risk: if the exchange is hacked, defrauded, or goes bankrupt, you can lose everything, with no FDIC-style insurance to make you whole (see our crypto-wallet explainer).
The cautionary tales: FTX and Mt. Gox
The risk isn't hypothetical. FTX, then the second-largest exchange, halted withdrawals on November 8, 2022 and filed for bankruptcy on November 11, trapping over a million users; investigators found customer funds had been improperly funneled to an affiliated trading firm, leaving roughly an $8 billion shortfall, and founder Sam Bankman-Fried was convicted of fraud in 2023. Earlier, Mt. Gox — which once handled most of the world's bitcoin trades — collapsed in 2014 after roughly 850,000 bitcoin went missing. The common lesson: trusting an exchange with custody means accepting that the exchange itself can fail.
How to use one more safely
- Pick established, regulated platforms. In the US, exchanges register with FinCEN and face SEC/CFTC oversight; in the EU, the MiCA regime (in force from late 2024) sets capital, custody and anti-money-laundering standards.
- Turn on two-factor authentication (2FA) — ideally via an authenticator app, not SMS (phone-number "SIM-swap" attacks are real).
- Move long-term holdings to self-custody (a hardware wallet) so the exchange isn't a single point of failure — accepting that key-security is then on you.
- Beware phishing: type the exchange's address yourself; never log in via email links; verify apps carefully.
- Know what you're not getting: an exchange account isn't a bank account, usually carries no deposit insurance, and customers can become unsecured creditors if it fails — as FTX users learned.
- Read the fees: trading fees, spreads, and withdrawal/network fees add up, especially on small coins.
What it means
A crypto exchange is a useful, often necessary tool — but it is not a bank, and the protections bank customers assume don't apply. Understanding custodial vs. self-custody, choosing regulated platforms, locking down your account, and moving long-term holdings off-exchange are the basics. The platform is an additional layer of risk on top of crypto's underlying volatility — worth remembering before you deposit.
