We’ll be focusing on cryptocurrency 101 for the next few weeks, and specifically how to get involved and what due diligence looks like for the cryptocurrency investor.
Cryptocurrency investment is all about high risk–high reward speculation. It’s an unregulated marketplace, which means that the market punishes those who don’t do their due diligence. That scares away those with weak stomachs, punishes the lazy and the foolhardy, and enriches the few who learn how to mitigate risk.
And I do mean mitigate.
There is no magic formula to eliminate risk, and sometimes even the best investors get blindsided by something nobody could have seen coming.
But exchanges are a must if you’re going to get into the crypto-game, so it’s important to know how to pick the best one.
Here’s a handy guide.
How to pick your exchange
Fees:
This one seems like a no-brainer, but all exchanges will squeeze you a bit to do business on their platforms. Read the fine print before getting involved to make sure you don’t get squeezed unnecessarily, because some exchanges can be extremely shady in their pricing for withdrawal fees.
Liquidity:
Liquidity refers to the ease of buying and selling in the market. High liquidity means that there is a huge number of buyers and sellers. It also leads to better price discovery and allows for faster transactions.
Services and Coin Pairings:
Exchanges come in two different formats: fiat to crypto or crypto to crypto.
Again, read and research carefully to ensure the exchange you’re doing business with is the right one for you.
But don’t stop there.
If you’ve already got some existing crypto and you want to take advantage of other better performing altcoins, then make sure the exchange you’re with allows you to swap between the coins you want.
Having a wide coin base is key.
Some exchanges only offer the largest coins, Bitcoin (BTC) Ethereum (ETH) and maybe Litecoin (LTC), but if ZCash (ZEC) goes for a run after its upcoming hard fork into YCash, you’ll be kicking yourself if your exchange doesn’t support it.
Verification Requirements and Security:
If you only remember one thing from this cryptocurrency 101 primer, it’s this:
There are two types of exchanges:
- Those that have been hacked.
- Those that will be hacked.
Write that down and tape it to the bottom of your screen. It’s the most important thing you need to know as a investor in cryptocurrencies.
Got it? Good.
Now in the odd circumstance where you absolutely need to keep your money on an exchange for any length of time, you’re going to want to have at least two-factor identification.
Two–factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know like a PIN, 2) something they have like a bank card, or 3) something they are like using a fingerprint, retinal pattern, or even your voice.
Most exchanges will also require identity verification such as a passport, driver’s license, proof of residence, or other similar document before joining. The more complex the verification process, the safer the exchange platform.
Exchange Rates:
Any transaction has its own unique exchange rate that fluctuates based on market volatility and network fees. You can make this work in your favour and end up getting more crypto for your swap than you originally expected, or as is more likely, you could get burned and end up with less.
The above gif shows how the exchange rate can work within minutes.
If you’re looking to exchange crypto-to-crypto, then the two sites you’re probably going to look at (if your primary exchange doesn’t offer it) are Shapeshift and Changelly. There are more, but these are the two most popular.
Here is where the hidden costs live.
Some exchanges and currency conversion places tout 5% fees, but end up jacking you for 15% or more. The choice of a good conversion site is a balance between fees and reputation. Changelly has a better fee structure, and Shapeshift has a better reputation, but not by much.
Here’s one unhappy Changelly customer:
Stop using Changelly.com for exchanging high amounts or exchanging Monero.
They lock your account until you sent them your ID. Even after that it can take weeks before your funds are available again.https://t.co/uOpoSWqfJB
— [ Romano ] (@RNR_0) May 13, 2018
One unhappy reviewer shouldn’t be enough to form an opinion, but this is just one of many.
Shapeshift isn’t much better.
ShapeShift was hacked several times in 2016, losing the equivalent of a few hundred thousand US dollars at the time. It was alleged to have been an inside job.
No customer funds were lost, rather, all the stolen cryptocurrency was ShapeShift’s own. ShapeShift CEO Erik Voorhees later pointed at this as evidence that the non-custodial exchange design worked as it should.
It was an unconventional situation, and although there are criticisms of how CEO Erik Voorhees handled the situation, user funds were never at risk which demonstrates the extra security offered by ShapeShift’s non-custodial system, where users don’t have to deposit funds to make a trade.
ShapeShift has not been hacked since then.
Reputation:
Reputation is everything in an unregulated market.
There’s no big papa government looking over your trades making sure everyone’s playing fair. If you get shafted by an exchange all you have is the internet as your ally, because you’re unlikely to see your investment again.
And sadly, spotless exchanges are in short supply. Every exchange has made mistakes, and if they haven’t yet, they will.
It’s in an exchange’s best interest to maintain a positive reputation, but eventually those mistakes add up.
If in doubt, go to Reddit, BitcoinTalk, Telegram and other places and find other customers to get their first-hand experience. If an exchange possesses more pros than cons based on your own criteria, it’s probably a safe bet.
The best you can ask for is to find an exchange that’s merely incompetent and not entirely criminal, and then make your trades and pull them into cold storage before the incompetence catches up to you. You can’t assume that the people running the exchange know what they’re doing.
It’s actually better for you if you don’t. Cynicism in an unregulated market is your ally.
The sorry not sorry hall of shame:
The probability on any raw cryptocurrency—by which I mean the code—being hacked is so low as to be nonexistent because they’re constantly being overseen and updated by their user-bases. It forces hackers to look for easier targets, and Bitcoin (and its altcoins) have no shortage of options, from unstable wallets to exchanges themselves.
Unregulated cryptocurrency markets are a real world example of what adults will do when they know they’re not being watched. The history of cryptocurrency to date is one of failure, idiotic behaviour and outright thievery, with almost a complete lack of accountability.
Here are a few famous failures, idiots and thieves. They’re worth your attention because no two failures are alike and they demonstrate how unpredictable this world can be.
Mt Gox:
Mt Gox is an object lesson in the power of inept management, raw inexperience and neglect to destroy a promising opportunity.
Programmer Jed McCaleb (who later went on to find the cryptocurrency Ripple) retrofitted a website called Magic the Gathering Online Exchange for Bitcoin and launched it in July 2010.
Mt Gox’s shoddy security history started in 2011 when a security breach caused the nominal price of bitcoin to drop to one cent on the exchange after a hacker used credentials from a Mt Gox auditor’s compromised computer to transfer bitcoins to himself.
Apparently that wasn’t enough of a red flag for Bitcoin users at the time, because it didn’t stop the exchange from handling over 70% of all bitcoin transactions worldwide by 2014.
It declared bankruptcy in February 2014 after another $460 million worth of Bitcoin was hacked from their coffers, and another $27.4 million worth disappeared from their bank accounts.
There was some technical error that caused wallets not to note that they were being emptied, and actually read some of the currency movements as deposits.
Further investigations revealed that the exchange had misplaced up to 80,000 bitcoins from its exchange since long before Mark Karpelés took over the exchange in 2011.
So naturally he owned up to it, came clean and set about taking responsibility for the missing coins by launching an investigation into his operation which ultimately turned it around and restored investor confidence.
No, of course not.
He lied and tried to cover it up.
Tokyo District Court found Mt Gox CEO Mark Karpelès guilty of falsifying data to inflate Mt Gox holdings by $44.5 million earlier this year. The court sentenced him to 30 months in prison, suspended for four years, which means he won’t see the inside of a jail cell unless he gets caught doing something else.
Now he’s recently accepted a role as the CTO of biotech company, Tristan Technologies, because everyone should get a second chance to go to jail when the first one fails.
The court acquitted Karpelès on a number of other charges, including embezzlement and aggravated breach of trust. Nonetheless, the verdict said Karpelès had inflicted “massive harm to the trust of his users” and there was “no excuse” for him to “abuse his status and authority to perform clever criminal acts.”
Congratulations, your honour. You sure showed him with your harsh words.
Bitfinex:
Bitfinex is one of the biggest cryptocurrency exchanges in the world.
Headquartered in Hong Kong and registered in the British Virgin Islands, they have been hacked several times since their inception in 2012.
The United States restricted access to dollar payments and withdrawals in 2016 after hacks cost them $73.4 million. This, coupled with Bitfinex’s ongoing troubles forging meaningful banking relationships, was enough for management to release a statement on October, 2018, to dispel rumours that they were insolvent.
Then in April 2019, New York Attorney General Letitia James accused Bitfinex of using Tether, an affiliated company dealing in the Tether stable-coin, to cover up an $850 million loss to a Panamanian payment processor called Crypto Capital Corp.
Bitfinex’s gave over $850 million to Crypto Capital to help cover their liquidity issues, and since no contract was ever signed, the company promptly either lost or absconded with the money.
in response to the AG’s note, the company stated that the money wasn’t actually lost or stolen, but had instead been seized by American, Portuguese and Polish authorities.
Regardless of what happened to the money, their liquidity problems remain and Bitfinex and their investors look like idiots.
This company serves 52 million countries. No, really.
QuadrigaCX:
This story hits a little too close to home.
In the interest of full disclosure I used QuadrigaCX about two years prior to its imminent demise. My story is a happy one, though. I made enough money to fund a destination wedding, and am right now in the process of seeking my happily-ever-after.
I also never actually kept my coins on the exchange.
Other people have not been so lucky:
Redditor somewhereupnorth91 writes:
I’m a student in nursing school and will be for the next 2.5 years.
Basically it wiped out 80% of my held bitcoin (sold to pay off all my debt), and now I still have my debt. I have no liquid money and will be trading with 1 BTC ….
Me, personally, I lost $23k on Quadriga. I wasn’t holding my funds on there, just used the site for past 3 years and moved to sell for withdrawal. Since early Oct they assured me that my money would be fine, etc and I believed them. Stupid me.
QuadrigaCX’s story goes like this:
Gerald Cotten, CEO of Quadriga Fintech, was the kind of guy who kept all the keys and the passwords to the site’s cold wallets and didn’t share them with anyone. He went on vacation to India and died from complications to Crohn’s disease while volunteering at an orphanage.
Because he held all the passwords that meant up to CAD$250 million owed to 115,000 customers was locked inside these off-line cold wallets.
It also demonstrates what can happen with these companies.
I had no way of knowing that the company was run by the type of guy who wouldn’t safeguard his holdings by sharing his passwords with one or two other trusted advisers.
If I had have been somehow privy to this information, I would have thought twice about dealing with them, even though I only had my coins locked up on the site a few hours at most before pulling them off.
Kraken
This exchange rightfully doesn’t belong in the Sorry Not Sorry hall of shame.
Kraken is one of the most respected and secure cryptocurrency exchanges out there. It meets all of the benchmarks I laid out earlier, including two-factor identification, high liquidity, respectable fees, and tiered trading for individuals and institutional investors.
Crypto-to-crypto trading requires the lowest tier of identification, followed by fiat-to-crypto, which requires two different types of verifiable government identification to trade. This is some solid security.
And it still got hacked.
Here’s one working theory:
1. Hacker gets access to compromised account w/ 1200BTC but can’t withdraw
2. Hacker puts his own limit $100 buy orders on illiquid pair BTC/CAD
3. Back to compromised account he dumps the 1200BTC on BTC/CAD to himself
4. Hacker is fully legit owner of 1200BTC@krakenfx shame
— Beetcoin [10K BTC on LN] (@Beetcoin) June 2, 2019
The price of Bitcoin crashed on the Kraken site from over CAD$10,000 to CAD$100 in a matter of minutes, giving anyone lucky enough to be trading at that moment access to a surprise windfall while impoverishing the loser in the trade. The price naturally jumped back up over $10,000 moments later.
Sadly, flash crashes aren’t anything new, and they’re not just central to crypto.
Risk is the price of admission and sometimes these things just happen.
Come back next week and we’ll discuss wallets, and other methods of protecting your investment.
Hodl the line until then.
—Joseph Morton