Are Crypto Exchanges Safe? What Happens to Your Money If One Fails

A crypto exchange is a website or app where users buy and sell crypto. They support coins like Bitcoin and Ethereum, dollar-pegged stablecoins like USDC, and on some platforms tokenized stocks and gold. Exchanges are popular because they are easy to use. A user can sign up, add money, and start trading within minutes.

But easy does not mean safe. On a centralized exchange, the company holds the coins and credits the user a balance for them. If the exchange goes broke, freezes withdrawals, or gets hacked, users can lose access to their money. There is no FDIC or SIPC insurance to make them whole.

Exchanges have failed and been hacked many times, and ordinary users have lost billions. FTX held around a million customers' funds and collapsed in days. In early 2025, hackers drained about $1.5 billion from a single exchange. In each case the cause was the same: the exchange controlled the customers' coins, and when the exchange failed, the customers lost access.

Key takeaways

• On a crypto exchange, a user holds a balance that represents a claim on the company, whereas the company holds the actual coins.
• If a crypto exchange goes bankrupt, users usually become unsecured creditors and wait years for partial repayment.
• Crypto on an exchange is not covered by FDIC or SIPC. No government scheme repays users if the exchange itself fails.
• Hacks are a real risk. The February 2025 Bybit hack took about $1.5 billion, the largest crypto theft on record.
• Self-custody removes the risk of a company failing with a user's coins, since no business holds them. The tradeoff is that securing the keys becomes the user's responsibility, which a smart wallet makes easier.

How does a crypto exchange work?

A crypto exchange matches buyers and sellers, like a stock exchange but for crypto. There are two broad types. A centralized exchange (CEX) such as Coinbase or Binance is run by a company that holds customer funds and processes trades on its own systems. A decentralized exchange (DEX) such as Uniswap lets users trade directly from their own wallets, so no company ever holds their coins.

This guide focuses on centralized exchanges, since that is what most people use. On a CEX, a user signs up, verifies their identity, and deposits funds. The exchange holds those funds, records the balance, and updates it with each trade. The user never controls the coins directly, which is the source of nearly every risk covered below.

What do you actually own on an exchange?

On an exchange, a user owns a balance, not the underlying coins. That number is a record the company keeps and promises to honor, closer to an IOU than to cash in hand.

It comes down to private keys. Every crypto holding is controlled by a private key, a secret string of data that authorizes transactions and proves ownership on the blockchain. Whoever holds the key controls the coins. A centralized exchange holds the keys for all its customers, so they cannot move their own crypto without its permission. Because the exchange holds the keys, a user's balance there is only as reliable as the exchange itself.

The gap between the on-screen balance and the coins behind it can be enormous. When FTX filed for bankruptcy in November 2022, it actually held just 0.1% of the Bitcoin and 1.2% of the Ethereum that customer balances claimed. The rest was gone. FTX had used customer funds for its own trades and loans, so the holdings backing those on-screen balances had mostly disappeared.

Are crypto exchanges safe, and can they get hacked?

Crypto exchanges can be safe to use day to day, but they are not risk-free. Their safety depends on the company behind them staying solvent, honest, and secure against attacks. The single biggest risk is a hack, because an exchange concentrates a huge pool of coins from many users in one place, which makes it one of the largest targets in finance.

When an exchange is hacked, the stolen coins are usually unrecoverable. The biggest case to date is recent. On February 21, 2025, hackers stole about $1.5 billion in Ethereum from Bybit, the largest crypto theft ever recorded, which the FBI attributed to North Korea. Across all of 2025, more than $3.4 billion in crypto was stolen, and Bybit accounted for roughly 44% of that total.

Hacks are only part of the picture. Exchanges also fail because they run out of money or misuse customer funds. A few of the biggest failures show the range.

What happens if a crypto exchange goes bankrupt?

If a crypto exchange goes bankrupt, customers do not simply get their coins back. Recovery typically works like this:

1. The customer becomes an unsecured creditor. The coins were not held in the customer's name, so the claim has no specific collateral behind it.
2. Secured lenders and senior creditors are paid first. Customers sit near the back of the line, behind banks and other lenders.
3. Repayment is partial and slow. Customers usually recover only a portion of what they held, and often wait years for it.

The reason customers rank as unsecured creditors is how exchanges hold funds. Most pool deposits rather than keep each person's coins in a named account, and their terms can treat those deposits as company property, so a balance becomes a general claim against the estate.

FTX filed in November 2022 owing around a million creditors and short about $8.7 billion. Repayments began in 2025, paid in cash at November 2022 prices, so any rise in the coins' value during the freeze was lost. Mt. Gox, hacked in 2014, still owes some creditors, with the repayment deadline now set for October 2026. These were not isolated events. The Federal Reserve Bank of Chicago counted five major platforms that failed in 2022, including Celsius and Voyager, affecting about $46.5 billion across 4.3 million users.

Is crypto on an exchange insured?

Crypto held on an exchange is not insured. The two US programs people usually have in mind are FDIC and SIPC. The FDIC (Federal Deposit Insurance Corporation) insures bank deposits up to $250,000 per depositor if the bank fails. SIPC (Securities Investor Protection Corporation) protects securities such as stocks held at a brokerage if the brokerage fails. Neither program applies to crypto. The FDIC does not cover crypto at all, and SIPC states plainly that it does not protect crypto assets that are not registered securities. If a crypto exchange collapses, no government program reimburses its customers.

Some platforms advertise that they are "FDIC insured," but the claim is often misleading. It usually refers only to US dollars the platform deposits at a partner bank, which are insured if that bank fails. It does not protect a customer's crypto, and it does not apply if the exchange itself collapses. In 2022, US regulators ordered the crypto firm Voyager to stop telling customers their funds were FDIC insured, because they were not.

What is the safest way to store crypto?

The safest way to store crypto is self-custody, holding it in an account where the user controls the private keys. Because no company holds the coins, no company can freeze them, misuse them, or fail with them inside. The exchange risks above do not apply.

Self-custody has its own tradeoff: securing the keys becomes the user's responsibility, and attacks on individuals are rising. Personal-wallet thefts grew from 7.3% of all stolen crypto in 2022 to 44% in 2024, and in 2025 individuals lost about $713 million across roughly 158,000 incidents.

Most of that risk traces back to one weak point, the seed phrase. Traditional crypto wallets require the user to store a secret recovery phrase, which is permanently lost if it is forgotten and gives away everything if it is stolen. A smart wallet removes the seed phrase. Funds stay in an account the user controls, and access is built into how the user signs in, so there is nothing to write down or misplace. There are apps like Glider that are built on this model: a user's assets sit in their own account rather than a company's, with no seed phrase to manage. The same account can also hold assets such as tokenized stocks, available to investors outside the US.

Self-custody also changes how a user trades. A decentralized exchange like Uniswap lets users trade without giving up custody. Instead of a company matching orders and holding the funds, trades run on smart contracts, which are self-executing programs on the blockchain, and the coins stay in the user's own wallet the whole time. The tradeoff is a different set of risks. A bug in that code or a fake token listing can still cost a user money, and there is no company to call if something goes wrong.

The choice comes down to where the risk sits. A centralized exchange asks the user to trust a company to stay in business, handle funds honestly, and avoid being hacked, for as long as the money sits there. Self-custody puts that control, and that responsibility, in the user's own hands. For many people the practical middle ground is to keep only what is actively being traded on an exchange and hold the rest in self-custody.

Key terms

• Custodial exchange: a platform that holds a user's crypto and controls the keys. The user's balance is a claim on the company, not coins held directly.
• Self-custody: holding crypto in an account where the user controls the keys. No company can lock the user out or fail with the funds inside.
• Unsecured creditor: someone owed money in a bankruptcy with no collateral behind the claim. They are paid after secured lenders, often only in part.
• Smart wallet: a crypto account the user controls that signs them in without a seed phrase and can recover access if a key is lost.
• FDIC / SIPC: US programs that insure bank deposits and brokerage securities. Neither covers crypto if an exchange fails.

This guide is for educational purposes only and is not financial or legal advice or a recommendation to buy or sell any asset. Tokenized securities mentioned here are not available to US persons. Always do your own research.