In the past three years, billions of dollars have been lost to cryptocurrency exchange hacks. Despite these staggering figures, centralized cryptocurrency exchanges (CEXs) continue to prioritize retaining user funds rather than promoting self-custody. This dynamic raise critical questions: why do they discourage users from taking full control of their assets?
The mantra “not your keys, not your coins” underscores the importance of self-custody for securing assets, yet CEXs incentivize users to store assets on their platforms. While this offers convenience and access to financial services, it also exposes users to risks like hacks and insolvency.
That said, not all centralized exchanges are opposed to self-custody. “While centralized exchanges have a stake in incentivizing users to custodize assets with the platforms, they have been broadly supportive of self-custody solutions, particularly in the wake of the collapse of FTX and other prominent scandals that impacted the industry,” notes Akos Erzse, Director of Public Policy at BitOasis. For instance, BitOasis enables users to withdraw their assets to self-custody solutions directly from its platform. Similarly, other major platforms, such as Binance, OKX, and Coinbase, have introduced self-custody wallets and actively encourage their communities to use them.
Why Centralized Exchanges Retain User Funds
Centralized exchanges rely on custody-based business models to thrive. Retaining user assets supports liquidity and sustains revenue streams through services like staking, yield farming, and fiat conversions. However, this model is also designed to minimize user migration to competing platforms.
In regulated environments like the UAE, compliance has become a defining feature for global exchanges. Licensed platforms offer secure fiat-crypto conversions, staking options, and insured custody, which bind users to their ecosystems. These safeguards also discourage users from withdrawing funds to self-custodial wallets.
Globally, this reliance on retaining funds ensures CEXs can generate revenue through staking cuts, custodial fees, and liquidity provision. The more assets held on-platform, the greater the potential for profit and reduced churn.
The DeFi Alternative: Self-Custody and Autonomy
DeFi platforms stand in stark contrast to centralized exchanges, prioritizing user control and self-custody. Users maintain their private keys, eliminating reliance on third-party custody and the risk of centralized breaches. However, DeFi’s advantages come with significant challenges.
“Decentralized platforms and protocols have historically been much more vulnerable to hacks and theft compared to centralized platforms,” Erzse explains. Chainalysis data confirms that DeFi platforms accounted for the highest share of stolen funds in recent years, far exceeding losses from centralized services.
DeFi platforms also face limitations like smart contract vulnerabilities and restricted fiat accessibility. While they primarily generate revenue through protocol fees—often redistributed within the community—these technical complexities make centralized exchanges a preferred entry and exit point for many users.
Global Challenges for Regulated and Non-Regulated Exchanges
The Case in the UAE
As a regulated crypto hub, the UAE enforces strict licensing requirements, effectively barring non-regulated exchanges from operating. Compliant platforms such as Binance, OKX, BitOasis, and CoinMena dominate the market, benefiting from regulatory trust and access to traditional banking systems. These frameworks protect users by mandating stringent internal controls, insured custody, and ongoing supervision.
Erzse explains, “Regulated platforms in jurisdictions like the UAE comply with strong regulatory requirements, ensuring that user assets are custodized, insured, and safeguarded by stringent internal controls.” This regulatory oversight provides a layer of security unmatched by non-regulated exchanges or most DeFi platforms.
The Broader Global Picture
In jurisdictions with weaker regulatory frameworks, non-regulated exchanges continue to operate, often attracting risk-tolerant users. However, this business model is becoming increasingly unsustainable due to:
- Regulatory Crackdowns: Governments worldwide are enforcing stricter compliance, cutting off non-regulated exchanges from fiat services and banking systems.
- Erosion of Trust: High-profile failures and exit scams involving unlicensed platforms push users toward regulated or decentralized alternatives.
This was clearly demonstrated after the hacks of both RAIN and M2. Both exchanges absorbed the losses and fully compensated their users, as required by law and likely supported by insurance policies mandated by regulatory frameworks. In contrast, users of WazirX in India received no such protection following their platform’s hack, highlighting the vulnerabilities faced by users of exchanges operating in less regulated environments.
Non-regulated exchanges must adapt by pursuing licenses, though this often involves significant costs and operational challenges. Additionally, exchanges may face retrospective accountability for past activities, as seen with Binance in the US, where regulators scrutinized previous operations conducted before the exchange pursued formal compliance. Alternatively, they can pivot to decentralized exchange (DEX) models, sidestepping regulation but sacrificing fiat accessibility and mainstream adoption.
Balancing Security, Profit, and Trust
The global crypto landscape is shifting, with regulated hubs like the UAE setting a high bar for compliance and user protection. As centralized exchanges prioritize retaining user funds, they must address the inherent trade-offs between security, profitability, and user trust.
DeFi platforms, while offering autonomy, continue to grow in popularity and pressure centralized exchanges to innovate. Hybrid solutions—combining regulatory compliance with user autonomy—could help CEXs strike the right balance. Greater transparency measures, such as proof-of-reserves audits, will also be essential in building trust.
For users, the choice remains between the convenience and oversight of centralized platforms and the autonomy of self-custody solutions like DeFi. In a rapidly evolving ecosystem, understanding these trade-offs is key to navigating the future of crypto finance.