Exchange Hack

Centralised exchanges are custodians of enormous amounts of cryptocurrency, making them high-value targets. Exchange hacks range from external attacks exploiting software vulnerabilities or compromised employee credentials to insider theft by privileged employees. Some historical 'hacks' have later been revealed to be exit scams by the exchange operators themselves.

The consumer risk is direct: funds held on an exchange are subject to that exchange's security posture, and exchange deposits are typically not insured the way bank deposits are in many jurisdictions. When an exchange is hacked, user accounts may be frozen for extended periods, and partial or full loss of deposited funds is possible.

The 'not your keys, not your coins' principle reflects this risk. Keeping only trading floats on exchanges, using exchange accounts with withdrawal address whitelisting enabled, and choosing exchanges with published proof-of-reserves and reputable security track records are practical mitigations.