๐ Table of Contents
The FTX Lesson: What Went Wrong
In November 2022, FTX โ at the time the world's second-largest crypto exchange โ collapsed virtually overnight. Around $8 billion in user funds were lost. Founder Sam Bankman-Fried was convicted of fraud and sentenced to 25 years in prison.
What makes the FTX collapse particularly painful is that it was completely avoidable with basic due diligence. The warning signs were there:
- FTX never published Proof of Reserves
- FTX had no independent board or meaningful oversight
- FTX was registered in the Bahamas โ a jurisdiction with minimal oversight
- FTX's balance sheet, when finally revealed, showed massive reliance on its own illiquid FTT token
The lesson isn't that crypto exchanges are inherently dangerous โ it's that not all exchanges are equal, and a few basic checks can separate the trustworthy from the dangerous.
What is Proof of Reserves?
Proof of Reserves (PoR) is a cryptographic audit that proves an exchange actually holds the assets it claims to hold on behalf of users. Without PoR, you're taking the exchange's word for it โ exactly what FTX users did.
Here's how it works:
- The exchange takes a snapshot of all user balances
- These are hashed into a Merkle tree โ a cryptographic structure that allows individual verification without exposing all user data
- An independent auditor verifies that the exchange's on-chain wallets hold at least the total of all user balances
- Individual users can verify their own balance is included using their account hash
The key metric is the reserve ratio โ a ratio above 100% means the exchange holds more than users have deposited. A ratio below 100% is a critical red flag.
Every few months I go to Binance's PoR page and verify my own balance using the Merkle proof tool. It takes 5 minutes and gives me real confidence that my funds are accounted for. Kraken and OKX offer the same. If an exchange doesn't offer this, I treat it as a yellow flag.
Where to check Proof of Reserves:
- Binance: binance.com/en/proof-of-reserves โ uses Merkle trees + zk-SNARKs
- Kraken: kraken.com/proof-of-reserves โ quarterly audits
- OKX: okx.com/proof-of-reserves โ monthly updates
- Bybit: bybit.com/en/proof-of-reserves
- Coinbase: Published via SEC filings as a publicly listed company (COIN)
Insurance & Protection Funds
Even with perfect security, exchanges can be hacked. Protection funds exist to compensate users when this happens. Here's what the major exchanges offer:
| Exchange | Fund Name | Size (2026) | Funded By | Transparency |
|---|---|---|---|---|
| Binance | SAFU | 15,000 BTC (~$1B) | 10% of trading fees | On-chain wallet public |
| Bitget | Protection Fund | $300M+ | Platform revenues | Monthly reports |
| Kraken | No dedicated fund | Not disclosed | Company reserves | Quarterly PoR audits |
| Coinbase | Crime insurance | Not disclosed | Traditional insurance | SEC filings (public company) |
| Bybit | Insurance Fund | Not fully disclosed | Derivatives revenue | Partial disclosure |
| OKX | Risk Reserve Fund | Undisclosed | Platform revenues | Monthly PoR published |
| FTX | None | $0 | โ | None โ collapsed 2022 |
Binance's SAFU is the most transparent and largest dedicated protection fund in the industry. In February 2026, Binance completed the conversion of its entire SAFU fund into 15,000 BTC, valued at approximately $1 billion, and pledged to rebalance if the value drops below $800 million.
Major Exchange Hacks: Full History
Every major exchange has faced security incidents. What matters is not whether they were hacked โ it's whether users were made whole.
Safety Comparison: Top Exchanges 2026
| Exchange | Proof of Reserves | Protection Fund | Regulation | Hack History | Overall |
|---|---|---|---|---|---|
| Kraken | โ Quarterly | โ ๏ธ Undisclosed | โ US + EU licensed | โ Never hacked | ๐ Safest |
| Coinbase | โ SEC filings | โ Crime insurance | โ NASDAQ listed | โ Never hacked | ๐ Safest |
| Binance | โ Monthly (zk-SNARK) | โ $1B SAFU | โ ๏ธ No EU licence | โ ๏ธ 2019 hack (covered) | โ Very Safe |
| Bybit | โ Published | โ ๏ธ Partial disclosure | โ ๏ธ Limited regulation | โ ๏ธ $1.4B hack 2025 (covered) | โ ๏ธ Good, use caution |
| Bitget | โ Monthly | โ $300M fund | โ 9 jurisdictions | โ No major incidents | โ Very Safe |
| OKX | โ Monthly | โ ๏ธ Undisclosed | โ ๏ธ Limited EU presence | โ No major incidents | โ Safe |
Red Flags to Watch For
Before depositing on any exchange, watch for these warning signs:
- No Proof of Reserves โ if an exchange won't publish PoR, ask why. There's no legitimate reason not to.
- Registered in a tax haven โ Bahamas, Seychelles, or other jurisdictions with minimal financial oversight are yellow flags. Not disqualifying, but worth noting.
- Own token as primary reserve asset โ FTX's balance sheet was full of its own FTT token. If a fund is primarily backed by the exchange's own coin, that's a problem.
- Withdrawal delays or limits โ legitimate exchanges process withdrawals quickly. Unexplained delays can signal liquidity problems.
- No regulatory licence in your jurisdiction โ especially important for EU users under MiCA.
- Unrealistically high yields โ if an exchange is offering 20%+ APY on stablecoins, ask where that yield comes from.
- CEO or founders are anonymous โ not disqualifying (Satoshi was anonymous), but adds risk.
I will not keep significant funds on any exchange that doesn't publish Proof of Reserves. That's my absolute red line since FTX. It takes an exchange an afternoon to set up โ if they haven't done it, it's a choice, not an oversight. I also never keep more than 20% of my total crypto holdings on exchanges at any time. The rest is on hardware wallets.