How to Evaluate a Crypto Exchange Before You Deposit

The four questions before you deposit anywhere

The 2022-2024 wave of crypto exchange failures — FTX, Celsius, BlockFi, Voyager, Genesis — taught the same lesson five times: an exchange that "looks safe" because it has billions in declared deposits and a celebrity-endorsed marketing campaign can become insolvent within 48 hours. The defensive question is not whether an exchange might fail (every exchange might) but whether the structural protections against that failure are in place.

Before depositing on any crypto exchange, run four questions. If any answer is unclear, the exchange does not pass.

Who regulates the exchange, and what do they actually require?
Does the exchange publish proof of reserves, and is it real?
What happens to my funds if the exchange becomes insolvent?
What is the withdrawal speed under stress, not advertised conditions?

The rest of this guide walks through each question with specifics, examples, and the failure cases that motivated each defensive layer.

Question one: who regulates it

For US-based holders, the meaningful regulators are: the SEC (securities classification), the CFTC (commodities, including most non-stablecoin crypto futures), FinCEN (anti-money-laundering compliance), and state-level money transmitter licenses (NYDFS BitLicense, California DFPI, others). An exchange that operates in the US under all of these is operating under the strongest regulatory framework in the world for crypto.

The exchanges with full US licensure as of mid-2026: Coinbase, Kraken, Gemini, Binance.US, Robinhood Crypto, Bitstamp USA. These are the only retail venues where US holders have meaningful regulatory recourse if things go wrong.

Offshore exchanges — KuCoin, Bybit, OKX (outside their narrow US-restricted product), Bitfinex, Huobi — operate under various non-US jurisdictions. They may be perfectly well-run businesses, but as a US holder you have no regulatory recourse, no FDIC-equivalent protection, no SEC oversight, and limited ability to invoke US law if the exchange freezes your funds or refuses to release them. The 2024 KuCoin enforcement action — DOJ pursuing the company for failure to register as a money services business — illustrates the structural issue: US users on offshore exchanges may find their accounts frozen by their own government as the offshore exchange tries to come into compliance.

The practical rule: keep the bulk of your fiat-on-ramp and fiat-off-ramp activity on US-licensed exchanges. Use offshore exchanges only for specific products unavailable in the US (certain altcoin trading, certain derivatives), and only with funds you can afford to have frozen for an extended period.

Question two: proof of reserves

After FTX, every major exchange announced a "proof of reserves" program. Not all of them mean the same thing.

The strongest version: Merkle-tree proof of reserves. The exchange publishes a cryptographic structure showing every customer's balance (anonymized but verifiable) and the on-chain addresses holding the corresponding assets. Each customer can independently verify that their balance is included in the tree, and an auditor can verify that the on-chain balances match the sum of customer balances. Kraken pioneered this in 2014; Coinbase publishes audited reports quarterly; Binance global publishes monthly Merkle proofs.

The medium version: an audited attestation from a public accounting firm stating that, as of a snapshot date, the exchange's on-chain holdings equal or exceed their customer liabilities. This is weaker because it does not let individual customers verify their inclusion, and the snapshot is a single point in time. Several mid-size exchanges publish this.

The weakest version: a marketing-grade statement that "we hold customer funds in segregated wallets" without any cryptographic proof, third-party audit, or independent verification. This is what FTX published before collapsing. Treat this tier as no proof at all.

The check to actually run: before depositing on any exchange, find their most recent proof-of-reserves report. Verify it is dated within the last 90 days. Read what the audit firm actually attested (not what the exchange's blog summarizes). If the report does not exist, is older than 90 days, or comes from an unknown audit firm, treat the exchange as untested.

Question three: what happens if the exchange becomes insolvent

The US framework for crypto exchange insolvency is unsettled. Crypto held on a regulated exchange is typically classified as either: (a) customer property that segregates from the exchange's general assets in bankruptcy, or (b) a general unsecured creditor claim, which means customers stand in line behind banks, employees, and tax authorities.

The Voyager and Celsius bankruptcies (2022-2023) made this question concrete. Customers ended up with partial recoveries (Voyager ~36% as of mid-2024, Celsius ~67%), with the rest lost or pending litigation. The recovery happened only because both bankruptcies had assets — for FTX, with $8 billion missing, the recoveries are still unclear years later despite ongoing asset clawback efforts.

The structural protections an exchange can offer:

Customer fund segregation. Customer funds held in trust accounts legally distinct from the exchange's general operating capital. New York-licensed exchanges (Gemini, Coinbase NY operations) operate under explicit fund-segregation rules.
FDIC-insured fiat sweep. Dollar balances swept into FDIC-insured bank accounts at partner banks, with the FDIC's $250,000 per depositor protection extending to the exchange customer. Coinbase USD balances are FDIC-insured through this mechanism.
Crime insurance on crypto reserves. Not the same as FDIC. Some exchanges (Coinbase, Gemini) carry policies against theft of cold-storage holdings. This does not protect against exchange insolvency or fraud by exchange employees — only third-party theft.

The practical rule: keep no more on any single exchange than you would tolerate losing entirely. For most holders, that is a working float of a few thousand dollars for tax-event timing, swap liquidity, and gas purchases — not the bulk of holdings.

Question four: withdrawal speed under stress

Every exchange advertises fast withdrawals during normal operation. The question that matters is withdrawal speed during stress: market volatility, regulatory action, a bank-run scenario where many customers try to withdraw simultaneously.

The historical reference points:

FTX, November 2022: withdrawals were paused within 72 hours of the Alameda-related rumors starting. Customers who initiated withdrawals before the pause saw delays of hours to days; customers who initiated after never received funds.
BlockFi, November 2022: paused withdrawals as part of bankruptcy proceedings. Customer funds frozen for 18+ months pending the bankruptcy process.
Celsius, June 2022: paused withdrawals citing "extreme market conditions." Never resumed. Bankruptcy filed July 2022.
Mt. Gox, 2014: withdrawals slowed in early 2014, then paused entirely in February. Customers waited 10+ years for partial recovery through the Japanese rehabilitation process.

The pattern: the exchange pauses withdrawals "temporarily" citing operational reasons. The pause becomes permanent. Customers who withdrew before the pause are fine; customers who waited are not.

The defensive behavior: when an exchange starts showing stress signals — unusual social-media activity from leadership, rumored counterparty exposure, surge in withdrawal-request times — initiate withdrawals immediately. Do not wait to see if the situation resolves. The cost of being wrong about a false alarm is a network fee; the cost of being right and waiting is the entire deposit.

The signals that an exchange is in trouble

The early-warning signs, ranked by reliability:

Withdrawal delays. If a withdrawal you initiated 12 hours ago is "processing," something is off. Reach out to support, screenshot the response, initiate the rest of your withdrawal queue.
Leadership social-media activity. CEOs of healthy exchanges tweet about products and roadmap. CEOs of stressed exchanges suddenly tweet about "FUD," "concentrated attacks by competitors," or "irresponsible journalism." This pattern is consistent across FTX, Celsius, Voyager.
Counterparty rumors. If credible journalists or on-chain analysts (Whale Alert, ZachXBT, Coinage) flag suspicious flows between the exchange and a known-distressed counterparty, treat the rumor as actionable. Most rumors at this level turn out to be real.
Stablecoin redemption issues. If the exchange's native stablecoin or token loses its peg or normal trading range, the exchange's solvency is in question.
Sudden leadership changes. A surprise CEO transition, a "personal reasons" departure, or a board reshuffle during operating stress is rarely random.

None of these signals individually proves anything. Two or more signals appearing within a 30-day window is the threshold for action: withdraw everything that day, before the pause.

The fee structures that matter

Trading fees on major US exchanges in 2026:

Coinbase Advanced. Maker 0.40% / Taker 0.60% at the lowest tier; drops to 0.00% / 0.05% at the highest VIP tier. Default Coinbase (the simple interface) charges much higher fees — use Coinbase Advanced.
Kraken Pro. Maker 0.16% / Taker 0.26% at the lowest tier; 0.00% / 0.10% at the highest. Kraken Pro is the only acceptable Kraken interface; the simple "Kraken" interface has higher fees.
Gemini ActiveTrader. Maker 0.20% / Taker 0.40% lowest; 0.00% / 0.03% highest. ActiveTrader is the lower-fee interface; the default "Gemini" web interface charges convenience fees.
Binance.US. Maker 0.10% / Taker 0.10% lowest; 0.02% / 0.04% highest. Lower base fees than US competitors, with the caveat that Binance global has the regulatory baggage discussed above.

Withdrawal fees vary by asset and chain. Bitcoin withdrawals from Coinbase are typically $2-5; from Kraken, $1-3; from Binance.US, often lower. ETH withdrawals scale with network gas. The defensive practice: consolidate small withdrawals to reduce per-transaction fees, but never let "saving on fees" delay you during a stress event.

What I actually use, and why

For US-based crypto holders in 2026, my working setup is: Coinbase Advanced as the primary fiat-on-ramp and tax-reporting hub (because the 1099-MISC reporting and tax-lot tracking integrate cleanly with US tax software). Binance international as a secondary for products unavailable on US-licensed venues, with the explicit understanding that those funds are at risk if US regulatory action escalates. The Binance affiliate code at the top of every page on this site (BN16188) is for Binance international, which is the venue I actually use; it gives you a fee discount that costs nothing extra. Use it or skip it — both options are fine.

I do not keep more than three weeks of trading float on any single exchange. The rest moves to a Trezor Safe 3 with a BIP-39 passphrase. The estate-recovery document mentions the device location and the backup metal plate; the passphrase is in my head only, with a hint written on the plate that would not mean anything to a thief but would jog my own memory if needed.

The minimum defensive setup, for someone starting today

Pick one US-licensed exchange. Coinbase or Kraken are the most thoroughly battle-tested in 2026. Open the account, enable hardware-key 2FA, enable address allowlist with 72-hour delay for new addresses.
Pre-register your hardware wallet's receive address on the allowlist. Now any withdrawal from this exchange can only go to your hardware wallet, regardless of who has the password.
Never keep more than 30 days of operating need on the exchange. Move the bulk to the hardware wallet the same week you buy.
Set up withdrawal-confirmation notifications. Email and authenticator app, both. A surprise withdrawal notification is your earliest warning of compromise.
Once a quarter, run the four-question check on your exchange. Regulator status, proof-of-reserves freshness, insolvency protections, withdrawal speed. Move funds elsewhere if any answer has degraded.

The single rule

"Not your keys, not your coins." The phrase is repeated to the point of cliché, but the lesson remains: an exchange balance is an IOU. The exchange's solvency, regulatory compliance, and operational integrity all sit between you and your assets. Keeping crypto on an exchange is appropriate for working float; keeping the bulk of your stack there is taking risk you cannot price.