Can you trust crypto exchanges after the collapse of FTX?

Experts say that most CEXs only offer basic contractual protection in the event of a mishap, but things are improving.

by Zhiyuan Sun 10 min February 15, 2023
Share Share Share Share

On Oct. 25, 2022 — about two weeks before the collapse of the world’s third-largest cryptocurrency exchange, FTX — prominent DeFi architect Andre Cronje published a foreboding article with a chilling warning on the state of centralized cryptocurrency exchanges:

“Remedies under the current regulatory regime are ineffective. Most investors sign away their rights to their crypto in voluminous terms and conditions of crypto-exchanges and many will (at best) rank as unsecured creditors should these exchange services be liquidated. Crypto exchange and crypto investment service providers are essentially operating as banks, but without the safeguards and regulation which banks are required to follow.”

What happened afterward is history. With the abrupt downfall of FTX, customers suddenly discovered that despite all previous guarantees, their assets had been locked as the defunct exchange filed for bankruptcy amid an $8 billion shortfall — the consequence of senior executives siphoning customer assets to trade in related hedge fund Alameda Research. Even though the new management claims they have recovered some customer assets, clients’ funds still remain frozen in bankruptcy proceedings, with no end in sight and heavy legal fees to follow. 

In the aftermath, the crypto community has raised serious concerns regarding the state of CEXs. Demands such as proof of assets and liabilities, segregation of customer funds, and voluntary registration as broker-dealers have echoed in the industry. That said, haven’t CEXs come this far by making an effort to legitimize their operations? Here’s why the issue is more complicated than meets the eye. 

Sam Bankman-Fried’s net worth took a nosedive after the collapse of FTX. (Bloomberg Billionaires Index)

Why not just get regulated?

Jack Graves, a teaching professor at Syracuse University, tells Magazine, “To my knowledge, there is nobody acting as an exchange of cryptocurrencies and digital assets in the U.S. that is registered with the SEC. Instead, they simply stated that they don’t trade securities. And that’s a critical difference.”

Graves explains that while exchanges such as Coinbase are licensed money transmitters, they are not broker-dealers. “As soon as you talk about broker-dealers of securities, that triggers a bunch of disclosure and custody requirements,” Graves states. “I happen to use Fidelity as my brokerage company, and if Fidelity goes bankrupt, I’m not an unsecured creditor in bankruptcy. So, I have a claim to my assets before all the unsecured creditors.”

At least in the U.S., crypto exchanges cannot become broker-dealers because the digital assets they facilitate are not classified as securities by the SEC. Yet, there is also ample confusion on the matter.

“Gary Gensler has essentially said that everything except Bitcoin and maybe Ether is probably a security,” Graves says. “So, the exchanges are taking the view that until the SEC says it’s a security, they are going to trade it. And as soon as the SEC says crypto assets are securities, they are going to quit.”

Gary Gensler
In a recent video SEC Chairman Gary Gensler used dad jokes to explain that certain staking services offered by CEXs are classified as securities (SEC)

The problem isn’t unique to the United States. Lennix Lai, managing director at Seychellois crypto exchange OKX, explains to Magazine that crypto exchanges cannot, as of now, be registered as broker-dealers due to a fundamental difference in their business model:

“By definition, a crypto exchange is actually a matching engine that matches orders from buyers and sellers. A broker-dealer license only governs the relationships that you, as the firm, have the capability to handle client orders and route them to a stock exchange. However, in the crypto world, most of the business models running are not the broker-dealer model but actually a ‘stock exchange’ model. So, that gives governments regulatory difficulty in that we don’t have an exchange license to apply for.”

Canada is one of the few jurisdictions that offer a clear regulatory pathway for exchanges to become registered broker-dealers — perhaps due to the sudden collapse of major Canadian crypto exchange QuadrigaCX in 2019.

In Canada, all prospective crypto exchanges must register with the Investment Industry Regulatory Organization of Canada and applicable provincial regulators to conduct business. On June 22, 2022, the Ontario Securities Commission announced it had issued an enforcement action against Bybit and KuCoin, alleging the two operated unregistered crypto asset trading platforms in the country.

After registration, crypto exchanges in Canada become broker-dealers just like their stock-trading counterparts, even though regulators ruled that the assets facilitated by the exchanges are not securities. As Katrina Prokopy, chief legal officer at Canadian exchange Coinsquare, explains to Magazine: 

“Coinsquare is the first crypto asset trading platform that proceeded to get registration as an investment dealer and an IIROC [Investment Industry Regulatory Organization of Canada] member. That took two years of working intensively with the regulators. Investors can take comfort knowing that IIROC dealers must keep sufficient regulatory capital and must have operational controls, financial controls, compliance, proficiency requirements, risk management, insurance requirements, and custodial requirements in using counterparties that are acceptable to IIROC and can have a certain amount of capital. Absent fraud, blatant fraud, it would be very difficult for the same situation as FTX to happen with an IIROC-regulated platform.”

In addition, offshore CEXs can select governing jurisdictions far away from users’ domicile residences, making it difficult to resolve disputes. As an example, according to Binance’s terms of use, the Hong Kong International Arbitration Centre has the discretion to regulate disputes between the exchange and its clients. Although Binance has agreed to hear disputes raised in the said court of law in the past, users have complained that the process is quite expensive. Meanwhile, Prokopy explains that Coinsquare’s governing jurisdiction is in Ontario, Canada. Thus, users do not need to travel abroad or hire foreign international law attorneys to resolve a dispute between themselves and the exchange:

“Customers have access to our regulators, they have access to our legal and compliance department to help resolve matters, and they have ultimate recourse to the Canadian judicial system if that’s what they want to pursue. And you know, as a corporation registered in Ontario, we have a registered address for service.”

Read also
Features

Why Virtual Reality Needs Blockchain: Economics, Permanence and Scarcity

Features

How to prevent AI from ‘annihilating humanity’ using blockchain

Are user funds protected by law?

Graves summarizes the regulations under which offshore cryptocurrency exchanges operate: It’s like saying, “Look, we’re in good shape; but if we go bankrupt, you’re an insecure general creditor.”

According to Graves, unsecured creditors typically recover 10 cents on the dollar in the United States. “I think we’ve got a lot of work to do with an alternative that is meaningful, other than just breach of contract,” Graves states. “And breach of contract isn’t worth much when you end up in bankruptcy.”

“Assuming everybody’s doing the best, they try to make money, and it just doesn’t work, and the exchange goes bankrupt, you still don’t have any protection as the customer.”

For example, Coinbase’s terms of use state that the firm carries crime insurance that protects digital assets from theft and cybersecurity breaches. However, the policy does not cover “unauthorized access” to Coinbase accounts due to a breach of credentials. In addition, while U.S. customers’ fiat deposits are covered up to $250,000 by the Federal Deposit Insurance Corporation in the event of a default in the custodial bank, the same protection does not extend to their digital asset holdings. 

Coinbase
Like many exchanges, Coinbase’s user insurance policies generally only applies to fiat cash balances (Coinbase)

Another exchange, OKX, explicitly states in its terms of service that “Digital assets of users are not protected by deposit protection or deposit insurance scheme. In the case of an irreconcilable shortfall, you may not receive some or any of your deposited assets or funds.”

OKX’s Lai explains that this is because the insurance industry does not have the full capability to underwrite risks within the cryptocurrency realm: 

“Most of the insurance policies right now only cover a relatively restricted amount because they want to cap their appetite for risk, and also, they will cover a specific area of risk — for example, insider jobs.”

Coinsquare’s Prokopy confirms the limitations of insurance policies covering crypto firms. Coinsquare clients currently have insurance policies covering $1 million of their fiat Canadian dollar deposits, but Prokopy says the coverage does not extend to digital assets. She elaborates that the firm has been advocating for an expansion of coverage, as it is currently paying the same fees as other IIROC members for asset insurance:    

“There is the Canadian Investor Protection Fund, which is the insurance coverage that IIROC member firms have for customer assets in the crypto space. It is available for the cash component in the trading accounts. But the CIPF is not at this point covering crypto. So, in the event that the IIROC dealer went bankrupt, there would be insurance protection to the cash component, not the crypto component.”

Are proof of reserves legitimate?

As told by Lai, one way customers can receive assurance that their funds are secure is through a proof-of-reserves audit. 

“The proof of reserves we publish encompasses proof of liability,” says Lai. “For every OKX customer that owns their deposit, OKX records a liability to them.” 

The executive explains that by allowing users to self-verify the exchange’s disclosures using open-source methods, OKX demonstrates to its customers that its asset coverage to liability “is greater than one-to-one.” The exchange updates its proof of reserves monthly. 

OKX’s self-published proof of reserves. Source: OKX

Other stakeholders, such as former Kraken CEO Jesse Powell, disagree. For Powell, a proof of reserves featuring Merkle tree verification is “hand wavey bullshit” and cannot be used in lieu of a full traditional account. “The statement of assets is pointless without liabilities,” he tweeted in November 2022.

Graves also noted the difficulty of finding auditors to work in the first place. “The problem right now, as I understand it, is the auditors don’t know how to audit,” he says.


“They have no idea how to deal with this stuff. You can audit how many assets a crypto exchange has on-chain, but how much of it is pledged as collateral? That’s a lot harder to figure out unless you have access to their financial services, books, and records. […] We saw this with FTX. Yeah, FTX has some money, but a whole lot of it was transferred to Alameda, and Alameda is investing in leveraged swaps. And so just looking at assets on-chain, you can verify that, but it really tells you nothing in terms of liabilities and leverage.”

Currently, Coinbase is one of the few crypto exchanges to have an auditor — Deloitte — though much of it can be attributed to the fact that it’s a publicly traded company. Previously, South African auditor Mazars claimed that Binance users’ Bitcoin was “fully collateralized” on the platform but then removed its proof-of-reserve verification for Binance, along with other crypto exchanges, from its website approximately one week later. Binance says it has reached out to multiple large auditing firms, but they are “currently unwilling to conduct a PoR for a private crypto company.”

Can we still trust CEXs? 

While crypto users have largely agreed on the need for CEXs to become regulated in the aftermath of FTX’s collapse, it may not be currently possible due to the lack of regulatory pathways. Coinsquare’s Prokopy certainly illustrated the trust brought to CEXs when there is a clear pathway forward. However, both Lai and Graves raised the issue of chaotic regulatory frameworks in the U.S. and other parts of the world, making obtaining a broker-dealer license impossible.

That said, regulators have been ramping up efforts in this new field. In a White House briefing on Jan. 27, lawmakers stated that they were working on “safeguards” to supplement the development of new digital asset technologies and unveil priorities for blockchain research. For now, CEXs face an uphill battle to demonstrate legitimacy to their users. But as Graves puts it, some essential corporate safeguards remain in place aside from the contractual obligation to customers.

“I don’t think the current structure with offshore exchanges is an issue. If exchanges like Binance.US and Binance International don’t keep them independent, the U.S. regulators will go after Binance International and say we have jurisdiction because you’re acting through the U.S. entity. If they were commingling funds, local creditors could also go after Binance International to pay off all those debts.”

Read also
Features

Ordinals turned Bitcoin into a worse version of Ethereum: Can we fix it?

Columns

Helping Ukraine without donating: Laura’s DeFi staking plan

Share Share Share Share

Zhiyuan Sun

Zhiyuan Sun is a journalist at Cointelegraph focusing on technology-related news. He has several years of experience writing for major financial media outlets such as The Motley Fool, Nasdaq.com and Seeking Alpha.