Centralized Crypto Exchanges (CEX): A Research Guide
Compare the top centralized crypto exchanges in 2026 by fees, security, regulation, supported coins, and liquidity. Honest, hype-free rankings.
Table of contents
- What is a centralized crypto exchange?
- Top 5 centralized exchanges in 2026
- Binance — deep dive
- Coinbase — deep dive
- Kraken — deep dive
- OKX — deep dive
- Bybit — deep dive
- Best CEX by use case
- How to choose the right CEX
- The Bybit hack and what it actually taught the industry
- Security checklist before depositing
- CEX vs DEX: which should you use?
- Looking ahead: what to watch through 2027
- Verdict by user type
What is a centralized crypto exchange?
A centralized exchange (CEX) is a regulated company that custodies user funds and operates an internal order book matching buyers and sellers. You deposit; they hold; you trade against other users on their platform. Last verified: 2026-05-27.
The "best" exchange is whichever combination of jurisdiction, fee tier, and custody risk produces the lowest expected loss for your setup — not whichever one ranks #1 on CoinGecko's volume chart. A US-based trader who logs into Binance.com is committing a civil violation. An EU user on Coinbase pays roughly 5x the fees they would on Binance. A Hong Kong retail trader gets full Bybit access but Coinbase blocks them at signup. If an exchange is your entry point into crypto, pair it with some foundational crypto reading so you actually understand what you're custodying.
The top 10 CEXs processed $18.7T in 2025 — Binance (Binance is the largest global crypto exchange by spot volume, operating from BVI, Dubai, and EU MiCA-licensed entities) alone did $7.3T (39.2% market share), per WuBlockchain's 2025 CEX annual report. Bybit (Bybit is a Dubai VARA-licensed exchange known for tight perpetual-futures spreads and 600+ listed coins) ranked second with $1.5T and 8.1% share, despite suffering the industry's largest-ever hack in February 2025. That attack — a $1.5B cold-wallet signing compromise attributed by the FBI to North Korea's Lazarus Group — remains the defining security event of 2025. Bybit absorbed the loss, replenished reserves within 72 hours via emergency loans, and continued processing withdrawals. The stolen ETH (86% converted to BTC by March 2025) was laundered through DEXs and cross-chain bridges and remains largely unrecovered.
Bottom line: Use a CEX for fiat on-ramps, deep liquidity, and onboarding. Move long-term holdings to self-custody before you go to sleep.
Top 5 centralized exchanges in 2026
Binance leads global liquidity (39.2% share, $7.3T 2025 volume). Coinbase leads US regulation. Kraken (Kraken is a US-headquartered crypto exchange operating since 2011 with no customer-fund breach, regulated under US, UK FCA, and EU frameworks) leads security. OKX leads derivatives and has relaunched in the US. Bybit leads futures spreads. Last verified: 2026-05-27.
| Exchange | Best for | Spot fee (base) | Coins | Fiat | Regulation |
|---|---|---|---|---|---|
| Binance | Global users, altcoins | 0.10%/0.10% (0.075% w/ BNB) | 350+ | Limited (P2P) | Multi-jurisdiction (BVI, Dubai, EU MiCA) |
| Coinbase | US users, beginners | 0.40% maker / 0.60% taker (Advanced) | 250+ | USD ACH/wire | US (NYDFS, MSB) |
| Kraken | Security-focused, US derivatives | 0.16% maker / 0.26% taker (Pro base) | 240+ | USD, EUR, GBP, CAD, AUD | US (CFTC via NinjaTrader), UK FCA, EU |
| OKX | Derivatives, advanced; US + EU | 0.08% maker / 0.10% taker | 350+ | Limited (P2P) | Malta MiCA CASP; US (post-April 2025) |
| Bybit | Futures traders | 0.10% spot; 0.02%/0.05% perps | 600+ | Limited | Dubai VARA |
Binance — deep dive
Binance is the cheapest major exchange globally, with the caveat that it excludes the United States and Binance.com remains off-limits to US persons.
Best for
Global active traders, altcoin coverage (350+ pairs), and the lowest fees in the industry with the BNB discount (0.075% spot, dropping to 0.045% at VIP 3 and as low as 0.011% at VIP 9 with BNB applied). The order book is so deep that a $10M BTC market order moves price less than 5 bps on most weekdays.
Trade-offs
US persons cannot use Binance.com — Binance.US is a separate, weaker entity with thinner books and fewer pairs. The November 2023 DOJ settlement extracted $4.3B, Changpeng Zhao served four months of a four-month sentence, and the new compliance regime means fewer surprise listings and more aggressive geo-blocking. Operates from BVI, Dubai, and EU MiCA (MiCA is the EU's Markets in Crypto-Assets regulation, the first comprehensive crypto licensing framework covering issuers, exchanges, and stablecoin issuers across all 27 member states)-licensed entities depending on user location; the entity you sign up under determines which products you see.
Volume & trust
$7.3T in 2025 spot volume, 39.2% global market share (WuBlockchain 2025 CEX Annual Report). Publishes Merkle-tree proof-of-reserves monthly (updated methodology in January 2026); Q1 2026 report showed all major assets fully backed at 100%+ collateralization despite a broad market decline. Insurance fund (SAFU): converted from $1B stablecoins to 15,000 BTC (completed February 2026), pledging to replenish if value falls below $800M.
Fees
0.10% spot maker / 0.10% taker base. With BNB 25% discount: 0.075%. VIP 9 (≥$4B/30-day volume): 0.011% maker / 0.023% taker. Futures: 0.02% maker / 0.05% taker base. Withdrawal fees vary by network — BTC withdrawals on Lightning are essentially free.
Coinbase — deep dive
Coinbase is the most regulated crypto exchange available to US users, publicly traded (NASDAQ: COIN) with audited SEC filings and SOX-compliant controls — but its base Advanced fees are 0.40% maker / 0.60% taker, not the other way around.
Best for
US users, beginners, and institutional treasury. Publicly traded (NASDAQ: COIN, ~$49B market cap as of May 26, 2026) — the only crypto exchange with audited SEC filings, SOC 1/2 reports, and SOX-compliant financial controls. Coinbase Prime is the de facto institutional rail for US asset managers entering crypto. US market share climbed to an all-time high 8.6% in Q1 2026 even as spot trading volume fell 37% quarter-over-quarter.
Trade-offs
Q1 2026 total trading volume: $202B (vs. $224B estimate), revenue $1.4B (down 21% QoQ), net loss $394M driven by unrealized losses on crypto investment portfolio. Retail fees on the consumer-facing "Simple" / "Instant Buy" interface run 1.5–3% — most retail users overpay without realizing they could switch to the Advanced tab and save 80%. Coin selection is conservatively curated; many new tokens land weeks after smaller exchanges, and stablecoin support outside USDC is thin.
Volume & trust
$295B Q3 2025 total trading volume; 8.6% global spot market share in Q1 2026 (Coinbase SEC filings). NYDFS BitLicense, FinCEN MSB, SOC 1/2 Type II. Insurance: $320M cyber policy plus FDIC pass-through on USD balances up to $250k.
Fees
Advanced Trade: 0.40% maker / 0.60% taker at under $10K/month volume. Scales down to 0.00% maker / 0.04% taker above $400M/30 days. USDC trading pairs are 0.00% maker on eligible stable pairs — a quiet edge for stablecoin desks.
Kraken — deep dive
Kraken has operated since 2011 with zero customer-fund breach — the strongest security record among major CEXs — and added US-regulated crypto derivatives in July 2025 via its $1.5B acquisition of NinjaTrader.
Best for
Security-paranoid users, fiat-on-ramp in 5 currencies (USD/EUR/GBP/CAD/AUD), US-regulated crypto derivatives (Kraken Derivatives US, launched July 2025), and EU-domiciled traders who want a non-Binance euro venue. The NinjaTrader acquisition (announced March 2025, $1.5B) brought a CFTC-registered Futures Commission Merchant license, making Kraken the primary regulated onshore US venue for crypto futures.
Trade-offs
Fewer altcoins than Binance — roughly 240 versus 350+. The non-Pro web UI sits awkwardly between Coinbase Simple and Binance Pro and confuses newer users; many give up before finding the Pro interface. The NinjaTrader derivatives platform operates as a separate entity from Kraken's spot product and requires separate onboarding.
Volume & trust
$102B Q3 2025 spot volume, dominates euro-pair liquidity (Coinbase SEC comparative disclosures). Proof-of-Reserves published twice yearly. 95%+ of assets in cold storage. Zero customer-fund loss since 2011.
Fees
0.16% maker / 0.26% taker on Pro at base tier (under $50K/month). Volume tiers: 0.10%/0.20% at $250K+; 0.00% maker / 0.08% taker at $100M+/month. Wire deposit $5; withdrawal fees 0.05–0.5% depending on network. Staking yield published transparently with slashing terms disclosed in plain English.
OKX — deep dive
OKX paid a $504M DOJ settlement in February 2025, relaunched in the US in April 2025 with a San Jose HQ, and holds a Malta MiCA CASP license covering 9 of 10 authorized services — it is no longer off-limits to US persons.
Best for
Derivatives traders, advanced users, and anyone who wants spot + perps + options + a Web3 wallet under one login. OKX's options book is the second-deepest in crypto after Deribit; its copy-trading product matches Bybit's depth. Now accessible to US users following the April 2025 relaunch with Roshan Robert as US CEO and a phased nationwide rollout.
Regulatory status (updated)
In February 2025, an OKX affiliate pleaded guilty to operating as an unregistered money transmitter and agreed to pay $504M ($420M forfeiture + $84M criminal fine). The settlement also imposed a three-year external compliance monitor (through 2027). OKX then opened a US HQ in San Jose, California (April 2025) and re-entered the market with full FinCEN MSB registration and AML/KYC overhaul. Separately, OKX holds one of the broadest MiCA CASP authorizations in Europe (Malta, 9/10 services, passportable across all 30 EEA states), though Malta received a €1.1M AML fine in 2025. EU and US users can now access OKX via regulated entities.
Fees
0.08% spot maker / 0.10% taker; OKB discount drops these to 0.06%/0.08%. Perpetuals: 0.02% maker / 0.05% taker base. US-facing fees may differ — check okx.com/en-us/fees for the current US schedule.
Bybit — deep dive
Bybit absorbed a ~$1.5B cold-wallet hack in February 2025, attributed by the FBI to North Korea's Lazarus Group, replenished reserves within 72 hours, and recovered to the #2 spot globally by December 2025 — a $1.5T year despite the largest exchange theft in crypto history.
Best for
Futures traders who want the tightest BTC/ETH perpetual spreads in the industry and an order book that handles institutional size without slippage. 600+ listed coins make it competitive with MEXC on altcoin breadth at materially better regulatory standing (Dubai VARA license). Monthly proof-of-reserves publication since March 2025.
The February 2025 hack — what actually happened
On February 21, 2025, attackers compromised a developer machine at Safe{Wallet} (the multisig infrastructure Bybit used) to inject a malicious transaction that appeared legitimate in the signing UI. The result: $1.5B in ETH transferred from Bybit's cold wallet to attacker addresses in a single transaction. The FBI and IC3 attributed the attack to North Korea's Lazarus Group (TraderTraitor/APT38) by February 26, 2025. Bybit processed ~$4B in customer withdrawals post-incident, replenished reserves via emergency peer loans within 72 hours, and resumed normal operations. By March 20, 2025, the attackers had converted 86% of the stolen ETH to BTC and dispersed it across thousands of wallets via DEXs and cross-chain bridges. Bybit paid $2.18M in USDT in recovery bounties through year-end 2025; the bulk of the $1.5B remains unrecovered. For the full breakdown of fees, products, security, and how to sign up, see our complete Bybit guide.
Volume & trust
$1.5T 2025 annual spot volume, 8.1% global share, #2 globally by December 2025 (WuBlockchain 2025 CEX Annual Report). Dubai VARA (Virtual Assets Regulatory Authority — the Dubai Emirate's licensing body for crypto exchanges, established 2022 with full custody, trading, and broker-dealer requirements) license. Merkle-tree proof-of-reserves published monthly since March 2025 post-incident; reserves confirmed above 100% collateralization on all major assets.
Fees
0.10% spot maker / 0.10% taker baseline. Perpetuals: 0.02% maker / 0.05% taker base. VIP tiers drop perp fees further for high-volume desks — check bybit.com for current tier thresholds.
Best CEX by use case
Coinbase for US beginners, Binance for global active traders, Kraken for euro pairs and security, Bybit or OKX for futures, MEXC for altcoin selection, Coinbase Prime or Kraken Institutional for treasury. Last verified: 2026-05-27.
- Best CEX for US beginners — Coinbase. ACH on-ramp, BitLicense, the easiest tax-export of any US exchange.
- Best CEX for global active traders — Binance. Lowest fees, deepest books, widest pair selection.
- Best CEX for euro pairs — Kraken. SEPA Instant deposits clear in under 10 seconds; EUR is its native quote currency.
- Best CEX for futures/perps — Bybit (tightest spreads on BTC/ETH perps) or OKX (deepest options).
- Best CEX for derivatives + spot under one roof — OKX. Cross-margin across spot, perps, options, and margin works as advertised; now available to US and EU users.
- Best CEX for never-hacked record — Kraken. Zero customer-fund breach since 2011; Bitstamp is the only competitor on this metric.
- Best CEX for altcoin selection — MEXC (1,500+ pairs, #3 by December 2025 spot volume) or Bybit (600+). MEXC is faster on new listings but lower regulatory standing.
- Best CEX for institutional custody — Coinbase Prime or Kraken Institutional. Both qualify as "qualified custodian" under most US frameworks.
- Best CEX for low-volume traders — Bitstamp. Flat 0.30%, no opaque tiers, MiCA CASP (Luxembourg), and one of the two never-hacked major exchanges.
- Best CEX for US-regulated crypto derivatives — Kraken Derivatives US (via NinjaTrader, CFTC FCM, launched July 2025). Covers crypto futures; expanding to commodities, FX, and equity futures.
How to choose the right CEX
Four checks: jurisdiction support, fee tier matched to your volume, proof-of-reserves dated within 6 months, withdrawal limits cleared via KYC. Run these in order; stop at the first failure. Last verified: 2026-05-27.
1. Check jurisdiction. US persons can use Coinbase, Kraken, Gemini, or OKX (which relaunched in the US in April 2025 following its $504M DOJ settlement). Using Binance.com as a US person remains a real legal exposure — not just a TOS violation. EU users get full MiCA CASP access on Binance, Bitstamp, Coinbase, Kraken, OKX (Malta), and Crypto.com (France). Critical for EU users: USDT is no longer available on MiCA-compliant platforms — use USDC or EURC for stablecoin activity. UK users go to Coinbase or Kraken under FCA registration. Asia and LATAM users have full Binance, OKX, and Bybit access subject to local rules.
2. Match fees to your style. Below $10k monthly volume, fee differences are negligible — the $50/year you save isn't worth picking a worse-regulated exchange. Above $100k monthly, BNB discounts on Binance or VIP tiers on OKX and Bybit save thousands per year; above $1M monthly, fee tier becomes the dominant variable in EV.
3. Verify proof-of-reserves. Every reputable CEX publishes Merkle-tree proof-of-reserves post-FTX. Pull the latest report and confirm the date — stale (>6 months) is a red flag, as is reserves reported only on BTC and ETH while liabilities span 100+ coins. Binance publishes monthly; Bybit monthly since March 2025; Kraken twice yearly.
4. Confirm withdrawal limits and KYC tier. Unverified accounts cap withdrawals at 0.06–2 BTC/day. Complete full KYC before depositing significant funds. The worst time to discover a withdrawal limit is during a panic.
The Bybit hack and what it actually taught the industry
The February 2025 Bybit incident moved ~$1.5B via a malicious-signer attack on a Safe{Wallet} multisig UI — attributed to North Korea's Lazarus Group, it is the largest single-exchange theft in crypto history.
It wasn't a hot-wallet breach, a phishing campaign, or an exchange insolvency. Bybit's funds were in cold storage. They were stolen during a routine cold-to-warm transfer because attackers had compromised a Safe{Wallet} developer machine and spoofed the signing UI to display a legitimate-looking transaction while the actual signed payload moved funds to attacker wallets.
Three lessons the survivors absorbed:
- "Cold storage" alone is no longer a sufficient security claim. The attack exploited the gap between what the signer sees and what the transaction actually does. Top-tier exchanges now require hardware-level transaction simulation on every signer that independently validates the decoded transaction payload — not just the UI representation.
- Exchange solvency is independent of incident size. Bybit absorbed the $1.5B loss and continued processing withdrawals without interruption. The test of a CEX is not whether it gets hacked, but whether the balance sheet can absorb the hack.
- Insurance funds matter. Binance's SAFU (now 15,000 BTC, ~$1B), Coinbase's $320M cyber policy, and Kraken's reserve buffer are not marketing. Exchanges without disclosed insurance are the ones to be nervous about.
If your exchange doesn't publish (a) audited proof-of-reserves, (b) an insurance fund or capital buffer, and (c) a post-incident response plan, treat it as a savings account at a bank with no FDIC.
Security checklist before depositing
Authenticator-app 2FA, withdrawal whitelist, unique password manager password, URL verification, proof-of-reserves dated within 6 months. Run all five before your first deposit. Last verified: 2026-05-27.
- Enable 2FA via authenticator app (Authy, Google Authenticator, or hardware key) — never SMS. SIM-swap attacks against crypto holders cost users an estimated $400M in 2024 alone.
- Set a withdrawal whitelist with a 24–72 hour cooldown on new addresses. This is the single most effective control against account-takeover drain.
- Use a unique, password-manager-generated password. The 2023 LastPass breach showed up as exchange drains 18 months later — anyone reusing a password elsewhere got compromised.
- Verify the URL before every login. Phishing clones of binance.com, coinbase.com, and bybit.com burn through Google Ads budgets daily; bookmark the canonical URL and use the bookmark.
- Check proof-of-reserves dated within 6 months. If it's older — or if the exchange has never published one — pick a different exchange.
CEX vs DEX: which should you use?
CEX wins on fiat on-ramp, deep liquidity, and easy onboarding. DEX wins on self-custody, permissionless listings, and censorship resistance. Most users need both. Last verified: 2026-05-27.
| CEX | DEX | |
|---|---|---|
| Custody | Operator holds | You hold (wallet) |
| Fiat | Yes | Rare (via aggregators) |
| Liquidity | Very deep | Variable |
| Coin selection | Curated, 200–600 | Permissionless, 10,000+ |
| KYC | Required | Optional |
| Risk | Operator risk | Smart-contract risk |
Most users need both: CEX for on-ramp + active trading, DEX for early/long-tail tokens and self-custody. The split most experienced traders use is ~10% on CEX (working capital + on-ramp) and ~90% in self-custody (long-term holdings + DEX execution capital).
Looking ahead: what to watch through 2027
- MiCA full authorization deadline (July 1, 2026) — The EU grandfathering period for CASPs expires July 1, 2026. Any exchange without full MiCA authorization by that date must stop serving EU users. USDT delistings are already live across MiCA-compliant platforms (Tether has not received MiCA authorization). USDC and EURC are the compliant stablecoin options. Fourteen exchanges have CASP authorization including Binance (France), Kraken (Ireland), Coinbase (Ireland), Bitstamp (Luxembourg), Crypto.com (France), OKX (Malta), and Bitpanda (Austria).
- GENIUS Act implementation — The GENIUS Act was signed into law July 18, 2025, establishing a federal stablecoin framework requiring 1:1 backing and federal oversight. Implementation regulations are due within 18 months (by January 2027). Coinbase (USDC issuer relationship) and Kraken are most leveraged to this framework; it also clears the path for bank-issued stablecoins on major exchanges.
- Proof-of-reserves becoming proof-of-solvency — PoR shows assets; it doesn't show liabilities. The next industry shift is verifiable proof-of-solvency (assets ≥ liabilities, attested cryptographically). Binance and Kraken are publicly working on this; whoever ships it first earns a real moat.
- Post-Bybit signer security — Watch for which exchanges publish technical post-incident reports detailing how their signer flow guards against UI-spoofing. Hardware-level transaction simulation is the new security floor. Silence on this question 15+ months after the incident is a red flag.
- OKX compliance monitor expiry (2027) — OKX's three-year external compliance monitor runs through 2027. How the exchange manages regulatory scrutiny during that window will determine whether it becomes a mainstream US venue or returns to being a US-blocked exchange.
Verdict by user type
Coinbase for US beginners, Binance for global active traders, Kraken for security-paranoid holders and US derivatives, Bybit or OKX for futures specialists. Last verified: 2026-05-27.
- US beginner: Coinbase — simplest, best regulation, cleanest tax export.
- Global active trader: Binance — lowest fees, deepest books, widest pair selection.
- Security-paranoid: Kraken — clean record since 2011, transparent reserve attestation, now offers US-regulated crypto derivatives.
- Futures trader: Bybit or OKX — tightest spreads, deepest options, highest leverage tiers.
- US derivatives trader: Kraken Derivatives US (via NinjaTrader, CFTC FCM) — the legitimate US onshore venue for regulated crypto futures.
Related: Best Crypto Trading Platforms 2026 · Best DEXs 2026 · Best Crypto Onramps 2026 · Best Crypto Cards 2026 · How to Buy Bitcoin 2026 · Best Crypto Wallets 2026 · Best Bitcoin Wallets 2026
This guide is updated quarterly based on platform changes, fee schedules, and regulatory updates. Last review: May 2026.
Frequently asked questions
What is a centralized exchange (CEX)?
A centralized exchange is a regulated company that custodies user funds and operates an internal order book matching buyers and sellers. Examples in 2026: Binance, Coinbase, Kraken, OKX, Bybit. CEXs offer fiat on-ramps, deep liquidity, and full-fledged trading interfaces, but they require trusting the operator with custody — your funds are an unsecured claim on the exchange's balance sheet.
Which is the best crypto exchange in 2026?
There is no single best — it depends on your passport and trading style. US users default to Coinbase, Kraken, or now OKX (which relaunched in the US in April 2025 after a $504M DOJ settlement). EU users get full MiCA-licensed access on Binance, Bitstamp, Coinbase, Kraken, and OKX (Malta CASP). Global active traders pick Binance for lowest fees; security-paranoid users pick Kraken (zero customer-fund breach since 2011).
Are centralized exchanges safe in 2026?
Top-tier CEXs publish Merkle-tree proof-of-reserves and run insurance funds, but no CEX is fully safe. FTX collapsed in 2022 ($8B customer loss); Bybit lost ~$1.5B in a February 2025 cold-wallet signing attack attributed to North Korea's Lazarus Group — the largest single-exchange theft in crypto history. Bybit absorbed the loss without halting withdrawals. Best practice in 2026: keep only active-trading capital on a CEX (5–10% of holdings), withdraw long-term BTC and ETH to self-custody.
What are typical CEX trading fees in 2026?
Spot trading fees range 0.08–0.60% maker/taker. Binance is cheapest at 0.10%/0.10% base (0.075% with 25% BNB discount). OKX is 0.08% maker / 0.10% taker. Kraken Pro is 0.16% maker / 0.26% taker at the base tier. Coinbase Advanced is 0.40% maker / 0.60% taker at the base tier — and 1.5–3% on the consumer 'Simple' interface most beginners use without realising. VIP tiers drop the top exchanges to 0.011–0.045% for active traders.
Which exchanges support fiat deposits via bank transfer?
Coinbase (USD ACH/wire, EUR SEPA, GBP Faster Payments), Kraken (USD/EUR/GBP/CAD/AUD wires and SEPA Instant), Bitstamp (USD/EUR SEPA), Gemini (USD ACH). Binance and OKX support fiat regionally via P2P or third-party processors but not direct bank rails in most jurisdictions. Always confirm fiat rails for your country before signing up — the exchange that's #1 globally may be useless for your bank.
What's the difference between a CEX and a DEX?
A CEX is custodial — the exchange holds your funds and runs an internal order book. A DEX (Uniswap, Jupiter, Aerodrome) is non-custodial — trades execute via smart contracts directly from your wallet, no operator holding anything. CEXs win on fiat on-ramp, deep liquidity, and onboarding UX. DEXs win on self-custody, permissionless listings, and censorship resistance. Most experienced users run ~10% on CEX (working capital + on-ramp) and ~90% in self-custody.
Is Binance.US the same as Binance.com?
No. Binance.com is the global exchange (BVI / Dubai / EU MiCA-licensed entities); Binance.US is a separate corporate entity launched in 2019 to serve US persons after Binance.com geo-blocked them. Binance.US has fewer pairs, thinner order books, no futures, and ongoing regulatory uncertainty. US users seeking a Binance.com-equivalent experience should look at Coinbase Advanced, Kraken Pro, or OKX (which relaunched in the US in April 2025 with San Jose HQ and full CFTC/FinCEN compliance).
How do I verify a CEX's proof of reserves?
Open the exchange's proof-of-reserves page, confirm the report date is within the last 6 months, and check it includes both assets (Merkle-tree attestation of customer balances) and a published reserve walletset whose on-chain balances can be verified independently. Older than 6 months — or assets-only with no on-chain wallets — is a red flag. Binance publishes monthly PoR reports (updated its methodology in early 2026 for greater accuracy); Kraken twice yearly; Bybit monthly since March 2025.
What happens if a CEX gets hacked or goes bankrupt?
Customer funds become an unsecured claim. In FTX, customers recovered 100 cents on the dollar in 2024 after two years of bankruptcy proceedings (rare — driven by SBF's seized assets appreciating). In Mt Gox, creditors waited 11 years for partial recovery. In Bybit's 2025 hack, the exchange absorbed the ~$1.5B loss from its balance sheet and customers were unaffected — though the stolen ETH was laundered through DEXs and cross-chain bridges by the Lazarus Group and remains largely unrecovered. The variable is the exchange's solvency at the moment of incident — which is why proof-of-reserves and an insurance fund matter.
Should I use Coinbase or Coinbase Advanced for trading?
Coinbase Advanced (the Pro interface). The default consumer Coinbase interface — Simple Buy / Instant Buy — charges 1.5–3% per trade in baked-in spread plus an explicit fee. Coinbase Advanced charges 0.40% maker / 0.60% taker baseline (below $10K/month), dropping to 0.00% maker / 0.04% taker above $400M/30 days. Same account, same custody, same KYC — just a different tab in the dashboard. Most US retail users overpay because they never find the Advanced tab.
Which CEX is best for futures and perpetual swaps?
Bybit (tightest BTC/ETH perp spreads, deepest funding-rate liquidity) and OKX (deepest options book after Deribit, cleanest cross-margin between spot and perps). Binance Futures has the highest aggregate open interest but Bybit and OKX get tighter execution on retail size. For US persons, regulated alternatives expanded in 2025: Kraken Pro Derivatives US (launched July 2025 via the NinjaTrader acquisition) is now the primary regulated onshore venue for crypto futures.
What 2FA method should I use on a crypto exchange?
Authenticator app (Authy, Google Authenticator, 1Password TOTP) or a hardware security key (YubiKey 5, Titan Security Key). Never SMS — SIM-swap attacks against crypto holders cost users an estimated $400M in 2024. Hardware keys are the strongest option; pair with a withdrawal-address whitelist that requires email confirmation + 24–72 hour cooldown for new addresses. Most account-drain incidents originate from credential reuse + SMS 2FA.
Sources & further reading
- WuBlockchain — 2025 CEX Annual Report (Binance 39.2% share, $7.3T volume)
- Chainalysis — Bybit Exchange Hack February 2025 (DPRK/Lazarus Group attribution)
- Chainalysis — 2025 Crypto Theft Reaches $3.4 Billion
- CoinDesk — OKX Settles U.S. DOJ Charges, Pays Over $500M Penalty
- CoinNews — OKX re-establishes US presence post-DOJ fine
- Kraken Blog — Kraken to Acquire NinjaTrader ($1.5B, CFTC FCM)
- CoinDesk — Kraken Debuts US-Regulated Derivatives Trading
- White House — GENIUS Act Signed Into Law (July 18, 2025)
- Binance — SAFU Fund Converted to 15,000 BTC (Feb 2026)
- Binance — Proof of Reserves (live)
- Binance — Spot Fee Schedule (live)
- Coinbase Help — Advanced Trade Fee Schedule
- Kraken — Fee Schedule (live)
- Blocklr — EU MiCA Enforcement Begins March 2026
- OKX — MiCA CASP License (Malta, 9/10 services)
- CNBC — Coinbase Q1 2026 Earnings
- IC3 — North Korea Responsible for $1.5B Bybit Hack
- EU MiCA framework — ESMA