Crypto lessons from exchange failures and the rise of self-custody
Cryptocurrency booms attract millions but often leave unprepared investors counting losses. From exchange collapses to wallet hacks, billions have been lost in past cycles. Self-custody provides a solution, but it requires diligence and risk management. With new South African crypto regulations looming, understanding how to secure your assets is more crucial than ever. Explore the lessons from past failures and how to navigate the future of crypto safely.
Sign up for your early morning brew of the BizNews Insider to keep you up to speed with the content that matters. The newsletter will land in your inbox at 5:30am weekdays. Register here .
The seventh BizNews Conference, BNC#7, is to be held in Hermanus from March 11 to 13, 2025. The 2025 BizNews Conference is designed to provide an excellent opportunity for members of the BizNews community to interact directly with the keynote speakers, old (and new) friends from previous BNC events – and to interact with members of the BizNews team. Register for BNC#7 here.
By Jan Vermeulen
Every four years, Bitcoin and other cryptocurrencies go through a mania period that draws in millions of people around the world hoping to earn big returns on surging token prices.
Like clockwork, a significant number of these new investors, traders, and speculators learn the hard way what Bitcoin enthusiasts mean with the mantra, “Not your keys, not your coins.”
This is because many people buy cryptocurrencies without fully understanding the risks of leaving their coins on the exchange where they purchased them.
During the last Bitcoin boom and bust phase between 2019 and 2022, people lost billions due to exchanges and yield account providers going bankrupt.
Most notable was the collapse of FTX, which was the third-largest cryptocurrency exchange by volume at the time and had over one million users.
Bittrex, another major exchange, also filed for bankruptcy after the U.S. Securities and Exchange Commission charged it with running an unregistered exchange.
Other platforms that failed — and which were heavily promoted by influencers during the boom — were BlockFi and Celsius.
These services effectively acted as cryptocurrency custodians and operated as savings accounts, promising customers yields by lending out their deposits.
Crypto brokerage Genesis is another famous example, as it provided similar interest-generating services to crypto platforms like Gemini and Luno.
Thankfully for Luno customers, the company took steps to ensure its clients didn’t lose any money due to Genesis’ bankruptcy. Gemini customers were not so lucky.
Until very recently, those who had used its Gemini Earn savings account had lost access to their funds. Earlier this year, Gemini announced that its customers would get all their deposited crypto back, but not the interest they were promised.
Although South African crypto asset providers weathered the fallout from these bankruptcies, one of the country’s oldest exchanges, Ice3x, folded in April 2021.
This was at the height of the last Bitcoin boom and unrelated to the collapse that started later that year. Regardless, anyone who had funds on Ice3x when it went under is out of pocket and will have to file a claim with the liquidators if they hope to get anything back.
There are several other examples of hacks, scams, and frauds that cost people their cryptocurrency investments over the years.
One high-profile example is the Canadian Bitcoin exchange QuadrigaCX, which collapsed in January 2019 after the apparent death of its co-founder and CEO, Gerald Cotten.
Another incident that has only now being resolved is the 2014 hack of Mt. Gox, which was the world’s biggest Bitcoin exchange at the time
Mt. Gox had suffered an attack three years earlier that briefly crashed the Bitcoin price to $0.01, but both it and the exchange rate quickly recovered.
By November 2013, Bitcoin peaked at approximately R16,400 before stabilizing at around R10,000 per token — until February 2014.
Following the hack, Bitcoin’s price plummeted, hitting a low of around R1,900 in January 2015.
In 2017, it emerged that the cryptocurrency exchange BTC-e had been set up to launder the money stolen from Mt. Gox.
U.S. authorities pursued the Russian national who operated the exchange and seized the remaining funds. In 2023, they charged two Russians with the hack.
Users who had any crypto or fiat currency on BTC-e lost their money. This year, news emerged that some people who lost money in Mt. Gox would be reimbursed a portion of what was stolen.
The remedy to these risks is self-custody, where you take responsibility for holding your crypto and keeping it safe.
This means transferring tokens into a self-hosted or hardware wallet after purchasing them from an exchange.
Alternatively, some non-custodial wallets have added the ability to directly buy cryptocurrency from their platform.
However, self-custody is no silver bullet.
Choosing self-custody means managing the risk of losing access to your private keys by ensuring you have a backup. It is also necessary to watch out for scams and malware that aim to steal your wallet’s keys or recovery phrase.
Those who do not wish to take on this responsibility can instead choose third-party custodians who are reputable and offer assurances such as proof of reserves reports.
Another factor to consider before choosing self-custody is that it may become more difficult in future for people with their own crypto wallets to transfer tokens into an exchange to sell them for fiat currency like rands.
The Financial Intelligence Centre (FIC) recently issued Directive 9, which implements a version of the Financial Action Task Force (FATF) “travel rule” in South Africa.
It will enter into force on 30 April 2025 and essentially requires crypto platforms in South Africa to identify the parties to a cryptocurrency transaction and verify the data.
The directive also includes a section on private or non-custodial crypto wallets, which it calls “unhosted wallets”.
The FIC has directed crypto asset providers in South Africa to develop, document, maintain and implement effective risk-based policies and procedures to handle private wallets.
Their policies must include how and when additional information on the unhosted wallet is obtained if the CASP determines that there is a higher risk of money laundering, terrorist financing or proliferation financing.
Essentially, exchanges and other crypto asset services must determine for themselves what level of risk they are willing to take on when accepting transfers from private wallets.
This may mean something relatively simple like demanding proof of identity and a declaration of the customer’s source of funds — or not accepting such deposits at all to avoid the risk entirely.
Read also:
This article was first published by MyBroadband and is republished with permission