We use cookies to give you better functionality and analytics. By clicking Accept, you consent to our Cookie Policy, Legal Notice, Privacy Policy and Website Terms of Use.


Bittrex, Kraken, Binance, FTX. Lessons learnt from recent exchange developments


A lot has been written in the last week about the very high-profile issues that crypto exchanges are facing. We have been writing and talking about this for some time now, so there aren’t too many surprises on our end. But let's go into a little more detail than you might have picked up from the headlines.

Bittrex: A user’s exposure to high-risk takers

Bittrex announced its decision to wind down its operation last week, with all trading activities ceasing on the 4th of December, 2023. Bittrex was one of the original crypto exchanges, so many will have been surprised by this, but the decision follows a number of regulatory challenges and legal proceedings that the group has faced. Although Bittrex Global was headquartered in Liechtenstein, the decision to cease operations followed the decision to wind down its US-based subsidiary, Bittrex, around nine months ago. 

Bittrex filed for Chapter 11 bankruptcy protection in May and reached a settlement with the SEC in August to pay USD 24 million in fines and interest. USD 24 million sounds like a lot of money, and I appreciate that not everyone will read into the details of this settlement. It involved approximately 116,000 instances of apparent violations across multiple sanctions programs (including Sudan, Syria, Iran, and Ukraine between 2014 and 2017), with the total transactions amounting to around USD 263 million, potentially leading to civil liability.

Maybe even less known is the fact that Bittrex also agreed to pay USD 29 million for willful violations of the Bank Secrecy Act in the USA. This investigation by FinCEN found that the exchange had not developed, maintained, or implemented an effective AML program, including monitoring transactions involving sanctioned jurisdictions. I’m not sure if I would have chosen to hold my assets on that exchange if I was fully aware of this, but users who want to gain access to these markets should also ask themselves the same question.

FTX: A user’s security is far beyond an exposure to compliance risk

When we are talking about the security of exchanges, though, we don’t need to focus purely on ‘AML’ and ‘Sanctions’. The issues go far beyond that. Let's think about the two largest trading platforms in the world over the last few months. 

Starting with FTX is easy. In the insolvency proceedings for FTX, there were lots of critical issues identified with what the world had been told was a fully ‘regulated’ exchange (I’ve written separately about ‘knowing your VASP’). John J. Ray III, who took over as CEO following the filing for bankruptcy, provided the world with a quote that summarises this quite well:

Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here. From compromised systems integrity and faulty regulatory oversight abroad, to the concentration of control in the hands of a very small group of inexperienced, unsophisticated, and potentially compromised individuals, this situation is unprecedented.”

Why should a user trust a platform to hold its assets where there is simply no proper management of that business in place? Would you take a flight with a group of pilots who were not qualified or trained to fly a plane? Would you put your family on a bus with a 15-year-old driver who did not have a driving license? Would you put your savings onto an unregulated platform with people having control over those assets who simply did not know what they were doing? The FTX platform did not even maintain a list of bank accounts and account signatories or even look at the creditworthiness of the banking partners it was using; they did not maintain properly segregated customer asset accounts from their own balances, and there was no one to oversee and enforce the protection of those assets. 

Look at the makeup of the board of Xapo Bank and the independent directors we have to challenge the management and executives of the business, and you would not be able to find a more stark comparison in the world.

Binance: Is there now risk for Binance users who have been serviced outside of the USA?

The Binance group are very different from this. They have agreed to a restriction on public statements and will not contradict their acceptance of the findings against them in the USA, or the facts in the Plea Agreement. The financial penalties they have accepted include the criminal fine of USD 1,805,475,575 (reflecting a 20% discount for partial cooperation and remediation) and an Order of Forfeiture totalling USD 2,520,650,588, which includes fees that they had collected from U.S. persons and proceeds from transactions involving U.S. persons and persons in Iran. What are the implications of this for the Binance group outside of the USA, where there has been no settlement, but we read about the mounting regulatory and licensing pressure on a regular basis. We don’t really need to dive into lots of details around the implications of all of this, but the question is really around whether people are fully informed about the counterpart they are using for their activities. Let me explain another good example of what I mean.

Kraken: An example of a well-known and regulated global exchange and the terms on which they service users.

The other large platform that has started to face action in the USA is Kraken, yet another very well-known exchange globally. Obviously, different customers from different parts of the world who are serviced by Kraken have different entities servicing them. Their ‘counterpart’ is almost always different. This is the same with Binance and most large platforms, which many see as the ‘same entity’, but in reality, they are not.

Let's use the example of American and Canadian customers serviced by Kraken. If you read the terms of service of the U.S. platform, you will see that assets are held by us for you.’ This basically means that Kraken is itself holding, safekeeping, and providing ‘custody’ of those assets for its customers. This is completely different from, say, NASDAQ or any traditional marketplace, which does not offer ‘custody’ of those assets. Why? Because (among other things) they are not regulated to do that.

Now, let's look at the position if you were a Canadian customer with your own separate relationship with ‘Kraken’ (in this case, a separate entity regulated in Canada). Here, the terms of service are quite different. Virtual assets held within your account are, ‘custodied assets and are held by us (Kraken) in trust for your benefit in a designated trust account at a Crypto Custodian or online in ‘hot’ wallets administered by us. Title to all Digital Assets you hold within your account remains with you at all times and does not transfer to us, except as provided herein.’ 

Quite different! If you scan further through the terms, you will see that a ‘Crypto Custodian’ is defined there as Anchorage Digital Bank, which is a federally chartered trust overseen by the Office of the Comptroller of the Currency, one of the U.S. federal banking regulators. Canadian securities regulators require all crypto exchanges to delegate at least 80% of customer crypto to a third-party custodian and require that the custodian is qualified to offer that service specifically. 

I think people should ask themselves whether they are even aware of who their counterpart is when they think they are dealing with a ‘regulated’ exchange and what exactly that means. Go in with your eyes open, and if you are willing to take that risk, then that should be your choice, but why would you want to do that when there are other alternatives available?

A stark contrast at Xapo Bank for exposure to Virtual Assets

Again, just to put this into stark contrast, under the Xapo terms, ‘Xapo does not obtain any legal or beneficial right, title or interest in your bitcoins that you store in your Xapo wallet.’ Under the Law and Regulation that applies to Xapo VASP, ‘Custodial assets and monies must be segregated from the [VASPs] own assets and monies.’ 

There are specific requirements around safeguarding and segregation that require customer assets to be ‘held separately,’ to be ‘clearly designated and easily identifiable,’ and to ‘not represent property of a [VASP] and to be protected from third-party creditors of a [VASP].’ 

Any custodian relationship would require us to obtain ‘formal acknowledgement that all virtual assets held by the custodian are held in trust and that the custodian is not entitled to combine the amounts with any others or to exercise any right of set-off or counterclaim against such assets in respect of any debt owed to the custodian by the [VASP].’ I’ll go beyond this to explain that Xapo VASP is also required to nominate one of its directors or senior management to be responsible for customer assets, which includes a separate governance requirement.

Xapo’s position is even more unique because even though we are not permitted to have any form of access to customer assets, we still pay 1% interest on up to 5BTC from our own assets, and at our own risk, with zero risk to the member. If you can find another VASP in the world that does this, please do feel free to write to me and let me know!

Summary around the lessons learnt and questions that users should ask themselves

There are lots of things that people who use exchanges to hold and custody their assets should consider:

  1. Is the exchange actually regulated to provide a ‘custody’ service? Just because a platform is regulated as an exchange, or a transactional platform, it does not mean that it is regulated to provide safe custody for your assets. 
  2. Who is your actual counterpart, from which part of the world, and what are the rules that apply to that platform? 
  3. Does the exchange that you are using to hold your assets have a proper management and governance framework in place? Who are you trusting as the pilot of your plane, and do they actually know how to fly it?

Are there alternatives that bridge the gap, allowing secure asset management in your bank account while interacting with the crypto space? Yes, there are. We function as a regulated custodian, providing a seamless link between your bank account and crypto exchanges, ensuring your transactions are secure and governed properly.

Share article
A woman's hand on the sea backgroundA woman's hand on the sea background

the bridge between
Bitcoin, US Dollars, and stablecoins