Exchange Safety

Which Crypto Exchange Should a Beginner Pick? 5 Criteria

2026-05-29 · 链上迷雾

Five criteria, laid out up front:

  1. Jurisdiction and licensing — where is it registered, who regulates it, does it hold any public licenses.
  2. Proof of Reserves (POR) — does it publish reserves regularly, can users verify their own balances are covered.
  3. Supported assets and fiat rails — does it list the coins you want, are the deposit/withdrawal channels available in your region, are withdrawals reliable.
  4. Security and 2FA — is the account security stack complete, is two-factor auth enforced, are there withdrawal cooldowns and address whitelists.
  5. Customer service and incident history — has it had incidents? How did it handle them? This one is the easiest to ignore and often the most accurate signal.

Each one expanded below. Then a “bonus” criterion most beginners miss.

Five stone tablets in a ring on sand, each carved with a different abstract symbol

1. Jurisdiction and licensing: where it lives, who watches it

“Regulated” is a vague word in crypto, but unpack it into concrete questions:

  • Registration: which country or jurisdiction does the operating entity sit in? Is it an offshore shell with no financial supervision, or does it hold full financial licenses?
  • Service availability: is your residence in its served-region list? Many exchanges geofence in jurisdictions that have tightened rules. Bypassing this with VPNs or foreign IDs leaves you with no recourse later.
  • Public licenses: does it hold payment, custody, or exchange licenses in major jurisdictions? Licenses don’t guarantee safety, but no licenses at all means it has made no commitments to any regulator.

Compliance is not safety (FTX was registered somewhere too), but a complete lack of it usually means that if something goes wrong, your legal options are extremely limited. As a beginner, give up convenience on a few coins before parking on a platform whose pitch is “we hold no licenses, but we have the lowest fees.”

2. Proof of Reserves: are your coins actually there

POR is a concept that has spread among exchanges only in the last few years. It means the exchange periodically discloses its on-chain assets in a publicly verifiable way, alongside its user liabilities (what it owes to users), to demonstrate “assets held ≥ liabilities owed.”

When reading POR, look for three things:

  • Frequency: quarterly, monthly, or only a one-off “emergency reveal” around bad news.
  • Coverage: only the major coins, or essentially all user balances.
  • Independent verifiability: does it publish a Merkle tree or equivalent so each user can confirm their balance is in the snapshot.

Why this matters: it maps directly onto the kind of disaster from Mt. Gox and FTXusers assumed the coins were there; the exchange had already moved them. POR doesn’t make this impossible, but an exchange that never publishes POR has chosen not to answer the single most important question.

3. Assets and fiat rails: can you actually do the trade

Beginners are often impressed by long coin lists, but what matters is not “how many coins” — it’s “the specific coins you plan to trade” and how smoothly money moves in and out.

What How to judge
Spot vs derivatives Beginners stay in spot; skip leverage/futures for now, see the real risks of crypto leverage
Fiat rails Can you deposit/withdraw via bank in your region, or does it require a third-party detour?
Crypto withdrawals Reliable? Frequent “maintenance” or “suspensions”? Does it support the chains you use?
Bank withdrawals Does the platform freeze large withdrawals? Any history of settlement delays?

The most useful test isn’t reading a feature list — it’s running a complete small-amount loop: deposit a little, buy a little, withdraw to your own wallet, sell some back, cash out to your bank. If the loop works end to end, that tells you more than any marketing copy.

A small steel safe slightly open showing stacked colorful tokens

4. Security and 2FA: is the default strong enough

For security, don’t read what it says about itself. Read what protections are on by default and how strict you are allowed to be.

  • Mandatory 2FA on login and withdrawal: hardware key > authenticator app > SMS. SMS 2FA has been proven vulnerable to SIM-swap attacks many times.
  • Withdrawal whitelist: can you restrict withdrawals to addresses you have pre-registered.
  • Cooldown on new addresses: when you add a new withdrawal address, is there a 24-hour or 48-hour delay.
  • Device/IP anomaly: does it force re-verification on new devices.
  • Granular API permissions: can API keys be scoped to “read-only / trade only / no withdrawal.”

This translates to every login and every withdrawal you ever do. If a platform doesn’t even enforce basic 2FA, it is betting your convenience against the chance you don’t get phished. That bet has no upside for you.

5. Customer service and incident history: how it talks when it breaks

This one is easiest to skip and says the most about the platform. Every exchange has had outages: downtime, delayed withdrawals, overwhelmed support. The question is not whether incidents happen, it is how the platform communicates when they do.

A few things to check:

  • Past incidents: search “platform name + downtime / withdrawals frozen / outage” for the last 1–3 years.
  • Communication style: did it post a notice immediately, or stay silent first? Was there a detailed post-mortem after?
  • Reimbursement history: when hacks or system failures caused user losses, did the platform cover them or push them onto users?
  • Public faces: is leadership identifiable or anonymous? Are there interviews and AMAs on record?

The reason this works as a filter: on the day something actually breaks, what you need is a counterparty that communicates. A platform that defaults to silence and blame-shifting in calm times will almost certainly do the same when it matters.

One more: have you tried it yourself

After running through the five criteria, there is one bonus that most beginners skip — have you personally walked through a small-amount round-trip.

Don’t treat it as a paper exercise; actually do it:

  1. Deposit the smallest amount your bank will let you, and confirm it shows up.
  2. Buy a small position in the most basic asset (say $50 of bitcoin).
  3. Withdraw to your own wallet, noting arrival time, fees, and whether the chain felt smooth.
  4. Sell some back into the platform and cash out to your bank, noting whether any manual review or extra documentation was triggered.

A complete loop will teach you more about the platform than ten reviews would, and even if you later scale up the amounts, every step’s uncertainty is already absorbed in advance. This shares its spirit with making your first crypto purchase safely — small first, always. Treated as an entry test, the money it saves usually dwarfs any fee comparison.

This article is informational, not investment advice. Choose a platform based on your own jurisdiction and risk tolerance.

This article is for education only and is not financial advice. Crypto is volatile and risky — only ever risk what you can afford to lose.

Latest

Industry Events

BTC ETFs Bled for 10 Straight Days, $2.97B Out — What It Means for Ordinary Users

Through June 4, US spot Bitcoin ETFs posted ten consecutive sessions of net outflows totaling about $2.97B — one of the longest negative streaks since launch. This piece breaks down what the number says and, just as important, what it does not.

Mindset & FOMO

AI Is Siphoning Crypto Money — Should You Chase the Rotation?

Early June showed a clear flow: money rotating from crypto into AI. Nvidia at a new high, BTC and ETH softer. "Is crypto past its prime" surfaced again. This piece does not pick a winner. It answers how mindset should behave during sector siphon.

Mindset & FOMO

ETH Slipped Below 2,000 — How Should the Believers Recalibrate?

ETH crossed below the 2,000 psychological line in early June while on-chain activity softened. For self-described "ETH believers," this is a subtler mindset test than the 2022 bear: not one obvious red candle but a slow grind lower.

Mindset & FOMO

BTC Broke Below 67k — Should You Buy the Dip? A June Mindset Check

BTC sliced through 67k in early June and briefly tested 61k intraday. The dip-buying itch is back. This piece does not call the next candle. It asks one question: at this level, what rules should your mindset follow before you click buy.

Mindset & FOMO

US–Iran Tension Escalating — How Should a Crypto Portfolio React?

Early June saw a fresh US–Iran flare-up — oil spiked, risk assets weakened, BTC and ETH dropped together. Headlines change every half day; positions cannot. Here is how a crypto portfolio should behave under geopolitical shocks.

Asset Security

After a Drainer Empties Your Wallet, Is There Any Path to Recovery?

Once you discover a drainer has emptied your wallet, what you can do in the next hour is limited, but the order matters. This post lays out the recovery paths along a timeline: on-chain tracing, platform freeze requests, formal reporting, mixer realities, and longer-term recovery.