How does a crypto exchange work?
Crypto exchanges facilitate cryptocurrency trades between people or other entities, while taking a cut or fee for executing the trade. Any crypto you purchase can be moved off the exchange and stored in a crypto wallet.
Another way to purchase cryptocurrency is through a crypto brokerage. But here, you’re not trading actual digital coins, you’re trading contracts for the coins. This means you’re betting on the direction of a coin’s value. This can be useful for people making large, frequent trades, or when trading one coin for another.
On an exchange, you may need to make several trades to get your desired coins, while with a brokerage, you can typically trade directly for the digital coins you want, helping to avoid excessive fees. But you’re not buying coins, you’re buying contracts.
Is Bitcoin safe? It depends where you keep it. Brokerage contracts cannot be stored in your personal wallet — they stay on the brokerage. If you’re planning to hold crypto long-term, you’re better off purchasing the coins themselves.
Where to buy cryptocurrency
To start buying cryptocurrency, you need to find a crypto exchange site that allows you to trade your fiat currency (cash) into coins. Some exchanges only offer crypto-to-crypto trades, so you need to purchase your crypto at an exchange that lets you use your debit/credit card or a bank transfer.
In the US, Coinbase is the most popular exchange for purchasing crypto with cash. Elsewhere, the most popular crypto exchange is Binance. Both exchanges are easy to use and offer a variety of altcoins, which refer to any digital coin that’s not Bitcoin.
When paying cash, you’ll likely have to pick one of the major cryptocurrencies for your first trade: Bitcoin, Ethereum, or Tether. Then, you’ll have access to many more trading pairs to get to the coin you want.
You can exchange fiat currency for cryptocurrency at a crypto exchange.
Some of the best cryptocurrency exchanges
The top cryptocurrency exchanges each have their perks. Binance has a large number of altcoins available and reasonable fees; Coinbase has fewer coins and higher fees, but it’s built for beginners and offers educational guides. The “best” Bitcoin exchange depends on your needs.
We’ve selected a number of the best cryptocurrency exchanges, focusing on popular companies with strong data and investment protections, and listed here in alphabetical order.
Binance is the world’s most popular cryptocurrency exchange, offering reasonable fees, fiat-to-crypto purchases, and a long list of altcoins. Binance does not support US users, though they do have a sister site, Binance.us, for US residents.
Binance requires your personal data to create an account. Before trading, you’ll also need to upload a copy of your ID card, passport, or driver’s license.
Binance was hacked in 2019. The hacker (or hackers) used a number of methods, including phishing attacks to take 7,000+ Bitcoins. Binance was able to cover the damage with their own funds without affecting users.
Bittrex is a US-based cryptocurrency exchange serving US users, with an international branch for those outside the US. Bittrex is known for offering a huge list of altcoins on the site. Their fees for trading crypto-to-crypto are higher than the industry average, though their 3% deposit fees for credit cards are lower than some alternatives.
Bittrex requires the usual identity data for users to trade on the site. They offer 2FA (two-factor authentication) for an additional layer of protection, as well as email verification.
Bittrex has been the target of a “SIM swap” — where a hacker takes over a user’s phone to bypass 2FA — resulting in the theft of 100 bitcoin. This was not a hack of the site, but of a user’s phone. The resulting lawsuit focused more on Bittrex taking too long to respond to the threat, rather than an issue with the site security itself.
Bittrex employs multiple layers of protection to keep user investments safe. Like most exchanges, Bittrex also keeps the majority of their assets in cold storage (offline) to prevent theft.
Founded in the UK, Cex is a cryptocurrency exchange supporting many different countries and 48 US states. It offers both brokerage services and a trading platform. While Cex doesn’t offer as many coins as some exchanges, it does let you purchase crypto with fiat.
Cex is ranked as the third-most secure exchange by CryptoCompare. You’ll need to provide your personal details to use Cex.
Cex is one of the oldest cryptocurrency exchanges, offers data encryption and 2FA, and is considered a safe place to trade for crypto.
Coinbase is one of the best Bitcoin exchange sites for beginners in the USA and is the most popular cryptocurrency exchange in the country. On Coinbase, you can use either a brokerage, an exchange, or both: Coinbase.com is a brokerage, while Coinbase Wallet allows you to purchase crypto coins and transfer them to your wallet.
The Coinbase Pro service has lower fees but is geared toward more advanced traders.
You'll need to provide your personal identification information like your name, nationality, utility bill, and date of birth. You may also need to add financial information like your bank account or your card details.
Coinbase was hacked in 2021 when a threat actor managed to steal coins from 6,000 customers. The hackers first obtained email addresses, passwords, phone numbers associated with Coinbase accounts, and gained access to the email accounts — likely through spear phishing campaigns — and then used that info in combination with a vulnerability in Coinbase’s multi-factor authentication system. Coinbase reimbursed customers for their lost funds.
Coinmama is an Israeli cryptocurrency broker that allows you to use a credit card. Around since 2013, they tend to charge high fees of up to 5.9% when purchasing crypto with a card.
In 2019, Coinmama had a data breach, resulting in the theft of 450,000 emails and hashed passwords. They don’t store credit card data on the site, so user funds were not affected by the initial breach.
To create and verify a Coinmama account, you’ll need to provide your name, email, and the country you live in, as well as upload an identity document.
Coinmama’s 2019 hack did not affect the funds on the site, and the company has been operating successfully for over eight years in the crypto space. Coinmama is considered a safe exchange for your crypto investments.
Gemini is a very secure cryptocurrency exchange. As of this writing, they have never been successfully hacked. That said, the exchange also charges higher fees than many alternatives.
While Gemini requires you to submit your data to make a purchase (no anonymous buying here), they have a strong reputation as a security-first cryptocurrency exchange.
Gemini has a heavy focus on security and has never been successfully hacked, making it a safe cryptocurrency exchange to use.
Kraken is a popular cryptocurrency exchange based in the United States and was created as an alternative to another popular exchange that was believed to be insufficiently secure. Kraken offers numerous crypto pairings, as well as the option to purchase using fiat.
Kraken requires personal user data, but it is a security-focused exchange that encrypts all client data and watermarks all documents uploaded to the site to ensure they can’t be used elsewhere.
Kraken’s investment security measures are robust. They keep 95% of deposits in cold storage, require 2FA with an authenticator (Google or Yubikey), as well as an additional email confirmation for any withdrawals.
Poloniex supports a large number of altcoins in addition to Bitcoin and Ethereum, and allows you to buy cryptocurrency with a credit card. As of 2019, Polinex no longer supports US users.
Verification is optional with Poloniex, so you can trade crypto-to-crypto with just an email address. Of course, if you’re using a card to purchase cryptocurrency, you’ll still need to provide your card information.
Poloniex was hacked in 2014, losing 12.3% of their total Bitcoin supply. They couldn't cover the losses from the exchange’s funds, so instead took 12.3% of every user’s Bitcoin to avoid a mass withdrawal exodus, which was later reimbursed. The exchange was hacked again in December 2020 for about $4 million.
What to check before you trade
Before buying and selling cryptocurrency, you should understand the risks of using crypto exchanges, which exchanges can be hacked, and which exchanges experience bugs and crashes.
Mt. Gox was the place to trade crypto back in the early 2010s, but a number of security flaws and vulnerabilities led to hacks and delays in withdrawals, culminating in 2014 with the theft of roughly 850,000 bitcoins from the exchange and its users.
Here’s what to look for when figuring out where to buy cryptocurrency.:
What’s the reputation of the exchange you’re considering? Consult cryptocurrency exchange reviews to gain insights into whether or not an exchange has been hacked in the past or has ever been unreliable.
When finding an exchange to trust, you need to look into the security features involved. How is the exchange keeping your crypto safe? Exchanges that store the majority of their assets in offline cold storage are more protected against hacks and other issues.
Two factor authentication (2FA) ensures that your account is protected by more than just a strong password. Use an exchange that supports 2FA for increased security on your account.
Protect your phone from malicious activity with a privacy app for Android or a security app for iPhone. An independent phone security app is a great way to enhance your cybersecurity.
A multisignature, or multisig, wallet requires at least two private keys to initiate a transaction. A standard crypto wallet is protected by one private key, and multisig wallets add an additional, powerful layer of protection to assets kept in cold storage.
Some exchanges, such as Coinbase, let you set a 48-hour time-lock on any withdrawals from the account, giving you more time to discover any fraudulent transactions.
As a retail investor, one of the best ways you can protect your cryptocurrency assets is by keeping your devices safe from viruses and other malicious activity. Some malware can even directly steal your cryptocurrency — in September 2021, the BluStealer malware spread via email to steal Bitcoin, Ethereum, Monero, and other coins from various crypto wallets.
AVG Antivirus FREE automatically detects and blocks malicious emails, like the ones that spread the BluStealer crypto malware. Protect your devices against malware and keep your cryptocurrency safe.
Identity verification varies depending on the exchange you use. The majority of US/UK cryptocurrency exchanges will require a copy of your ID as well as your phone number and email, which will be used to confirm your transactions on the exchange.
Since you will likely be using your email for verification purposes, learn how to keep your email secure. Regardless of which cryptocurrency exchange you use, understanding and protecting your digital identity is crucial.
One simple way to protect your digital identity is to use a virtual private network (VPN) to encrypt your data. The benefits of using a VPN go beyond cryptocurrency, extending to greater overall cybersecurity, improvements in performance, and even unblocking websites and accessing restricted content.
A VPN encrypts your internet connection.
While the cryptocurrency exchanges requiring verification are typically safer, there’s still a risk that your private information could be exposed in the event of a data breach.
If you want to remain anonymous, there are exchanges that allow you to trade without identification — there are even Bitcoin ATMs that let you purchase Bitcoin with your card. But these anonymous methods generally come with much higher fees.
Most of the popular cryptocurrency exchanges that accept fiat will allow you to purchase Bitcoin with your debit or credit card, or by adding funds through a bank transfer. A number of exchanges also accept PayPal.
Purchasing cryptocurrency with a card or PayPal is much faster than a bank transfer, but it comes with higher fees.
Many exchanges use a third-party operator to process purchases with a card, adding both a fee and the need to give another company your private data for verification purposes. If you’re using a card, anonymity isn’t an option.
Restrictions, fees, and rates
Geographical restrictions are still evolving when it comes to cryptocurrency. US citizens can no longer use binance.com — the world’s most popular cryptocurrency exchange — but they can use its sister site, binance.us.
Coinbase is the US’s most popular exchange and a good option for beginners. But it also has high fees — the more user-friendly an exchange is, the higher the fees tend to be. Buying crypto with a debit or credit card carries a 3–6% fee. Buying Bitcoin from an ATM comes with an average fee of around 8%.
Fees are difficult to avoid in crypto. When you transfer crypto, you have to pay a withdrawal fee. When you trade crypto, you pay a trading fee. Fees usually hover around 0.1%, though some outliers like Coinbase charge as much as 1.5%. Some of the bigger exchanges have their own cryptocurrencies, which can be used to pay fees on that exchange at a discount.
Withdrawal fees vary depending on the cryptocurrency and the exchange, and are generally a flat fee rather than a percentage. While there can be wild fluctuations, withdrawals often cost in the range of $1 and $20.
Protect your devices to protect your cryptocurrency
Crypto exchanges in 2023 are more trustworthy than ever, but it’s still a good idea to use a trustworthy crypto wallet — many of which are free.
Protecting your computer or phone will further secure any coins you keep on an exchange or in a desktop/mobile crypto wallet. If your devices aren’t secure, your coins are at risk, regardless of which cryptocurrency exchange you use.
AVG Antivirus FREE keeps your computer and phone safe from viruses and hackers. Get hack alerts and anti-theft measures, and even increase the speed of your device by removing the malware that’s slowing you down.
Often a hacker will rely on social engineering tactics like phishing scams to steal crypto. AVG AntiVirus FREE stops those hackers in their tracks by blocking malicious emails and links to keep you safe from all sorts of online threats.