How to Verify If Your Exchange Is Safe: A Complete 2026 Checklist

Publication Date: March 15, 2026

---

Why This Matters More Than Ever

The crypto exchange landscape has never been more complex. Between regulatory crackdowns, asset freeze incidents, and outright exchange collapses, the question of which exchanges deserve your trust has become one of the most consequential financial decisions you can make.

The good news: there is a structured, systematic way to evaluate any exchange before you deposit a single dollar. This checklist gives you the tools to do that evaluation yourself.

---

Step 1: Verify the License (The Most Important Step)

What to look for: A genuine regulatory license — not just a "registration."

There is an important distinction many exchanges deliberately blur:

• A registration (like an MSB registration with FINTRAC in Canada, or a VASP registration with AUSTRAC in Australia) typically requires minimal financial requirements and limited ongoing oversight.
• A license (like an FCA authorization in the UK, a MiCA authorization in the EU, or a BitLicense in New York) requires significant capital requirements, ongoing audits, client asset segregation, and regular regulatory examinations.

How to check:

• Visit the exchange's website and look for their regulatory information (usually in the footer or "About Us / Legal" section)
• Cross-reference with the official regulatory database in their claimed jurisdiction
• FCA register: register.fca.org.uk
• EU MiCA: national competent authority registers in any EU member state
• NYDFS: dfs.ny.gov
• AUSTRAC: austrac.gov.au

Red flag: If an exchange claims to be "registered with" rather than "licensed by" a financial authority, and especially if that authority is in an offshore jurisdiction (Cayman Islands, Seychelles, BVI), apply heavy skepticism.

---

Step 2: Check the Proof-of-Reserves

What this means: Proof-of-reserves (PoR) is a cryptographic attestation that an exchange actually holds the customer funds it claims to hold, in a 1:1 ratio.

Since the collapse of FTX — which was found to have been using customer funds for proprietary trading — proof-of-reserves has become a critical trust signal.

How to check:

• Search "[exchange name] proof of reserves" on their website and Google
• Reputable third-party auditors of PoR include Mazars, Hacken, and others
• The PoR should include both assets held AND liabilities (customer balances owed) — some exchanges publish asset data without liabilities, which is meaningless

Red flag: An exchange that refuses to publish proof-of-reserves, or that publishes only partial data without liabilities.

---

Step 3: Research Withdrawal History

What to look for: A consistent, reliable history of users successfully completing withdrawals.

How to check:

• Reddit: Search "[exchange name] withdrawal" in r/CryptoCurrency and the exchange-specific subreddit
• Trustpilot: Filter by negative reviews and look specifically for withdrawal complaints
• Google: "[exchange name] withdrawal issue" and "[exchange name] account frozen"
• Our database: CryptoRatingHub tracks withdrawal complaint patterns

What's concerning: Reports of KYC requests appearing after a user attempts withdrawal (especially large amounts), accounts entering "review" status without defined timelines, or support becoming unresponsive to withdrawal requests.

---

Step 4: Verify Corporate and Ownership Transparency

What to look for: Clear disclosure of who operates the exchange, where it's headquartered, and what the corporate structure is.

How to check:

• Look for "About Us," "Company," or "Legal" pages on the exchange website
• Search the exchange name in company registration databases for their claimed jurisdiction
• Look for named leadership (CEO, CTO, compliance officers) who you can independently verify

Red flag: Exchanges where ownership is hidden behind offshore holding companies, where leadership is anonymous or cannot be independently verified, or where the physical address leads to a virtual office or P.O. box.

---

Step 5: Check Security History

What to look for: A history (or lack thereof) of significant security breaches, and how the exchange responded to any incidents that did occur.

How to check:

• Wikipedia's list of cryptocurrency exchange hacks
• Search "[exchange name] hack" or "[exchange name] breach"
• If a hack occurred, research how the exchange responded: did they reimburse users? How long did it take?

Context matters: An exchange that was hacked in 2014 but has not had an incident since, and that fully reimbursed users and transparently disclosed the breach, is very different from an exchange that has had multiple recent incidents.

---

Step 6: Test Customer Support

What to look for: Responsive, knowledgeable, and human customer support.

How to test:

• Submit a non-urgent support ticket and track response time and quality
• Look for a phone number (not just email/chat) — very few exchanges provide one, but those that do are generally more accountable
• Check if there's a community manager responding to complaints on social media and Reddit

Red flag: Support that is entirely automated, tickets that go days or weeks without response, or phone lines that go to voicemail without a call back.

---

Step 7: Assess Fee Transparency

What to look for: Clear, complete, and honest disclosure of all fees.

How to check:

• Review the fee schedule on the exchange website
• Look for hidden fees: deposit fees, withdrawal fees (both crypto and fiat), spread on instant-buy products
• Calculate the all-in cost of a representative trade on this exchange vs. competitors

Red flag: Fees that are buried, change without notice, or are significantly higher than disclosed when you attempt an actual transaction.

---

The CryptoRatingHub Quick Score

If you don't have time to run through all seven steps, use this quick scoring guide:

| Criterion | Green | Yellow | Red | |-----------|-------|--------|-----| | License Type | Full financial license (MiCA, FCA, etc.) | Basic VASP registration | No license or offshore-only | | Proof of Reserves | Published monthly with liabilities | Published but incomplete | Not published | | Withdrawal Reviews | Mostly positive | Mixed | Significant freeze complaints | | Corporate Transparency | Named leadership, clear HQ | Partial disclosure | Anonymous/offshore only | | Security History | No major incidents | Resolved past incident | Recent or unresolved incident | | Support Quality | Phone + email, fast response | Email only, moderate response | Automated only, slow response |

If you see two or more "red" columns, we strongly recommend not using this exchange for significant holdings.

---

The BTCC Canada Cautionary Tale

As a concrete example of what failure across multiple criteria looks like, consider the BTCC Canada Limited situation:

• License: MSB registration only (FINTRAC Canada); no full financial license in any major regulated jurisdiction ❌
• Proof of Reserves: Never published ❌
• Withdrawal Reviews: Overwhelming pattern of freeze complaints in 2025–2026 ❌
• Corporate Transparency: Minimal; limited public information about current operations ❌
• Security History: No published security audits ❌
• Support: Users report support becoming non-responsive ❌

The result: an active police investigation in Lithuania, hundreds of reported frozen accounts, and a 2.1/10 CRITICAL rating from CryptoRatingHub. Read the full investigation.

---

Conclusion

Taking 30–60 minutes to verify an exchange using this checklist before making a significant deposit is one of the best investments of time you can make in crypto. The difference between a properly verified, regulated exchange and an unverified one can be the difference between a secure investment and funds frozen with no recourse.

Stay safe, do your research, and always prioritize custody of your own assets for anything beyond active trading needs.

---

CryptoRatingHub Editorial Team · March 15, 2026