During the last five years, hackers have stolen around $5 billion in cryptocurrency from centralized exchanges despite the security assurances these platforms often market to users. The 2025 Bybit hack, in which roughly $1.5 billion in digital assets was stolen, only reinforced how fragile centralized exchange security can be.
This is not just a story about increasingly sophisticated attackers. Human error, phishing, poor wallet design, weak verification practices, and inadequate insurance coverage all play a role. This article reviews the major vulnerabilities in centralized exchanges, the operational failures behind them, and the regulatory themes that are likely to shape exchange security going forward.
Hot Wallet Exposure and Custodial Design Flaws
Centralized exchanges often rely on hot wallets to support fast trading and withdrawals. A hot wallet is connected to the internet, which makes the user experience faster but increases the risk of compromise. This design creates a classic single point of failure.
Three common hot wallet exposure points are:
- Desktop wallets: Connected directly to exchange infrastructure and exposed to malware or server breaches.
- Mobile wallets: Convenient, but vulnerable to phone theft, malware, and compromise of the underlying device.
- Web wallets: Persistently online and therefore often the highest-risk custody surface.
Perhaps the greatest risk is that centralized exchanges control users' private keys. As the industry saying goes, not your keys, not your coins. Centralized custody means compromising one critical control point can expose the entire system.
Wallet Tracking and Monitoring Gaps
Many exchanges still lack meaningful real-time wallet tracking. Some platforms conduct only limited screening, and others do not offer sophisticated transaction monitoring at all. Effective monitoring requires automatic screening, cross-chain forensics, and timely visibility across the broader transaction environment. Manual review simply does not keep pace with the speed of modern attacks.
Multi-Signature Wallet Misconfigurations
Multi-signature wallets are often marketed as the answer to custodial security, but poor implementation can defeat the point. Requiring multiple signers reduces single points of failure, but if the signers cannot verify what they are approving, the control becomes fragile.
Case Study: WazirX 2024
The July 2024 WazirX hack showed how a seemingly robust multisig setup can still fail. WazirX used a four-of-six signature requirement, with three signatures from WazirX and one from its custody provider, Liminal. Attackers reportedly obtained approvals from WazirX signers who believed they were authorizing legitimate transactions. Liminal then signed, allowing the transfer to proceed.
The core problem was blind signing. The hardware devices did not clearly display the full transaction details, including token and destination information. Attackers exploited that weakness and reportedly stole roughly $230 million in assets.
Whitelisting Failures
Whitelisting is supposed to require pre-approval of destination addresses, yet both the WazirX incident and later exchange compromises showed that whitelisting controls can be defeated or implemented in ways that give management and users false confidence. If transaction details are not independently verified, whitelisting becomes a checkbox rather than a meaningful control.
Insider Threats and Privileged Access
Human factors remain one of the most serious risks in exchange security. Internal personnel with privileged access can become a threat vector through coercion, bribery, negligence, or credential compromise. SIM-swap attacks against employees are a well-known example. Once an attacker hijacks an employee's phone number, they may be able to intercept calls and SMS-based authentication codes and gain administrative access.
Common insider-risk scenarios include:
- Privilege escalation to administrative roles
- Front-running nonpublic listing information
- Intentional exfiltration of wallet keys
- Manipulation of transaction data
Role-based access control should be a baseline requirement. Employees should have only the permissions they need, and high-risk functions should be segregated.
Proof of Reserves Is Not the Whole Answer
Proof-of-reserves audits emerged after exchange failures such as FTX, but they often show only assets and not liabilities. An exchange may demonstrate control over significant crypto holdings while still concealing obligations that dwarf those assets. Proof of reserves can also be gamed when it captures only a moment in time.
Exchanges frequently rely on a single outside auditor, publish only partial summaries, or provide little detail about audit methodology. In that sense, proof of reserves is helpful but incomplete. It does not replace governance, internal controls, or sustained operational security.
How Exchange Security Should Be Evaluated
A credible security review should combine technical auditing and forensic analysis. The OWASP framework remains useful for identifying common failures, especially around cryptographic controls, security misconfiguration, and authentication. On-chain forensic tools are equally important for tracing suspicious flows, mixer-first funding patterns, bridge activity, and other signs of compromise.
Major platform updates should be accompanied by independent review. When exchanges ship infrastructure changes without meaningful audit coverage, they create new windows for exploitation.
Conclusion
The crypto industry still lacks a consistent security standard for centralized exchanges. Questions around wallet segregation, cold storage thresholds, auditing rigor, and liability transparency remain unresolved. Until those standards mature, users should be cautious, perform due diligence on exchange controls, and avoid over-concentrating assets on any single platform.
If your company needs help assessing exchange compliance, custody risk, or controls around digital asset operations, contact us.