CRYPTO BUILD MARKET ⚒
Crypto exchanges are broken, here’s how to fix them
Assuming crypto isn’t actually going to zero (🍿) there will at some point — perhaps in the very distant future, be a next wave of adoption.
I have no idea when that might be or what the industry will look like by that time, but there are a few crypto value props I’d like to think will survive in some form, such as:
- NFTs
- Sending funds peer-to-peer
- In-game currency
- Earning yield in DeFi
When the next crop of n00bs come filing in from their various walks of life to buy their first crypto assets, their journey will likely begin on a centralized exchange.
And to them I say, good luck.
Hotel casinos
While exchanges are definitely ground zero for the tasks I mentioned above, they don’t cater to them at all.
Once you have your account set up (no easy feat), the exchange seems determined to trap you inside.
Sort of reminds me of hotel casinos.
Have you ever noticed that in order to get in and out of any hotel in Vegas, you must walk through the casino floor? Even the cheapest and dingiest ones have some slot machines in the lobby.
That’s basically what crypto exchanges are today. In order to enter the world of crypto, you first have to walk through the shit coin casino.
And just like the Vegas Strip, there are all kinds of opaque incentive structures at work behind the scenes that influence what you see. Or perhaps more importantly, what you don’t see.
Knowing what these incentives are helps you understand why things are the way they are, but it doesn’t make them any less shitty.
Exchanges embody some of the deepest problems with the crypto industry, and some of the biggest opportunities for improvement.
Let’s get into it.
Security and KYC
There is no sugar coating this, in terms of securing our data and ensuring it doesn’t end up in the wrong hands, exchanges have failed.
The fundamental problem is the KYC (know your customer) rules that every exchange has enacted to varying degrees of insanity.
In order to create an account, a new user may be required to submit any or all of the following: utility bills, social security number, bank statements, birth certificate (yes really), government issued ID and a facial recognition scan.
This goes far beyond what is required by conventional banking practices.
Ostensibly, it’s to keep criminals from anonymously using exchanges for money laundering.
In reality, that justification is tenuous at best.
Points of failure
Regardless where you stand on the privacy issue, we know this for sure: submitting to KYC exposes you to a number of attacks that you would never have had to worry about otherwise.
For example:
If your account gets hacked
If you did KYC, your account contains more than enough information for a thief to steal not just your funds, but your identity.
And depending on your net worth relative to how much you keep on the exchange, your KYC information may be worth far more than your funds.
Once a hacker gains access to your account, all that info is downloadable straight from the settings menu, usually under privacy. Some exchanges have one extra step to make a request for it, but it’s not a problem.
If the exchange gets hacked
Exchanges get hacked pretty frequently and customer data is an increasingly ripe target for attack.
Exchanges face immediate legal and reputational consequences for losing customer funds, so they will often go to great lengths to make sure customers are made whole financially.
Customer data however is a grey area. I have yet to see any business compensate customers directly for losing their data in a hack.
If the exchange shares your data
This one is by far the scariest because the possibilities for where your data can end up are infinite.
Exchanges can and do make your data available to analytics firms, other financial institutions and government agencies.
They may even outsource the entire KYC process to a third party. For example this one claims to house KYC data for over 1000 platforms. Unreal.
For Coinbase, the trove of customer data they collected over the years is so valuable that they’ve created an entire business line out of it.
Once these third parties have your data, you completely lose control over it and forfeit any right to recourse in the event it gets compromised.
And it very likely will be compromised, it’s only a matter of time.
Solution 💡
Exchanges need to reject the premise that KYC is a security measure.
At best, submitting to KYC vastly increases the surface area for users to get hacked and have their identities stolen.
At worst, it’s a tool for mass financial surveillance and exchanges are handing this info over to three letter agencies to use in all kinds of ways that customers would never agree to if they knew about it or had a choice.
Exchanges claim they must gather all this information in order to be compliant, but that’s simply not true. The rules are subject to interpretation and can be interpreted differently.
For example, Kraken lets customers skip KYC so long as their account stays under certain dollar thresholds.
Other crypto apps, like BitPay let users defer KYC until they need to send or receive funds to/ from an external wallet.
There are lots of ways to slice it, many of which allow the vast majority of customers to get by without KYC.
If exchanges held security as a core value, they would reign in their legal teams and push back against agencies that want to collect their customer data.
They would simply point to the stats on government agency data breaches and say to regulators: Sorry, your systems are not secure enough.
Customer data is most secure when it never gets collected at all.
User Experience
I should start by acknowledging that crypto exchanges have come a long way in terms of user experience. Remember troll boxes? Ah the good ole days.
Today, they look a bit more like Bloomberg terminals.
Crypto exchanges use centralized orderbooks which afford maximum capital efficiency. Many offer leverage trading and their margining and liquidation systems work just as well as the ones you find on the most popular traditional finance platforms.
For traders, the experience couldn’t be better.
This is not a coincidence.
Exchanges make the vast majority of their revenue from trading fees and for that reason, the product areas they focus on most are around trading, fiat onramps, and adding more tokens to the platform for people to trade.
It’s understandable, but nonetheless off putting to those not interested in the shit coin casino (most people).
Here are a few things exchanges could do for them:
- Explain the different types of cryptocurrencies.
- Equip people with a basic understanding of security and explain how to safely transfer their assets to a non-custodial wallet.
- Set expectations for the experience outside the exchange with regard to transaction confirmations and gas fees.
Incorporating Web3
As I mentioned, one of the product areas exchanges have focused on the most is fiat onramps. It is super easy to move your fiat currency from a traditional bank account onto an exchange and vice versa.
It’s much less easy however, to move coins from your crypto wallet onto an exchange.
Exchanges are for the most part completely segregated from Web3.
So here’s some low hanging fruit 🍎
Allow users to connect with Metamask and move funds on and off the exchange with their wallet.
This is a fairly new thing that Metamask recently enabled through their API.
Some benefits to users:
- No more copy/ pasting wallet addresses
- Instead, the user initiates a “pull” from within the exchange UI, which they then sign/ approve in Metamask
- This reduces vulnerability to malware that can manipulate the clipboard and misdirect funds
- And reduces the chance of lost funds from accidentally sending between mismatched networks (Metamask automatically selects the correct chain for the transfer)
Benefits to the exchange:
- It introduce customers to the concept of the exchange as a DeFi platform with a persistent connection to their wallet
- They learn what proportion of their customers have wallets and are exploring Web3
- It opens the door for them to consider offering opportunities for self-custodied funds, such as staking in DeFi or even managed vault strategies that are unique to the exchange
You’re welcome, exchanges.
Offramps
Once your funds are on the exchange and you’ve purchased some crypto, moving those funds off the exchange to a crypto wallet can be difficult.
At the risk of extending the hotel casino metaphor too far, the send/ withdraw flow on the exchange is like a clock. Nowhere to be found.
If you find it, you then encounter all kinds of arbitrary barriers to moving your funds.
For example:
- Strict daily, weekly or monthly withdraw limits
- Withdraw batching, where the exchange processes all withdraws only once every 24 hours
- Or my favorite, whitelisting your send address, which takes some hilarious period of time (Coinbase just increased theirs from 24 to 48 hours, “for your security”)
These kinds of capital controls are the antithesis of crypto and do not instill confidence in the customer that their funds are safe.
Solution 💡
Make exchanges more like dApps.
Allowing users to connecting their Metamask so they can easily and securely send/ receive is a great start.
Yes, there are pieces of the platform that need to be centralized in order to be performant at scale, such as the orderbook and market making.
But there are so many other pieces that should be evolving more in the direction of Web3, rather than in the direction of traditional finance.
But maybe it’s too late.
Maybe what we need is a new breed of semi centralized exchange with crypto values in their soul that will only make the compromises that are absolutely necessary for performance and scale.
There are a few out there that have been experimenting with different approaches and have had some success, for example:
God speed to these teams.
We need competing platforms that can provide a viable alternative to the major exchanges and start siphoning off their customers. Because unfortunately, I don’t think the major exchanges are going address these issues on their own accord.
The incentives just aren’t there.
–––––
Thanks for reading until the end. I work in crypto and think about it non-stop. You can find me on Twitter @danajwright_
