What Centralized Exchanges (CEXs) Actually Do
A centralized exchange is a company that provides an account-based platform where you can convert between fiat (like USD/EUR) and crypto, and trade crypto pairs (like BTC/USDT). It helps by combining three functions in one place: custody, order matching, and fiat on/off-ramps.
1) Custody (holding assets on your behalf)
When you deposit crypto to an exchange, you are typically sending it to an address controlled by the exchange. Your balance becomes an internal ledger entry. This is convenient for trading, but it means the exchange is the custodian while funds are on-platform.
2) Matching orders (running the marketplace)
Exchanges maintain an order book: a list of buy orders (bids) and sell orders (asks). Their matching engine pairs compatible orders and records trades. Price is determined by the best available offers in the book at the time your order executes.
3) Fiat deposits and withdrawals (on/off-ramps)
Exchanges connect to banking rails (card payments, bank transfers, local payment methods). This is how you move money in and out of crypto without needing another intermediary.
What the Exchange Handles vs. What You Still Own as Responsibilities
| Exchange typically handles | You are still responsible for |
|---|---|
| Safeguarding platform wallets and internal accounting | Securing your account (password, 2FA, device hygiene) |
| Operating the matching engine and trade settlement | Choosing correct order type and understanding fees/slippage |
| Providing deposit/withdrawal interfaces | Sending to correct network/address and verifying details |
| Compliance processes (KYC/AML) and reporting tools | Keeping your identity info accurate and responding to verification requests |
The biggest avoidable mistakes happen on the user side: compromised accounts, wrong network withdrawals, and rushing large transfers without test transactions.
Continue in our app.
You can listen to the audiobook with the screen off, receive a free certificate for this course, and also have access to 5,000 other free online courses.
Or continue reading below...
Download the app
Account Setup: A Safety-First Checklist
Step 1: Create the account with strong credentials
- Use a unique, long password (a password manager is ideal).
- Use an email address that is itself protected with strong 2FA and a unique password.
- Record backup codes for your 2FA method and store them offline.
Step 2: Complete identity verification (KYC) carefully
Most reputable exchanges require identity checks to enable fiat deposits/withdrawals and higher limits. During KYC:
- Ensure your legal name and address match your documents.
- Use a private, secure network (avoid public Wi‑Fi).
- Watch for lookalike sites; type the exchange URL manually or use a verified bookmark.
Step 3: Lock down device and browser security
- Update your operating system and browser before setting up the account.
- Enable full-disk encryption on your device if available.
- Avoid installing random browser extensions; they are a common theft vector.
- Consider a dedicated browser profile (or even a dedicated device) for financial accounts.
Step 4: Enable strong 2FA (avoid SMS if possible)
Prefer app-based authenticator 2FA or hardware security keys where supported. SMS-based 2FA is better than nothing, but it is more vulnerable to SIM swap and carrier account compromise.
Step 5: Turn on anti-phishing protections
Many exchanges offer an anti-phishing code: a custom phrase that appears in legitimate emails from the exchange. If an email lacks your code, treat it as suspicious.
- Set a unique anti-phishing code that is not used anywhere else.
- Do not click email links to log in; navigate via your bookmark.
Step 6: Use withdrawal address whitelists (if available)
Address whitelisting restricts withdrawals to pre-approved addresses only, often with a time delay for changes. This can stop an attacker from instantly withdrawing to their own address even if they get into your account.
- Add your personal wallet address(es) to the whitelist.
- Enable any “cooldown” or “lock period” for new addresses.
- Label each whitelisted address clearly (e.g.,
My BTC cold wallet,My USDC wallet).
Step 7: Reduce account attack surface
- Disable API keys unless you truly need them; if you do, restrict permissions (no withdrawals) and whitelist IPs.
- Review active sessions/devices and revoke anything unfamiliar.
- Set withdrawal confirmations and alerts (email/app notifications) for logins and withdrawals.
Order Basics That Prevent Expensive Mistakes
Market orders vs. limit orders
Market order: buys or sells immediately at the best available prices in the order book. You control speed, not price.
Limit order: you set the maximum price you’ll pay (buy) or minimum price you’ll accept (sell). You control price, not speed.
How slippage happens (and why it surprises beginners)
Slippage is the difference between the price you expect and the average price you actually get. It happens when your order consumes multiple price levels in the order book.
Example: You place a market buy for 2 ETH. If only 0.5 ETH is available at the best ask, the rest fills at higher asks. Your final average price is higher than the top-of-book price you saw.
- Slippage is more likely with low-liquidity pairs, volatile moments, and large market orders.
- Using limit orders reduces slippage risk because you cap the worst price you’ll accept.
How fees are applied (what to check before you trade)
Fees usually show up in three places: trading fees, withdrawal fees, and network fees.
Trading fees: maker vs. taker
- Taker fee: you remove liquidity by filling an existing order (common with market orders and aggressive limit orders that execute immediately).
- Maker fee: you add liquidity by placing a limit order that sits on the book waiting to be filled.
Some exchanges offer lower maker fees than taker fees. If you’re not in a rush, a limit order that rests can reduce costs.
Withdrawal fees vs. network fees
- Withdrawal fee (exchange fee): what the exchange charges to process a withdrawal. It may be fixed per withdrawal.
- Network fee: the blockchain transaction fee. Sometimes the exchange includes this in the withdrawal fee; sometimes it is shown separately.
Practical implication: withdrawing small amounts repeatedly can be expensive if the exchange charges a fixed withdrawal fee. Plan fewer, larger withdrawals once you are confident in your process.
Hidden cost to watch: spread
The spread is the gap between best bid and best ask. Even with low stated fees, a wide spread can make trading more expensive. This is especially relevant on illiquid pairs and “instant buy” interfaces that bundle spread into the quoted price.
Structured Practice Flow: A Safe First Trade and Withdrawal
This practice flow is designed to minimize irreversible mistakes. The goal is to validate each step with small amounts before scaling up.
Phase 1: Make a small test fiat deposit
Choose your deposit method (bank transfer is often cheaper than card, but slower). Confirm any deposit fees and processing times.
Deposit a small amount you can afford to “waste” as tuition if something goes wrong (for example, the equivalent of $20–$50).
Confirm the deposit is credited and that you can access the trading interface (some exchanges restrict trading until KYC is fully approved).
Phase 2: Buy a small amount using a limit order
Select a liquid trading pair (typically a major asset against a major quote currency). Liquidity reduces spread and slippage.
Check the order book and recent trades to see the current bid/ask and typical trade sizes.
Place a limit buy slightly below the current ask if you are not in a hurry. This may make you a maker (depending on whether it executes immediately).
Verify the filled amount and average price in your trade history. Confirm the trading fee charged and how it was calculated.
Optional practice: place a small limit sell above the current price (do not do this with your entire balance). The point is to learn how open orders behave and how to cancel them.
Phase 3: Withdraw to your personal wallet with a test transaction first
Withdrawals are where most irreversible errors happen. The two biggest risks are (1) sending to the wrong address and (2) choosing the wrong network.
Prepare the receiving address in your wallet for the exact asset you are withdrawing. Copy it carefully.
Verify the network on both sides (exchange withdrawal network and wallet receiving network must match). If the exchange offers multiple networks for the same ticker, do not guess.
Add the address to your whitelist (if available) and wait out any security delay for new addresses.
Send a small test withdrawal (for example, 5–10% of what you eventually plan to withdraw). Confirm the withdrawal fee shown before you approve.
Track the transaction using the transaction ID (TXID) if provided. Confirm it arrives in your wallet and is spendable/confirmed as expected.
Only then withdraw the remaining amount to the same verified address and network.
Common withdrawal failure modes (and how to avoid them)
- Wrong network selection: the address may look valid but belongs to a different chain. Always match network names exactly and confirm your wallet supports that network.
- Memo/Tag missing: some assets require a memo/tag for deposits to exchanges. When withdrawing to a personal wallet, memos are usually not needed, but when depositing to an exchange later, they often are. Read the deposit instructions every time.
- Copy/paste malware: verify the first and last characters of the address after pasting, and ideally confirm via a second channel (e.g., QR scan from your wallet).
Choosing an Exchange: Safety Signals That Matter
Regulatory posture and operational transparency
- Clear jurisdiction and licensing: the exchange should state where it operates and what regulatory registrations it holds (where applicable).
- Transparent terms: custody terms, who controls assets, and what happens during outages or maintenance should be clearly documented.
- Separation of products: be cautious if the platform pushes complex products by default (high leverage, opaque yield programs) when your goal is simple buying and withdrawing.
Proof-of-reserves (PoR) disclosures
Some exchanges publish proof-of-reserves to show they hold assets corresponding to customer balances. Treat PoR as a positive signal, but not a guarantee.
- Prefer PoR that includes: clear methodology, frequent updates, and third-party attestations.
- Look for disclosures about liabilities as well as assets; reserves without liabilities can be incomplete.
Security history and incident response
- Past incidents: research whether the exchange has had hacks or major outages, and how they handled customer losses.
- Security features: support for strong 2FA, withdrawal whitelists, device management, and login/withdrawal alerts.
- Bug bounty and audits: public security programs and audits are positive signals of mature security practices.
Transparent fee schedules (and how to compare them)
Before committing, find the exchange’s fee pages and verify:
- Trading fees: maker/taker rates, and whether fees change with volume or holding a platform token.
- Deposit/withdrawal fees: fiat deposit fees, crypto withdrawal fees, and minimum withdrawal amounts.
- Spread/quote quality: compare the displayed price to a widely referenced market price during normal conditions.
A practical comparison method is to estimate the total cost of a round trip: deposit fiat → buy asset → withdraw asset. Write it down as a simple checklist so you can compare exchanges on the same workflow rather than on marketing claims.
