Centralized Exchange Security Report - Dec. 2025

In the cryptocurrency industry, security has always been essential for exchanges to win user trust and maintain their market position. As the crypto asset market grows rapidly, exchanges are not only trading platforms but also custodians of user assets. Their security measures directly determine the safety of funds and the industry's reputation. The collapse of FTX in 2022 served as a major warning, exposing deficiencies in transparency and asset management, and pushing exchanges to accelerate the improvement of their security infrastructures. From Proof of Reserves (PoR) to insurance funds, as well as risk prevention and post-incident response mechanisms, security has become a key factor in users' choice of trading platforms. However, exchanges differ significantly in their actual security practices, making objective comparative analysis necessary.

This report provides a comprehensive evaluation of the security performance of four globally recognized cryptocurrency exchanges—Binance, OKX, Bybit, and Bitget (based on data available up to December 26, 2025). These platforms are considered Tier-1 benchmarks due to their market influence, user base, and technical capabilities.

This analysis focuses on several core dimensions related to exchange security: foundational security—the implementation of PoR, execution of audits and transparency, the size and function of insurance funds; risk prevention—wallet management and security measures; and post-incident response—incident handling and crisis management. To ensure objectivity and practicality, we draw upon public disclosures from each exchange as well as industry developments and third-party data, including PoR frequency, technical approaches, asset coverage, and reserve adequacy. At the same time, we examine audit frequency, transparency, and the specific structures of insurance funds. For wallet management and risk prevention, we emphasize technical features and their real-world impact. For post-incident response, we focus on real security cases to illustrate each exchange's response and crisis management capabilities. Our goal is to provide users and industry professionals with a practical reference and to contribute to the advancement of security standards across the sector.

Foundational Security: PoR and Insurance Funds

PoR Implementation Comparison

In a cryptocurrency exchange's security system, Proof of Reserves (PoR) is one of the core indicators for evaluating platform asset security and transparency. PoR uses technical means to demonstrate that an exchange's assets are sufficient to cover all user deposits, thus enhancing trust. This section compares Binance, OKX, Bybit, and Bitget across four aspects: PoR report frequency, technical methodology, asset coverage, and reserve adequacy.

PoR Report Frequency

PoR report frequency refers to how often an exchange publishes reserve reports under its PoR mechanism—typically monthly, quarterly, or irregularly. This frequency reflects the exchange's commitment to transparency and user trust. More frequent reports provide timely updates on asset status and strengthen confidence in the exchange's solvency, while longer intervals may reduce real-time visibility and weaken user perception of fund safety.

Technical Methodologies and Independent Verifiability

Different PoR implementation technologies directly affect credibility and privacy protection. Merkle trees, a hash-based tree data structure used to efficiently verify data integrity and consistency, are widely adopted as a foundational tool. Zero-knowledge proof schemes such as zk-SNARKs and zk-STARKs further improve verification security and user privacy by allowing proof of correctness without revealing underlying data. By examining these technical paths, we can understand how each exchange balances transparency, privacy, and computational efficiency to provide trustworthy asset proofs.

PoR Asset Coverage

PoR asset coverage refers to the total number of crypto asset types that are publicly disclosed and verified under an exchange's PoR framework. This indicator reflects the exchange's commitment to transparency regarding its custodial assets. The more asset types it covers, the wider the scope of verifiable reserves for users, thereby strengthening confidence in the platform's asset management and security capabilities. This data helps compare the level of transparency and support for different types of crypto assets across exchanges.

Reserve Adequacy for Major Assets (BTC, ETH, USDT, USDC)

In PoR reports, reserve adequacy describes the extent to which reserves of major assets such as BTC, ETH, USDT, and USDC can fully cover user deposits. This is typically expressed as a percentage: 100% indicates full matching between reserves and user deposits, while more than 100% indicates over-collateralization, reflecting stronger solvency and risk resistance. These figures provide insight into how well each exchange safeguards user assets and form an important basis for assessing transparency and financial soundness.

Reserve Quantities for Major Assets (BTC, ETH, USDT, USDC)

This section shows the quantities of major assets (BTC, ETH, USDT, USDC) disclosed in PoR reports by major exchanges. Larger reserve scales generally imply stronger asset backing and a higher degree of protection for user funds. These figures also help assess liquidity and the ability to cope with market volatility.

Transparency of User-Specific Asset Verifiability

In each exchange's PoR system, the verifiability of individual user assets further reflects transparency—especially whether users can verify their own specific balances. "Anyone can verify 1:1 backing of assets" is crucial to PoR transparency in the context of cryptocurrency exchanges. Whether corresponding verification tools or channels are open-source also implies a higher degree of transparency and authenticity. Through these mappings of user data to PoR structures, we can evaluate how each exchange protects and discloses user asset information.

Insurance Funds

Unlike PoR, an insurance fund is a capital pool set up by a cryptocurrency exchange, typically held in crypto or stablecoins, and is used to protect user assets or maintain platform operations during specific risk events. It is a tangible financial reserve, similar in concept to an insurance mechanism. Its purpose is to mitigate unexpected losses such as security incidents, abnormal market volatility, or operational problems. In the event of a loss, the fund is directly deployed to compensate users or cover deficits. The following summarizes the publicly available insurance fund information for each exchange:

• Binance

Binance's insurance fund exists in the form of the Secure Asset Fund for Users (SAFU). According to Binance Academy, SAFU is an emergency insurance fund established in July 2018 to protect user funds from security incidents. The fund is sourced from 10% of trading fees. As of April 2024, SAFU wallets contained about $1 billion in USDC (verified by address). According to Binance Support, Binance has committed to continuously monitoring the scale of SAFU to ensure that it remains sufficient to protect user interests. The fund is intended for user compensation in cases such as hacks or security breaches.

• OKX

OKX's Insurance Fund aims to protect users from platform risk. The funding comes from platform revenues and specific risk-related fees, and its purpose is to hedge crypto-related security risks. To date, the exact size of the fund has not been publicly disclosed. According to OKX's recent statement, during an extreme market event in 2022, the OKX insurance fund provided immediate compensation to traders whose margin balances were affected by rapid liquidations, preventing user losses.

• Bybit

Bybit's user fund protection primarily relies on preventive security technologies and its own emergency response funds, rather than an independently managed user compensation reserve fund with publicly reported details like SAFU. In the event of a security incident, user compensation relies on the platform's overall financial strength and real-time response capabilities, without the backing of a pre-allocated, publicly reported protection fund. During the major hacking incident on February 21, 2025, Bybit actively sought external support and secured bridge loans from partners to address temporary liquidity challenges and ensure continuity during the crisis.

• Bitget

Bitget’s insurance fund operates in the form of a Protection Fund. According to a Bitget Protection Fund Valuation Report, the Protection Fund was launched in 2022 with an initial value of $300 million, and by Dec 2025 its average size had reached 6500 BTC (verified by multiple addresses). The fund is sourced from company-committed reserves and intended to protect users during abnormal market events.

In summary, Binance and Bitget are comparatively more transparent in terms of the size and purpose of their insurance funds, using them to respond to security incidents and platform-related issues. OKX's asset risk reserve exists but its scale remains undisclosed. For Bybit, there is no clearly disclosed separate fund for general user protection, suggesting reliance on other security mechanisms.

Risk Prevention: Wallet Management and Security Measures

In the security framework of cryptocurrency exchanges, risk prevention is the first line of defense in safeguarding user assets, with wallet management and related security measures playing a crucial role. Wallet management primarily involves cold wallet storage and hot wallet security. By allocating assets appropriately and implementing technical safeguards, exchanges can effectively reduce the risks posed by cyberattacks and internal threats. This section analyzes the cold and hot wallet practices of Binance, OKX, Bybit, and Bitget, and explores their concrete implementations in asset protection.

Cold Wallet Storage: Offline Assets

Cold wallets are storage systems disconnected from the internet, effectively protecting against cyberattacks, and are typically used to store the majority of user assets. Cryptocurrency exchanges generally hold more than 90% of their assets in cold wallets, leaving only a small portion in hot wallets for daily liquidity needs. Below are the cold wallet practices of each exchange:

• Binance

Binance stores the vast majority of user assets in cold wallets. According to Binance Security, Binance's cold wallets use multisignature technology and Hardware Security Modules (HSMs) to protect offline assets. While the exact proportion of cold-stored assets is not publicly disclosed, the exchange emphasizes that only a small portion of funds is kept online for daily operations, in line with industry norms. Cold wallet addresses are disclosed via PoR reports, allowing users to verify asset security. In addition, Binance adopts geographically distributed storage to reduce the impact of natural disasters or localized risks.

• OKX

OKX stores more than 95% of its assets in cold wallets. OKX Wallet Security explicitly states that its cold wallets rely on multisignature, HSMs and offline geographically distributed storage. Cold wallet addresses are regularly disclosed in PoR reports, enabling users to verify asset security.

• Bybit

According to Bybit Security, Bybit stores the majority of its assets in cold wallets, which use multisignature technology and offline storage. The exchange states that 100% of user assets are protected through its combined cold and hot wallet systems, though it does not specify the exact proportion allocated to cold wallets. Bybit cooperates with security auditor Hacken to conduct security audits, including verification of cold wallet PoR, though specific cold wallet technical details are not fully disclosed.

• Bitget

Bitget states in its Safety Commitment that the vast majority of its assets are stored in cold wallets using multisignature, geographic distribution and HSMs, highlighting cold storage as the main method for defending against network threats. As with Binance, specific proportions are not fully disclosed, but cold wallet addresses are published in PoR reports for user verification.

All four exchanges use multisignature technology as the core security mechanism in cold wallet storage, a scheme requiring multiple keys to sign a transaction. Binance, OKX and Bitget explicitly adopt HSM-based architectures, whereas Bybit emphasizes "offline storage" without specifying HSM usage, possibly employing other offline techniques such as air-gapped machines or paper wallets. Together, these cold wallet security measures form each exchange's primary defense against cyberattacks, providing the foundational protection for user assets.

Hot Wallet Security: Online Asset Protection

Hot wallets are connected to the internet and are used to support users' daily trading and withdrawals. Due to their online nature, they are more vulnerable to attacks and are thus a key focus in risk prevention. Hot wallet security relies on real-time monitoring, encryption, and minimal-exposure strategies to ensure the safety of online assets. Below are the hot wallet security practices of each exchange:

• Binance

According to Binance Security and the Binance Support Center, Binance stores only a small portion of assets in hot wallets for daily trading and withdrawals, under strict security protocols. Hot wallets employ real-time monitoring, advanced encryption technologies such as AES-256, and dynamic asset allocation, minimizing both the exposure time and scale of online assets. In addition, access to hot wallets is protected by multi-factor authentication (MFA), and a 24/7 security team continuously monitors systems.

• OKX

According to OKX Wallet Security, OKX's hot wallets are used to meet daily transactional needs and account for less than 10% of assets. Hot wallets are protected by real-time monitoring, multisignature mechanisms, and end-to-end encryption. They also employ MFA and are integrated with risk control systems, such as abnormal transaction detection, to reduce attack risk. Notably, their most innovative mechanism is the Semi-Offline Multi-Signature System: a custom protocol that places the signing process in a semi-offline environment (where the signature server only briefly connects to the network when necessary). Those measures significantly reduce the risk of online attacks while supporting efficient daily transactions.

Besides, OKX launches a bug bounty program that encourages white-hat hackers to report security vulnerabilities, further strengthening hot wallet security.

• Bybit

Bybit's hot wallet security measures are described in its Help Center. According to Bybit Security, hot wallets are used for instant withdrawals and trading, and are protected with multisignature, real-time monitoring, and dynamic asset management, holding only the liquidity necessary for operations. Encryption technologies protect online assets, and risk control systems detect suspicious activities. Bybit also launches a bug bounty program and conducts regular security assessments, maintaining a dedicated security team responsible for continuous monitoring and security upgrades.

• Bitget

Bitget's hot wallet security practices are described in its safety commitment documentation. According to Bitget's Security Commitment, its hot wallets account for a very small proportion of total assets and are used only for daily operations. They are protected through real-time monitoring and risk control systems, and access is secured by MFA and advanced encryption technologies. Specifically, Bitget utilizes HSM under FIPS 140-2 verification to generate private keys to deliver better protection. Exposure of online assets is minimized to reduce vulnerability to attacks.

Binance, OKX, Bybit, and Bitget all use real-time monitoring, encryption, and risk control systems to protect hot wallet assets. Access control and periodic audits are common practices among them, and each exchange provides additional protective measures for hot wallets to ensure comprehensive security for user assets.

Security in the Trading Process

When security incidents occur, attackers often exploit exchange vulnerabilities to conduct unauthorized fund transfers, money laundering, or fraudulent trades, causing financial losses and compliance risks. To mitigate these threats, exchanges must not only strengthen wallet management but also implement real-time monitoring and risk alerts along the transactional flow.

KYT (Know Your Transaction) is a real-time transaction monitoring mechanism used to identify and prevent money laundering, fraud, and other illegal activities. Through blockchain analytics, transaction pattern recognition, and risk scoring, exchanges can detect suspicious transactions and take preventive action, thus reducing compliance and security risks. As an integral part of AML (Anti-Money Laundering) and CFT/ATF (Counter-Terrorist Financing/Anti-Terrorist Financing) frameworks, KYT has become an industry standard for ensuring transparency and safety of crypto trading platforms.

Below is a summary of KYT implementation among exchanges:

The primary goal of KYT is to detect abnormal transactions (such as sudden transfers to blacklisted addresses), indirectly helping to identify security threats in crypto asset flows. Among those exchanges, Binance's KYT implementation is the most transparent and was regulated by the U.S. Financial Crimes Enforcement Network (FinCEN). Followed by Binance, Bitget has also implemented similar KYT measures.

Trading surveillance exists at OKX and Bybit internally as well, though not publicly detailed—possibly due to security strategy considerations. The presence of KYT provides users with varying degrees of legal and indirect security protection.

Overall Assessment

The cryptocurrency exchange landscape has undergone a fundamental paradigm shift. In the post-FTX era, security and transparency have shifted from primarily internal operational concerns to highly visible, user-facing commitments that increasingly influence reputation, regulatory scrutiny, and user choice. This comparative analysis of Binance, OKX, Bitget, and Bybit reveals an industry moving rapidly toward "Trustless Transparency"—where users no longer need to take an exchange's word for it, but can verify solvency and security via the blockchain.

In the past few years, major exchanges have faced diverse risk events and have generally demonstrated strong response capabilities. Despite the occurrence of extreme events, exchanges have ensured that user funds have not suffered unrecoverable losses by implementing sound fund management practices, swift crisis responses. Meanwhile, exchanges have continued to enhance their reserves and technical defenses to ensure stable platform operation. Rapid response, robust asset protection, and continuous security upgrades have become the core competitive factors for exchanges to maintain market trust.