Centralized Exchange (CEX)

What is a Centralized Exchange (CEX)?

A CEX (centralized exchange) is a cryptocurrency trading platform run by a private company that holds your funds on your behalf while you buy, sell, and trade digital assets. Binance, Coinbase, and Kraken are the most widely used examples. When you deposit crypto into a CEX, you’re trusting that company to keep it safe and honor your withdrawal requests.

CEXs handle the majority of global crypto trading volume and are typically the first place new users encounter crypto, offering fiat on-ramps (the ability to buy crypto with regular currency), simple interfaces, and customer support.

How It Works

Signing up for a CEX works much like opening a brokerage account. You register, complete identity verification, deposit funds, and trade through the platform’s internal system. The CEX maintains an order book, matching buyers and sellers to execute trades.

The key thing to understand is that your crypto on a CEX is not truly in your possession. The exchange holds the private keys. You basically hold an IOU, a balance shown on a screen that the exchange promises to honor. This is described as custodial ownership, and the phrase “not your keys, not your coins” exists precisely because of this arrangement.

This structure makes CEXs convenient but also creates concentrated risk. If the exchange is hacked, mismanaged, or collapses, your funds can disappear. The FTX collapse in 2022 wiped out an estimated $8 billion in customer funds when the exchange filed for bankruptcy, leaving hundreds of thousands of users unable to withdraw their assets. Other notable CEX collapses and hacks include Mt. Gox in 2014. 

Despite this, CEXs offer real advantages: faster trades, fiat currency support, insurance programs in some jurisdictions, and a more familiar user experience for those new to crypto.

However, in 2025 a new breed of perpetual decentralized exchanges like Hyperliquid and Aster rose to prominence, offering a near CEX-like experience onchain.

How to Reduce Risk

• Treat a CEX as a place to trade, not a place to store long-term holdings. Withdraw crypto you’re not actively trading to a wallet where you control the private keys.

• Use strong, unique passwords and enable two-factor authentication on every exchange account.

• Research the exchange’s history, regulatory standing, and proof-of-reserves disclosures before depositing significant funds.

• Be alert to phishing sites that mimic exchange login pages.

• Kerberus detects and blocks fake exchange sites before you enter your credentials.

Real-World Cases

In July 2025, CoinDCX, one of India’s largest centralized exchanges, lost $44.3 million in approximately five minutes after an attacker compromised a server and drained the exchange’s hot wallet across multiple transactions, as detailed in Halborn’s breakdown of the CoinDCX hack. The breach was not publicly disclosed for seventeen hours, a delay that drew significant criticism and highlighted how custodial risk extends beyond the theft itself to the exchange’s crisis response.

FAQ

Q: What is a centralized exchange (CEX)?

A: A CEX (Centralized Exchange) is a cryptocurrency trading platform run by a private company that holds your funds on your behalf. Binance, Coinbase, and Kraken are the most widely used examples. Unlike decentralized exchanges, the CEX controls your private keys, meaning your balance is a promise from the company rather than direct on-chain ownership.

Q: How does a centralized exchange work?

A: You register, complete identity verification, deposit funds, and trade through the platform’s internal system. The CEX matches buyers and sellers using an order book and executes trades on your behalf. Because the exchange holds your private keys, your balance reflects what the company owes you, not direct ownership of assets on the blockchain.

Q: How can users protect their funds on a centralized exchange?

A: Here are 3 ways:

• Withdraw crypto you’re not actively trading to a self-custody wallet where you hold the private keys.

• Enable two-factor authentication and use a unique password on every account. Be alert to phishing sites impersonating exchange login pages.

• Kerberus Sentinel3 detects and blocks fake exchange sites before you enter credentials or connect your wallet.