How to Tell if a Crypto Exchange Is Legit — a 5-Minute Checklist (2026)

Before you deposit a single coin, you can separate a real exchange from a trap in about five minutes. This is the honest checklist: the three checks anyone can do (regulator registry, proof of reserves, the withdrawal test), the red flags that mean walk away now, and the FTX lesson on why “big and famous” isn’t “safe.” As of June 2026.

Updated June 2026 · Nakta

Quick answer

You can check if a crypto exchange is legit in about five minutes, with three checks — before depositing a cent. No special knowledge needed.
Check 1 — registry: find the exchange in your country’s official regulator list yourself (on the regulator’s site, not a badge on the exchange’s page). If it’s not listed, you have no local protection — treat it with far more caution.
Check 2 — proof of reserves: a legit exchange publishes a reserve ratio over 100% plus a third-party audit you can actually open. No PoR, no audit, no way to verify = the answer is no.
Check 3 — the withdrawal test: deposit a little, then take it back out. The one signal that can’t be faked. No legit exchange ever asks you to “pay a fee to unlock” your own withdrawal — that’s always a scam.
Instant walk-away red flags: “guaranteed” returns, you can’t withdraw, they contacted you first (DM / “signals” group), all-perfect identical reviews, pressure to deposit now.
The golden rule: even a legit exchange isn’t a bank — remember FTX. Keep only trading-size balances on any exchange and move long-term holdings to your own wallet. Not investment advice.

What this guide covers
1. The 5-minute method: three checks before you deposit
2. Check 1: is it in your regulator’s registry?
3. Check 2: proof of reserves and audits
4. Check 3: the withdrawal test (the one that can’t be faked)
5. Red flags that mean walk away now
6. Even legit isn’t a bank: the FTX lesson
7. The 5-minute checklist
8. Where to start, and the bottom line

Is this crypto exchange legit? A 5-minute checklist comparing green flags (registered with your regulator, public proof of reserves over 100% plus a third-party audit, withdrawals that work when tested, clear fees and real KYC) against red flags (guaranteed daily returns, you cannot withdraw or must pay a fee to unlock, no regulator or proof of reserves, they DM you first, identical 5-star reviews) — the real test is to check the regulator’s registry and send one small withdrawal — The 5-minute check in one picture: green flags vs red flags, and the one test that can’t be faked — try a small withdrawal.

1. The 5-minute method: three checks before you deposit

Every crypto disaster — from outright fake exchanges to the collapse of giants like FTX — has the same lesson buried in it: people deposited money somewhere they hadn’t actually checked. The good news is that separating a legit exchange from a trap doesn’t take research skills or insider knowledge. It takes about five minutes and three checks, and you can do all three before you deposit a single coin.

Here’s the whole method in one breath: (1) confirm the exchange is registered with your country’s financial regulator by finding it in the official registry — not by trusting a badge on its own homepage; (2) look for public proof of reserves and a real third-party audit; and (3) run the one test that can’t be faked — take some money out. The rest of this guide is just those three checks in detail, plus the red flags that mean you can skip them and walk away immediately.

The mindset that keeps you safe: an exchange is guilty until proven innocent. It’s holding your money, so the burden is on it to prove it’s trustworthy — with a regulator listing, public reserves and working withdrawals. “Everyone uses it” and “it has a slick app” are not proof.

2. Check 1: is it in your regulator’s registry?

Check 1 — is it registered with a regulator? Almost every country now keeps an official list of crypto businesses that are licensed or registered to operate there, and the single most important habit is to look the exchange up in that list yourself, on the regulator’s own website. A trust badge or “licensed and regulated” line on the exchange’s site means nothing on its own — anyone can write that. The registry is the source of truth.

What you’re confirming is simple: that a real legal entity, with a license number and a named regulator, is actually permitted to offer crypto services where you live. While you’re there, it’s worth noting the scope of that license (some cover custody, some only certain activities) and any country restrictions. If the exchange isn’t in your regulator’s registry at all, that doesn’t always mean “scam” — but it does mean you’re on your own if anything goes wrong, with no local protection, so treat it with much more caution and never with money you can’t afford to lose.

The trap to avoid: a fake exchange will happily display official-looking logos, a fake “license number,” and even a cloned registry page. Always navigate to the regulator’s website yourself and search there — don’t click a link the exchange gives you.

3. Check 2: proof of reserves and audits

Check 2 — proof of reserves and audits. After the FTX collapse, the industry standard became proof of reserves (PoR): a cryptographic way for an exchange to show it actually holds enough assets to cover everyone’s deposits. A healthy exchange publishes its reserve ratio and you want to see it at over 100% — meaning it holds at least as much as it owes you, ideally more (over-collateralised).

But PoR on its own can be gamed, so look for two more things: a third-party audit (an outside firm verifying the numbers, not just the exchange’s own dashboard), and user-level verification — a tool that lets you confirm your own balance is included in the reserves. The strongest platforms also hold recognised security certifications (like SOC 2 or ISO 27001). You don’t need to understand the cryptography; you just need to be able to open the page and see real, recent numbers. If an exchange has no PoR page, no audit and no way to verify, that absence is itself the answer.

Plain-English version: proof of reserves is the exchange showing its receipts. A legit one shows them openly and keeps them current. One that dodges the question, or shows a number with no auditor’s name attached, hasn’t passed this check.

4. Check 3: the withdrawal test (the one that can’t be faked)

Check 3 — the withdrawal test, the one that can’t be faked. Every other signal can be dressed up; this one can’t. Deposit a small amount, buy a little, then withdraw it back out. A legit exchange lets you take your money out smoothly and reasonably quickly. A fraudulent one is happy to take deposits all day and then invents reasons you can’t withdraw.

That second pattern is the heart of almost every exchange scam: the money goes in fine, but when you try to take it out you’re told you must “pay a fee/tax to unlock it,” or “upgrade your account,” or “wait for verification” that never ends. No legitimate exchange ever asks you to pay a fee to release your own withdrawal. The moment you hear that, you’re not dealing with a slow platform — you’re dealing with a thief, and paying the “fee” only marks you as someone who will pay again.

Do this before you’re all-in: run the small-withdrawal test while you’ve only got a tiny amount on the platform. It’s the cheapest insurance in crypto — a few dollars and ten minutes to prove the exit works before you ever put in a sum that would hurt to lose.

5. Red flags that mean walk away now

Sometimes you don’t need the five-minute check, because a single red flag already tells you to leave. Any one of these is enough on its own:

Red flag	Why it’s fatal
“Guaranteed” or fixed daily returns	No one can promise returns; this is the signature of a Ponzi, not an exchange.
You can’t withdraw — or must pay to unlock	The classic exit scam. A real exchange never charges a fee to release your funds.
They contacted you first	A DM, a “mentor,” a romance, or being added to a “signals”/VIP group — that’s the funnel, not an opportunity.
No regulator, no PoR, no audit	Nothing verifiable means nothing to trust. Absence of proof is the proof.
Reviews all perfect and identical	Real platforms have mixed reviews; a wall of 5-star copy-paste is manufactured.
Pressure to deposit now	“Bonus ends today,” “last spots” — urgency exists to stop you checking.

The most dangerous version in 2026: the fake exchange you were introduced to — through a dating app, a WhatsApp/Telegram “investment group,” or a friendly stranger showing screenshots of profits. The platform looks real, the early small withdrawal even works to build trust, and then the big one won’t. Learn the patterns in the crypto scams guide.

6. Even legit isn’t a bank: the FTX lesson

Even a genuinely legit exchange is not a bank, and FTX is the lesson nobody should forget: it was huge, famous, sponsor-of-stadiums big — and customer money still vanished, because deposits weren’t actually backed the way people assumed. The takeaway isn’t “trust no one,” it’s “verify, and don’t leave more on any exchange than you need to.”

So once you’ve found an exchange that passes the three checks, follow the golden rule: keep only trading-size balances on it, and move anything you’re holding for the long term into a wallet you control, where no exchange failure can touch it. “Not your keys, not your coins” isn’t paranoia; it’s the one habit that would have protected every FTX customer. A legit exchange is a great place to buy and trade — just not the place to store a life-changing amount.

Layer your defence: a registered exchange + app-based 2FA + a withdrawal whitelist + long-term holdings in self-custody. Each layer is simple; together they make you a very hard target.

7. The 5-minute checklist

Here’s the whole thing as a checklist you can run in five minutes, in order:

Step	What you’re confirming
1. Find it in your regulator’s official registry	A real licensed entity, not a badge on its own site
2. Open its proof-of-reserves + audit page	Reserve ratio over 100%, verified by an outside firm
3. Send one small withdrawal	The exit actually works — the test that can’t be faked
4. Scan for a single red flag	Guaranteed returns, pay-to-unlock, they DM’d you → stop
5. Keep only trading-size funds there	Long-term holdings go to self-custody, FTX-proof

The throughline: you’re not judging how slick the app looks — you’re checking three things you can actually verify (registry, reserves, withdrawal) and refusing to ignore a red flag. Do that and you’ll skip the disasters that catch everyone else.

8. Where to start, and the bottom line

You should always run these checks yourself, with your own regulator — but it helps to start from platforms with a long track record, public reserves and working withdrawals. These are the exchanges we keep dashboard-verified sign-up guides for; entering a referral code at sign-up applies fee perks:

Binance

Binance signup QR — scan to open Binance (Cryptonakta referral) Claim your perk →

Code: CRYPTONAKTA

Installing the app directly? Enter CRYPTONAKTA in the “Referral” field at sign-up — that’s how your benefit (and our credit) attaches.

Long track record · public proof of reserves · deep liquidity · 10% off fees with CRYPTONAKTA

Bybit

Bybit signup QR — scan to open Bybit (Cryptonakta referral) Claim your perk →

Code: 5ZGKX#0

Installing the app directly? Enter 5ZGKX#0 in the “Referral” field at sign-up — that’s how your benefit (and our credit) attaches.

Established, transparent withdrawals · proof-of-reserves page

OKX

OKX signup QR — scan to open OKX (Cryptonakta referral) Claim your perk →

Code: 46938989

Installing the app directly? Enter 46938989 in the “Referral” field at sign-up — that’s how your benefit (and our credit) attaches.

Proof of reserves + built-in Web3 wallet for self-custody

Gate.io

Gate.io signup QR — scan to open Gate.io (Cryptonakta referral) Claim your perk →

Code: VFIWUQTAUQ

Installing the app directly? Enter VFIWUQTAUQ in the “Referral” field at sign-up — that’s how your benefit (and our credit) attaches.

Long-running · proof of reserves · lifetime 10% fee discount

KuCoin

KuCoin signup QR — scan to open KuCoin (Cryptonakta referral) Claim your perk →

Code: CXEM4JP5

Installing the app directly? Enter CXEM4JP5 in the “Referral” field at sign-up — that’s how your benefit (and our credit) attaches.

Established platform · lifetime 5% fee discount

Affiliate disclosure: some links are partner links. We may earn a commission at no extra cost to you. This is not investment advice.

Bottom line: a logo on our list is a starting point, not a substitute for your own check — always confirm with your regulator, because availability and licensing differ by country. Then keep only trading-size balances on any exchange, move long-term holdings to self-custody, learn the fraud playbooks in the crypto scams guide, compare platforms in the best exchanges guide, and if you’re new, start with the beginner’s guide or how to buy Bitcoin.

Frequently asked questions

Q. How do I check if a crypto exchange is legit?

Run three checks, all doable in about five minutes before you deposit: (1) find the exchange in your country’s official regulator registry yourself, on the regulator’s website — not a badge on the exchange’s own page; (2) open its proof-of-reserves and third-party audit page and confirm a reserve ratio over 100%; and (3) deposit a small amount and withdraw it back out to prove the exit works. If any check fails, or you spot a red flag like guaranteed returns or being asked to pay a fee to unlock a withdrawal, walk away.

Q. What are the biggest red flags of a scam exchange?

Any one of these is enough to leave: “guaranteed” or fixed daily returns; not being able to withdraw, or being told to “pay a fee/tax to unlock” your funds; the platform or a “mentor” contacting you first (a DM, a romance, a WhatsApp/Telegram “signals” group); no regulator, no proof of reserves and no audit; reviews that are all perfect and identical; and pressure to deposit right now before a “bonus ends.” Legit exchanges never charge a fee to release your own withdrawal.

Q. Is a big, famous exchange automatically safe?

No — FTX was one of the largest and most famous exchanges in the world, sponsored stadiums, and still collapsed with customer funds, because deposits weren’t actually backed the way people assumed. Size and marketing are not proof. That’s exactly why proof of reserves and the withdrawal test matter, and why you should keep only trading-size balances on any exchange and move long-term holdings to a wallet you control.

Q. What is proof of reserves, in simple terms?

It’s an exchange showing its receipts — cryptographic evidence that it actually holds enough assets to cover everyone’s deposits. You want to see a reserve ratio over 100% (it holds at least as much as it owes), ideally verified by a third-party auditor and with a tool to confirm your own balance is included. You don’t need to understand the math; you just need to be able to open the page and see real, recent numbers. No page, no auditor’s name, no verification = it hasn’t passed.

Q. An exchange I found isn’t listed by any regulator — is it a scam?

Not necessarily, but it means you have no local legal protection if something goes wrong, so the bar for trusting it is much higher. Lean harder on the other checks — proof of reserves, third-party audits, a long public track record, and especially the withdrawal test — and never keep more there than you can afford to lose. If it also shows any red flag (guaranteed returns, pay-to-unlock, they contacted you first), treat the missing registration as confirmation and walk away.

Q. Where can I look up whether an exchange is registered?

On your own country’s financial regulator or financial-intelligence-unit website, which publishes the official list of registered or licensed crypto businesses. Always navigate there yourself and search — don’t click a link the exchange provides, since scam sites clone registry pages. The exact regulator differs by country, but the principle is universal: trust the official registry, not the exchange’s own claim.

Q. How do I sign up for Binance, step by step?

1) Register with your email or phone on the official Binance site or app. 2) Complete identity verification (KYC). 3) Enable app-based 2FA for security. 4) Enter referral code CRYPTONAKTA in the referral field at sign-up to get an ongoing 10% discount on spot trading fees. Where direct fiat deposit is limited, buy a coin or stablecoin on a local exchange and transfer it in, or use P2P.

Q. How do I sign up for Bybit, step by step?

1) Register with your email or phone on the official Bybit site or app. 2) Complete identity verification (KYC). 3) Enable app-based 2FA for security. 4) Enter referral code 5ZGKX#0 in the referral field at sign-up to get a sign-up fee benefit. Where direct fiat deposit is limited, buy a coin or stablecoin on a local exchange and transfer it in, or use P2P.

This page is for information and education only and is not investment, financial or legal advice, and is not an endorsement of any specific platform. Registration, licensing, proof-of-reserves practices and protections differ by country and change over time — always verify an exchange with your own financial regulator before depositing, and confirm the current status yourself. Crypto is volatile and you can lose money; no checklist removes all risk. Never share your password, 2FA codes or seed phrase, never pay a fee to “unlock” a withdrawal, keep only trading-size balances on an exchange, and move long-term holdings to self-custody. Some links are partner links: using them costs you nothing extra and never changes what we recommend.

Compare exchanges with proof of reserves and a track record →