Fast answer
A crypto exchange security checklist reviews platform reserves, custody disclosures, account MFA, withdrawal allowlists, API keys, status pages, alerts, and support routes.
Before scaling balance or automation, review proof of reserves, custody disclosures, account MFA, passkeys, withdrawal allowlists, API permissions, login alerts, trusted devices, support route, and incident response plan.
Strong personal account settings cannot fully offset weak platform transparency, and platform claims cannot replace account controls.
Security checklist
What to include in exchange security review.
Platform evidence
Save proof-of-reserves, custody disclosures, fee pages, status pages, and official support routes.
Account controls
Use strong MFA or passkeys, device review, login alerts, and secure recovery email.
Movement controls
Use withdrawal allowlists, test transfers, address labels, and network-status checks.
Automation controls
Use least-privilege API keys, IP restrictions, rotation, and revoke proof.
Source context
Coinbase highlights 2-step verification and withdrawal controls, while Binance publishes deposit and withdrawal status by asset and network.
CSR combines platform and user-side controls because exchange risk is shared between the venue and the trader's settings.
Review standard
A reviewable security checklist shows both platform evidence and trader settings.
For CSR evidence review, security checklist records should include exchange, reserves page, status page, custody disclosure, MFA method, passkey status, withdrawal allowlist, API inventory, alerts, support route, and last review date.