Crypto Market

How Crypto Exchanges Work: CEX vs DEX (and Where Scams Hide)

Almost every crypto scam touches an exchange at some point — and which kind of exchange it is changes everything. Here is how centralized and decentralized exchanges actually work, why one is a scam magnet and the other is where recovery happens.

3 min read
Table of Contents

"The exchange" sounds like one thing, but there are two very different kinds, and the difference matters enormously if you have been scammed. One has a company, an address, and identity checks — it is where stolen funds can sometimes be frozen. The other has no gatekeeper at all, which is exactly why so many scam tokens are born there. Understanding the split helps you see where your money went and where a real chance of recovery lies.

The two kinds of exchange

Centralized (CEX)

a company holds your funds

Decentralized (DEX)

you trade from your own wallet

Two models: a custodial company vs. permissionless code.

A centralized exchange (CEX) — Coinbase, Binance, Kraken — is a company. You deposit money, it holds your crypto for you (custody), and it matches buyers and sellers. To open an account you pass identity checks (KYC). It behaves like an online broker.

A decentralized exchange (DEX) — Uniswap, Raydium, and launchpads like pump.fun — is not a company at all. It is code (smart contracts) that lets people swap tokens directly from their own wallets. No account, no ID, no gatekeeper. Anyone can create and list a token in minutes.

Why the difference decides where scams happen

That "anyone can list a token in minutes, with no ID" is the whole story. It makes DEXs the birthplace of most token-based fraud:

Centralized (CEX)Decentralized (DEX)
Who holds your fundsThe exchangeYou (self-custody)
Identity checks (KYC)YesNone
Listing a tokenVetted, slowAnyone, instant
Common risksAccount phishing, fake "support"Rug pulls, honeypots, malicious approvals
Can funds be frozen?Sometimes, with a legal requestNo — no one is in control

On a DEX, there is no company to vet a project, so rug pulls and pump-and-dumps, honeypot tokens, and malicious token approvals run rampant. On a CEX, the danger is different: attackers phish your login or pose as "support" to drain your account.

A DEX gives you total control — and total responsibility.

Because you trade from your own wallet on a DEX, a single malicious signature can drain it. There is no support desk and no reversal. Guard your wallet the way our guide to seed phrase phishing and wallet drainers describes.

Why the CEX is where recovery happens

Here is the part that matters most after a theft. Funds moving between private wallets and DEXs can be laundered endlessly, and no one can stop them. But to turn crypto into spendable cash, scammers almost always have to pass it through a centralized exchange — the one place with a real business, a compliance team, and KYC records.

That makes the CEX the choke point: it is where a trace can attach a real identity to an anonymous wallet, and the only place funds can realistically be frozen — when law enforcement presents a valid request in time. It is also why stablecoins like USDT are more recoverable than they first seem: cashing them out means touching a regulated venue.

Spotting a fake "exchange"

Scammers also build fake exchanges from scratch — polished sites that mimic a real CEX. These are not exchanges at all; they are the fake trading platforms where your "balance" is a number the scammer types. Before depositing anywhere, confirm the platform is a genuine, regulated business and that you reached it through its real domain, not a link someone sent.

Frequently asked questions

Which is safer, a CEX or a DEX?

Neither is universally "safer" — they carry different risks. A reputable CEX protects your funds but can be targeted by account phishing; a DEX gives you full control but exposes you to scam tokens and malicious signatures. For beginners, a regulated CEX with strong security habits is usually the lower-risk starting point.

My money went through a DEX — is it gone?

Not necessarily. Funds can be followed across a DEX on a blockchain explorer; the goal is to see where they eventually reach a centralized exchange, which is where a freeze becomes possible. Report fast to maximise that chance.

Why can scammers list fake coins so easily?

Because a DEX is permissionless code, not a vetted marketplace. Creating and listing a token requires no approval, which is why the vast majority of freshly launched tokens are scams. Treat any brand-new token with extreme caution.

Key takeaways

  • A centralized exchange (CEX) is a company that holds your funds and checks identity; a decentralized exchange (DEX) is permissionless code you trade from your own wallet.
  • DEXs have no gatekeeper, which is why most rug pulls, honeypots, and scam tokens are launched there.
  • On a CEX the risk is account phishing; on a DEX it is malicious signatures and scam tokens.
  • The CEX is the choke point where stolen funds can be traced to an identity and sometimes frozen.
  • A 'fake exchange' is not an exchange at all — it is a fake platform with an invented balance.

Know someone who needs this? Share it.

Scambulance will never ask for your private keys, passwords, or seed phrases. Anyone promising guaranteed fund recovery is likely a scammer.

Were you the victim of a crypto scam?

Knowledge is your first defense — but if it has already happened, the most important step is reporting it properly. Scambulance guides you through every step, free.