In traditional finance, shares in public companies are traded on a stock exchange, a centralised entity which brings together buyers and sellers. The exchange is in charge of deciding which trusted assets to list (trusted) and may place controls on trading in extreme circumstances (permissioned). In cryptocurrency trading, Centralised Exchanges (CEXs) operate in a similar way.
Centralised exchanges, however, are custodial. Once a user deposits funds, they are credited to their CEX account and are effectively under the control of the exchange. Withdrawals can be suspended at any time. Although this may sound riskier than being in control of your own wallet and using its private key, it can also be of benefit to inexperienced users who don’t want the responsibility of self-custody.
CEXs can be used to buy or sell cryptocurrencies, or to exchange for fiat currency (like USD or EUR). In fact, they are often used as an on- or off-ramp for DeFi users, even if they tend to do their trading on a Decentralised Exchange (DEX).
Trades on CEXs are executed via the order book model, in which the exchange matches bids (i.e. buy orders) with an appropriate ask (i.e. sell orders). As well as immediate ‘market’ orders, CEXs also offer ‘limit’ orders which are filled if certain conditions are met.
Trading on a CEX is often faster than on a DEX, as trades are executed off the blockchain. This also means that CEX users don’t pay gas fees, making trading much cheaper, especially for smaller amounts. Users do, however, pay a small percentage commission on trades, similar to how liquidity providers are rewarded on a DEX.
Off-chain execution also protects users from having to worry about some of the pitfalls of DeFi, such as low-liquidity pools with high slippage, or falling victim to manipulation by MEV bots.
Tokens are usually not listed by CEXs until they are relatively established, a way to protect investors from pump-and-dump scams.
On the other hand, CEXs are run by a private company, not via decentralised governance, so business decisions are made opaquely, without any input from users. As they provide a financial service, they must comply with know-your-customer (KYC) and anti-money laundering (AML) regulations, and access may be blocked depending on the user's location. Users suddenly losing access to funds is not uncommon, leading to the phrase “not your keys, not your coins”.