This is a chapter from the book Token Economy (Third Edition) by Shermin Voshmgir. Paper & audio formats are available on Amazon and other bookstores. Find copyright information at the end of the page.
Exchanges offer a marketplace where buyers and sellers of tokens can find each other to exchange one token type for another. While they are important players in the crypto space, they are still predominantly operated by centralized institutions. Decentralized exchanges using public blockchain networks as their execution layer have also emerged and introduced novel forms of market mechanisms and governance mechanisms.
While it has become easy to buy tokens using exchange services and NFT marketplaces today, buying or selling Bitcoin was not easily possible at first. When the Bitcoin network was launched, anyone could earn BTC by performing mining operations on their personal computer. They could then send the BTC they had earned to someone else in the network—just for fun. More was not possible at that time. To exchange BTC for other currencies or goods and services, one needed to find a buyer—either offline or online—and directly exchange the BTC one wanted to buy or sell for fiat currencies. Such exchanges were conducted in the hope that the counterparty would hold true to their end of the bargain. The Bitcoin community was small, people often knew each other, and most of the trades worked out somehow. Even if a trade failed for some reason, it wasn't a disaster, as BTC was only worth a few cents and, back in those days, could easily be mined with a home PC.
The first “Bitcoin Market” was announced in 2010 on “Bitcointalk”—an online forum created by Satoshi Nakamoto, where Bitcoin developers and enthusiasts could meet and discuss Bitcoin’s ideology, economy, and technological implementations. It functioned as a basic exchange platform where buyers and sellers could post offers. However, unlike later exchanges, “Bitcoin Market” didn't actually hold BTC in escrow. Instead, it primarily served as a meeting place where users could find trading partners. Trades were conducted directly between parties, with all the associated trust issues of person-to-person transactions. Payment methods included PayPal and other options, but the platform itself didn't provide escrow services or guarantee trades. As the demand for Bitcoin and other emerging cryptocurrencies grew, so did the interest in buying and selling them through more convenient means. It was around that time that the first full-service exchanges emerged, most notably “Mt. Gox.” Mt. Gox was a website that originally offered a marketplace for online collectibles (“magic cards.”) It was founded before the emergence of Bitcoin and unintentionally became a cryptocurrency exchange in 2010 when Mt. Gox started accepting BTC as payment for their magic cards. Eventually, Mt. Gox became a convenient place for an increasing number of people who wanted to trade their BTC through the backdoor of buying and selling magic cards with other currencies. The founder of Mt. Gox abandoned the online card exchange and started focusing on trading BTC. Around 2011, other cryptocurrency exchange services such as “Tradehill” and “VirWoX” started to appear. In addition to BTC, these new exchanges also traded other virtual currencies that had existed pre-Bitcoin—such as the Linden Dollar, the internal currency of the virtual reality platform “Second Life.” By 2013, despite a market crash and a hack of the exchange, Mt. Gox was settling around 70 percent of all global BTC trades. Tradehill came in second place.
Centralized Exchanges
All early exchanges were centralized services that acted as custodians and brokers of tokens. Centralized exchanges operate on traditional client-server technology, which lacks the security level that blockchain networks provide. They act as intermediaries between buyers and sellers, providing on-ramps and off-ramps for fiat-to-crypto trades. Since transactions are settled off-chain, they become prime targets for hacks and mismanagement. Order books are also inaccessible to users, undermining transparency. Customer tokens are held in custodial wallets, meaning the exchange manages private keys on behalf of its users.
At that time, there was no other practical alternative, and the first exchange services were particularly susceptible to internal and external security breaches, mainly due to the lack of experience of their founders and, as a result, a lack of due diligence. Most regulators probably did not have them on their radar yet or considered them too much of a niche to explicitly regulate. While centralized exchanges are subject to the same systemic risks as traditional financial institutions, some have started to leverage the power of blockchain networks for “Proof-of-Reserve” policies so that clients can at least verify whether their deposited tokens are held in full reserve. With such a system, the customer of a centralized exchange can independently verify if their token balance was included in the Proof-of-Reserve audit by comparing select pieces of data with the Merkle root of their transaction block. This gives users real-time oversight of how their funds are being managed.
Exchanges originally only offered a marketplace to trade BTC and other fungible tokens with money-like or commodity-like properties. As more and more non-fungible token classes emerged—especially after the Ethereum network went live—marketplaces focused on special classes of NFTs also started to appear. Over time, both exchanges and NFT marketplaces have increasingly offered additional services to their customers, such as earning interest on deposited tokens. Exchanges have become the market makers and gatekeepers in this emerging tokenized economy, as they have the power to decide whether a particular token gets listed or not.
Decentralized Exchanges aka Automated Market Makers
Decentralized exchanges (DEXs) are applications executed by a blockchain network where smart contracts replace the brokerage functions of a centralized exchange while giving the user full control over the tokenized funds. They use a novel type of market-making mechanism and new types of market players, and they are very often community-governed through the vehicle of a decentralized organization. Both token swaps and the voting processes over protocol governance are settled on-chain and therefore have an audit trail that is publicly verifiable. However, not everything can be automated. The smart contracts are designed, programmed, and updated by people and are therefore susceptible to similar systemic risks or human error, misjudgment, and misconduct as centralized systems—with the difference that all token transactions are publicly verifiable almost in real-time without the need for third-party audits. Potential vulnerabilities and attacks cannot be covered up. To explain how decentralized exchanges work, a few core concepts need to be outlined:
- Order books: Traditional financial institutions and centralized exchanges use order books to collect all buy and sell orders with the aim of matching buyers and sellers, usually on a first-come, first-served basis. These books used to be analog (hence the name), but today they are recorded electronically on server systems. In public blockchain networks, however, order books are a challenge, as transactions over blockchain networks are propagated differently through the process of consensus and can therefore not be validated on a first-come, first-served basis. Decentralized exchanges needed to find an alternative mechanism to replace order books.
- Market makers & liquidity: Traditional asset exchanges and centralized cryptocurrency exchanges rely on market makers—professional traders or institutions—to provide market liquidity in exchange for arbitrage opportunities. Market liquidity refers to the availability of enough buyers and sellers of a particular asset at any point in time to reduce significant “slippage”—where the final trade price deviates from the expected price at the time the trade is initiated. Market makers bridge the gap between buyers and sellers. They buy an asset to provide market demand, also known as liquidity, and ensure smooth transactions. In exchange for the risk of holding the asset they buy, market makers hope to make money from the spread between buying and selling prices. While they maintain market stability, their privileged access to private order books leads to information asymmetries, where the market maker could conduct insider trading or front-run retail traders who do not have that privileged information about all trades. Early decentralized exchanges had no market makers and often suffered from low liquidity, leading to extreme price spikes that could be exploited by external arbitrage seekers who did not have the balance of the market in mind.
- Automated Market Makers (AMMs) were introduced to mitigate this problem. They provide a smart contract-enabled three-sided marketplace, where trades are conducted between a buyer, a seller, and a pool of so-called liquidity providers. The market mechanism is encoded in the smart contract, which includes the algorithm upon which the price of a trade is determined and executed. The smart contract executes all transactions when the conditions for a trade are met, thereby eliminating the need for centralized exchange services. AMMs were developed as an alternative market-making mechanism and replaced the need for traditional exchanges that work with an order book system and certified market makers. The role of the market maker was replaced by liquidity pools and the liquidity providers participating in pool activities.
- Liquidity pools & liquidity providers: Technically, liquidity pools are smart contracts that hold token pairs in escrow, enabling liquidity providers to trade against the pool. The way it works is as follows: liquidity providers need to provide both sides of the market in correct proportions, as their role is to provide liquidity without impacting the current market price. In return, they receive part of the fees generated by the trades that buyers and sellers of the decentralized exchange conduct, which are executed in that pool. They may also receive additional incentives, such as native tokens of the decentralized exchange. Liquidity providers must deposit both tokens of a token trading pair into the liquidity pool in the ratio of their exchange rate. In doing so, they provide market liquidity into a pool that others can use to buy and sell tokens. They specify the amount of a token they want to provide to a pool, and the smart contract automatically determines how much of the other token the provider needs to deposit. Liquidity providers never trade with other users but instead trade against a price-finding algorithm, which is determined by a mathematical formula and encoded into the smart contract.
- Price-finding algorithm: The price-finding algorithm determines the exchange rate between two assets in a pool. The mechanism used by AMMs differs from traditional financial markets and follows a so-called bonding curve—a mathematical formula that determines the price of an exchange rate by factors such as time, the number of lenders and borrowers, and the timing of their borrowing and lending. The parameters of the curve can vary depending on the type of bonding curve.
Decentralized exchanges have become a new type of intermediary institution in this emerging Web3, albeit more automated and publicly verifiable than their centralized counterparts. In 2018, “Uniswap” was the first decentralized exchange to implement the concept of liquidity pools, allowing any pair of fungible Ethereum tokens with a 50-50 ratio. “Curve” adapted the initially proposed mechanism by focusing on liquidity pools that bundled similar assets, such as stable tokens, and were therefore able to improve liquidity rates, increasing the efficiency of trades at the lowest costs. “Balancer” introduced the concept of dynamic liquidity pools, which allowed users to bundle up to eight different assets in any ratio.
Challenges of Decentralized Exchanges
Early decentralized exchanges (DEXs) faced significant technical, legal, and economic challenges, leading to the failure of many first-generation platforms like “Komodo,” “WavesDex,” and “EtherDelta.” Order book systems were inefficient on blockchain networks, and the lack of liquidity compounded the problem. These challenges caused most early exchanges to either fail or lose market share to newer platforms like “Uniswap,” “Curve,” “PancakeSwap,” “Balancer,” “SushiSwap,” and “SUN,” which rely on Automated Market Makers (AMMs). Although AMMs dominate decentralized exchanges, they don't fully replace order books, which offer flexibility for specific use cases. Decentralized exchanges continue to experiment with mechanisms such as multi-token liquidity pools, improved price-finding algorithms, and governance incentives like risk premiums or native tokens to attract users and remain competitive. While many exchanges claim to be "decentralized," none of them are fully decentralized yet and face technical, economic, governance, and legal challenges:
- P2P challenge: In the early stages of DEXs, trades were executed directly peer-to-peer from one user wallet to another. Today, most decentralized exchanges rely on liquidity pools, where trades occur between users and smart contracts rather than directly between individuals. This means that users lock their tokens in smart contracts, making them vulnerable to exploits or regulatory actions. If a smart contract is exploited or forced to comply with legal sanctions, users could lose their deposits.
- Interoperability challenge: Interoperability has been a significant technical hurdle, as tokens could not be swapped P2P across different blockchain networks, creating lock-in effects around the blockchain ecosystem on which the DEX operated. Various solutions, such as cross-chain atomic swaps, bridges, and interoperability protocols, have been developed to address this challenge. However, achieving seamless interoperability remains complex due to technical and security concerns.
- Scalability & Oracles: On-chain order books remain slow and costly due to scalability limitations of blockchain networks. Additionally, the reliance on centralized oracles for external data, such as token prices, undermines the decentralized ethos, posing risks to the trustworthiness of these systems. While scalability solutions and decentralized oracle networks have been developed to mitigate these issues, challenges related to security, scalability, and accuracy persist.
- Usability challenges: Users face difficulties when tokens are sent to incorrect addresses or when private keys are lost, as these errors are irreversible unless the recipient voluntarily returns the funds. Legal recourse is rare and costly due to limited precedents and high expenses. Newcomers to crypto often preferred centralized exchanges for their simplicity and user-friendly interfaces, while experienced traders favored decentralized exchanges for their compatibility with DeFi protocols and the flexibility to build customized financial solutions within a composable ecosystem. However, decentralized exchanges have significantly improved the user experience with more intuitive interfaces, advanced trading tools, mobile accessibility, and social features. Potential integration within AI tools can make them even more user-friendly, increasing overall inclusivity.
- Inclusion challenges: Decentralized exchanges also benefit technically skilled and experienced traders who already participate in token markets and are less accessible to newcomers since they do not facilitate the purchase of tokens with fiat currencies, a key feature of centralized exchanges.
NFT Marketplaces
The first token exchanges focused on the buying and selling of fungible tokens such as Bitcoin and other protocol tokens. With the emergence of non-fungible tokens, such as art NFTs and collectible NFTs, a new type of exchange and marketplace emerged to cater to the special needs of NFTs. These marketplaces provide similar market-making functionalities to bring buyers and sellers together. The same trade-offs and questions that are relevant to centralized or decentralized exchanges of fungible tokens are also relevant to marketplaces for non-fungible tokens. However, NFT marketplaces come with additional technical challenges, as they need to transfer much more metadata that describes the special properties of the assets they represent. This raises issues around how this metadata should be stored or how the items should be displayed so that buyers can easily find what they want.
Depending on the type of NFT—whether it is virtual art, physical art, real estate, energy, or data—additional information about the tokenized assets needs to be exchanged between buyers and sellers before the sale. The display, negotiation, and trading aspects have different requirements. The virtual or physical assets will also have to be virtually or physically transferred after the property rights to an NFT have been transferred from seller to buyer. This means that these specialized NFT marketplaces need to have technical, organizational, and legal processes in place to conduct such a virtual or physical transfer, or they need to collaborate with service providers who handle this for them. Marketplaces for real-world art objects or installations, for example, come with a set of legal and organizational aspects related to the management and custodianship of an art piece, especially if it is collectively owned by a set of fractional token holders. Additional challenges arise from the techno-legal question of what one is actually buying— a URL to a website, the property rights to the actual artwork, the access rights to the actual artwork, or a copy with a unique digital signature. Attached to this question is a set of other questions, such as how the rights might be used downstream. At the time of writing, art NFT marketplaces often lack a legal framework to verify the real ownership of an NFT or verify copyright evidence. While there are still many challenges, the number of NFT marketplaces is growing.
Both generalized and specialized marketplaces exist today. NFT marketplaces that cater to the needs of very unique asset classes—assets that have different market dynamics from other asset classes or require special regulatory considerations—might remain specialized despite trends toward generalization. Real estate assets differ from cars, data sets, or art pieces. Although generalized marketplaces exist in Web2 today, such as Amazon or eBay, specialized marketplaces for real estate or used cars have also emerged. The same will be true in Web3. It is also worth noting that decentralized exchanges, which originally only traded fungible tokens, eventually branched out to offer certain types of NFTs as well.
Token Exchanges & NFT Marketplaces
Footnotes
[1] A vulnerability in one of the smart contract functions, designed to represent minority rights, was exploited and used to drain 3.6m Ether from TheDAO balance (roughly 150 million USD at the time).
[2] "Magic cards" was an online collectible, somewhat similar to Pokemon cards, where each card has a function and attributes. There was a strong scene for these collectibles, with some cards trading at quite high prices, with the most expensive one being sold for over 500.000 USD.
[3] "Flash crash" is a term used to describe the sell-off of an asset leading to a rapid and short-lived decline in price. Typically, flash crashes are exacerbated by algorithmic traders that automatically react to market conditions by selling large volumes to avoid losses, triggering a feedback loop of sell orders, resulting in a sudden plunge in value. Flash crashes are typically followed by price recoveries, often within the same day.
[4] Price spikes refer to rapid and large movements in the price of an asset in either direction, often triggered by new information becoming known to the market.
[5] Proof-of-Reserve (PoR) uses a cryptographic accounting procedure that is conducted semi-annually by professional auditors to ensure that the exchange is holding the assets it claims to on behalf of its customers. The auditor makes anonymized snapshots of all token balances and aggregates them into a so-called “Merkle tree”– a privacy-preserving data structure that encapsulates all client balances. Based on the Merkle tree, the auditor obtains a so-called “Merkle root,” which is a cryptographic fingerprint that uniquely identifies the combination of these balances at the time when the snapshot was created, and collects the digital signatures produced by the exchange, to prove ownership over the on-chain addresses with publicly verifiable balances. In a last step, the auditor compares and verifies that these balances exceed or match the client balances represented in the Merkle tree, which is the proof that the client assets are held on a full-reserve basis and have not been misappropriated (Source: https://storm.partners/crypto-firms-proof-of-reserve-audits/)
[6] A “Merkle root” is a mathematical method to verify the data on a so-called “Merkle tree” or “hash tree” that encodes the blockchain data in an efficient and secure manner. Any changes made to the rest of the dataset – however small – will affect the root and make any tampering obvious.
[7] Liquidity provision might become unprofitable at very small deposit sizes.
[8] The proposed formula that determines the price was tokenA_balance * tokenB_balance = k. This formula defines the relation between the two tokens in a liquidity pool, where the product of the two quantities supplied must always be k. The ratio of the tokens dictates the price. As tokenA balance falls and tokenB balance rises, the value of tokenA in the pool increases, and the value of tokenB must decrease to satisfy the equality, and vice versa. This ensures that the total amount of liquidity in the pool remains constant. This original formula has been adapted over time to meet the needs of various market and asset types.
[9] Ronin Bridge was a trusted bridge operated by Axie infinity (Tokenized gaming application) which connected the Ronin blockchain network with the Ethereum network. The bridge was exploited in 2022 –the largest bridge hack at the time. The hack was possible because Ronin Bridge relied on a majority of nine validators to initiate withdrawal or deposits from the bridge. Of these nine validators, four were controlled by Sky Mavis (the operating company behind Axie infinity). Having compromised all nodes operated by Sky Mavis, the attacker only needed one more node to compromise the bridge. Consequently, tokens with a value of 625 million USD were withdrawn from the bridge – in an ostensibly verified transaction.
[10] A Proof-of-Work secured blockchain network is safe as long as more than 50% of the work is being put in by miners who are honest. A “51% attack” happens when a single person or institution is able to control the majority of the hash rate or computing power to manipulate the network. In the ten-year history of Bitcoin, no manipulation by outside attackers has been successful.