Bitpanda
exchangeBitpanda is an Austrian exchange regulated under MiCA in three EU jurisdictions and FCA-registered in the UK, with no confirmed customer fund losses to date.
Platform Information
Founded
Headquarters
Two-Factor Authentication
An extra login step that protects your account even if your password is stolen.
Custodial
The platform holds your crypto on your behalf — you don't control the private keys.
KYC Required
Know Your Customer — you must verify your identity before trading or withdrawing.
Proof of Reserves
The platform publicly proves it holds enough assets to cover all customer funds.
Insurance
Customer funds are covered by insurance in the event of a hack or platform failure.
Supported Chains
About Bitpanda
Bitpanda is an Austrian fintech platform founded in Vienna in 2014, initially as a crypto brokerage and one of the first MiCA-regulated exchanges in Europe. In 2026, the platform expanded into a unified investing service covering stocks, ETFs, precious metals, and crypto indices alongside more than 600 cryptocurrencies. Over seven million registered users across approximately 48 countries use the platform, with the majority based in Europe and the EEA.
Security
- Customer crypto is held in cold storage (the majority of assets held offline)
- 1:1 asset backing: user holdings are not rehypothecated or used for proprietary trading
- Account controls include two-factor authentication (2FA), withdrawal address whitelisting, and IP whitelisting
- ISO 27001:2022 certified and SOC 2 Type II attested
- Bug bounty programme managed via Bugcrowd
- Regular third-party penetration testing
Regulation
Bitpanda holds more than 17 regulatory licences across multiple jurisdictions:
- Austria: Licensed by the FMA as a Crypto Asset Service Provider under MiCAR
- Germany: MiCAR licence from BaFin, providing passporting rights across all 30 EEA member states
- Malta: MiCAR licence from the MFSA
- United Kingdom: Registered with the Financial Conduct Authority (FCA)
- France: Registered with the AMF under the PACTE framework
- UAE: VASP licence from the Virtual Assets Regulatory Authority (VARA) in Dubai
- PSD2 E-money licence and MiFID II licence also held
MiCAR compliance legally requires client asset segregation, capital reserves, and mandatory transparency disclosures enforced by national regulators.
Incident History
- No security breach resulting in confirmed customer fund losses has been publicly reported
- In June 2025, a threat actor claimed to have stolen 5.4 million Bitpanda user records; Bitpanda conducted an internal investigation and denied any unauthorised access had occurred
- A 2023 BaFin audit of Bitpanda Asset Management, the German subsidiary, identified more than a dozen compliance and information security violations — ranging from minor to serious — including gaps in cybersecurity testing and third-party provider monitoring; remediation measures were subsequently reported
Availability
Bitpanda is available in approximately 48 countries across Europe, the EEA, the UK, UAE, Switzerland, and Turkey. It is not available to users in the United States, Canada, or most of Asia-Pacific. KYC verification is required for all accounts.
Security & Score
Platform Safety Score
Based on incident history, security features, and track record
Security Features
Regulatory Information
Regulated In
Jurisdictions where this platform is officially licensed and subject to financial oversight.
Area Served
Countries or regions where this platform is available to users.
Notes
Licensed by the Austrian FMA. Registered with BaFin in Germany.
Incident History
No incidents recorded for this platform.
Frequently Asked Questions
Do you use Bitpanda?
Check how it affects your portfolio health score and get personalised risk insights.
Check your health score