"What is the difference between an exchange (e.g. Coinbase, Kraken, Gemini, Poloniex, Bittrex) and Coin.Space?"
Your tokens are on the blockchain, regardless of what service you use to access them. When you move them, you are sending them from one address on the blockchain to another. These are simply lines of code. Your wallet file, the user interface you interact with, the private key—these do not have funds in them. The private key gives you the ability to prove ownership over coins that are on the blockchain.
If you use a client-side tool like Coin.Space or Mist, Metamask, Exodus, or Jaxx, then you have the private key & you control your funds and your key. You do not rely on Coinbase or Gemini sending your funds from their account to yours.
The upside is that you, and only you, control your keys. An exchange getting hacked won't affect you. The downside is that you, and only you, control your keys. No one else has them, nor can recover them, should you lose them.
If you do lose your private key or wallet file or passphrase, you cannot prove ownership of an account and therefore you cannot ever send your coins again.
If you use an exchange like Coinbase, Gemini, Kraken, Polonix, Bittrex, then you have any account with that company, and they hold your ETH and your keys for you. They have their own account on the blockchain with all their and their customers' funds in it. Then you have a username / password with them, on their servers, and they keep track of how much ETH they "owe" you.
This allows you to have the more traditional username / password situation and do things like reset your password if you forget it, change your password if your password is compromised, and turn on 2FA. However, it also means that if the exchange loses tokens, it's your Coins that is lost.
If you choose to move from an exchange to a wallet where you control your keys, you need to make sure that you have multiple backups, stored in separate locations, of your private key + password. This will prevent loss in case your computer crashes or your house burns down or anything else.
You also need to ensure you keep these keys securely. This means:
- Don't enter it on random websites
- Always ensure you are on the correct site or downloading from the legitimate repo / website.
- Don't email your key, send it to anyone or post it online
- Don't save it to cloud storage
- Don't have Team Viewer or other remote access software on your computer
If this seems very overwhelming, we recommend purchasing a Ledger or TREZOR hardware wallet. These help keep your keys safe and stored in an "offline" device, rather than on your computer. In this case, you don't have to worry about files or strings of characters; instead you just connect your hardware wallet to your computer.