New research has found that most cryptocurrency exchanges have security holes that could potentially be exploited. Notably, leading exchanges like Binance didn’t have the highest security scores.
In its report titled “Exchange Security Report,” independent rating firm ICORating found Coinbase Pro and Kraken to be the most secure cryptocurrency exchanges, with scores of 89 and 80 out of 100.
The firm analyzed the security practices of 100 cryptocurrency exchanges with trading volumes of over $1 million, and its findings show investors could be at risk if they leave their funds on exchanges. The report mentions that in the past 8 years 31 crypto exchanges were hacked, netting hackers $1.3 billion. It adds:
Some of the crypto exchanges learned from their mistakes and managed to recover, the others went bankrupt and several the most “happy” ones, such as Mt.Gox, Bitcoinica, PicoStocks, Bitcurex, have been attacked even multiple times.
Per the report, 32% of top crypto exchanges have code errors that can lead to “certain defects in operation.” Although these aren’t critical, ICORating warns they could lead to data loss. As for user account security, only 46% have proper security practices.
This, as 41% allow users to create passwords with less than 8 symbols, while 37% allow passwords to be made up of either digits or letters alone. Notably, 3% lack two-factor authentication (2FA), and 5% don’t require email verification.
When it comes to domain and registrar security, ICORatings' report points out only 2% of crypto exchanges use registry lock, a flag that “prevents anyone from making changes” to the domain, and 10% use DNSSEC, which “eliminates the threat of DNS cache poisoning.” Other factors taken into account were the expiration window, role accounts, and registrar lock.
As for web protocols, 29% of exchanges were found to have protection against zero of five mentioned headers, and only 10% of exchanges had protection against all of them. While no exchange had flawless security, Kraken, Coinbase Pro, and BitMEX came the closest.
Notably Binance, the number one cryptocurrency exchange by trading volume, came in 17th place with a score of 63 points out of 100. The company has thwarted a large scale theft attempt earlier this year, and in the aftermath of an incident involving Syscoin created a safety fund called Secure Asset Fund for Users (SAFU).
Zaif, a Japanese cryptocurrency exchange that lost $60 million to hackers last month, had a score of only 29. The exchanges with the lowest security scores were OKCoin.cn, Allcoin, and Tidex.