Binance, BitMex most-secure exchanges; Bithumb, DOBI among least-secure exchanges, finds CER research

Binance, BitMex most-secure exchanges; Bithumb, DOBI among least-secure exchanges, finds CER research

The cryptocurrency market has been amidst dark clouds recently, with the market being mauled by the bear and many exchanges suffering attacks from hackers. These two factors have resulted in the loss of huge sums of money for multiple exchanges and cryptocurrency investors. Market sentiment was also swayed by these developments, with many enthusiasts and analysts equally voicing how cybersecurity must be taken much more seriously by mainstream exchanges.

A new research by Cryptocurrency Exchange Ratings [CER] assessed the security of the top-100 exchanges [according to CoinMarketCap] and rated them based on their Cyber Security Score [CSS], an assessment system which grades the cybersecurity parameters of exchanges on a 10-point scale.

According to the research, a total of $1.3 billion was stolen from cryptocurrency exchanges in the year 2018. The data was collated by the CER team based on a comprehensive assessment model for security audits, that consisted of three components:

As per the data collected by the researchers of the distribution by CSS, only nine exchanges scored above eight points out of ten. The exchanges that topped the list with flying colors were Kraken, and Coinbase Pro, followed by Binance and BitMex on the third place. However, the popular exchanges like Bithumb [98th on the list], DOBI [93rd on the list], ZBG [96th on the list], Coincheck, and Zaif were rated as the worst CSS performers.

As per the research paper, the three most problematic factors for crypto exchanges were:

Out of the three problems, DNSSEC record and HTTP Headers were the security aspects of the security servers. Furthermore, the Bug Bounty program, a program designed to offer rewards to individuals for finding errors, vulnerabilities or bugs in the security systems of exchanges, had the worst results.

The data reflects that only 13% of the trading platforms have ongoing bug bounty programs, which are substantially reliable. Even out of this, 6% host the program on their own, while 7% use specialized platforms, like HackenProof or Bugcrowd, to serve the purpose.

DNSSEC protocol, or The Domain Name System Security Extensions, uses public key encryption to authenticated DNS servers. This is used to prevent the usage of forged or manipulated DNS data. However, it the second-largest dissatisfied factor by exchanges. The research claims that 60% of the analyzed platforms do not have appropriate records for their domains.

The last matter of concern is the HTTP Security Headers. The research examined security-related fields in the header section of HTTP request and response messages. If installed correctly, it can prevent malicious actions like man-in-the-middle and cross-site scripting attacks.

However, after checking seven headers, it was concluded that 59% of the exchanges had missed six to seven of them, while 17% missed four to five. Only 13% managed to miss just two to three headers, leaving a mere 11% of the exchanges missing just one header.

Earlier this month, Cryptopia, a cryptocurrency exchange based in New Zealand, had announced that they have lost funds due to a security breach. The exchange platform continues to be under maintenance and the amount that was compromised by the hack has still not been disclosed by the team.

Under such circumstances, when exchanges are being hacked rampantly, the research provides a detailed insight into what each exchange lacks and where it can improve.

Share your thoughts, add a comment!

You must be logged in in order to place a comment.

Article comments

Loading...
No comments yet, be the first to comment this article