Hackers stole over $1.8 billion in 2018 from crypto exchanges. So, if you’re still trusting one with your private keys, you really ought to know better. But if you’re too busy or too lazy to set up a hardware wallet for your funds, at least you should know where exchanges rank when it comes to cybersecurity. According to a report by CER and Hacken, not very well.
Top 100 Crypto Exchanges by Cybersecurity Score
CER and Hacken evaluated the state of the cybersecurity in the top 100 crypto exchanges by volume on CoinMarketCap as of January 1. What they found was a little disturbing.
Without getting overly technical, for the sake of this study, cybersecurity means all the processes and technologies an exchange has in place to deter hackers from entering its system. An effective system, says CER, is one that reduces a hacker’s chances of breaching it.
Since crypto exchanges must be responsible for users’ money and personal data, strong cybersecurity is imperative.
Cyber Security Score (CSS) Methodology
To measure cybersecurity at the top 100 exchanges, the companies checked whether they had sufficient user security in place, server security, and some kind of Ongoing Crowdsource Security Assessment (OCSA).
When it comes to server security, factors cush as SSL/TLS certificates, secure cookies, and open ports come into play. If a hacker uncovers just one vulnerability in a server it is enough to compromise all the components and cause huge monetary losses.
The user security level takes into account all the elements that exchanges can add to make it easier and safer for users entering and transacting on their exchange. These include things like 2FA, captcha, and strict password requirements.
If there is no captcha, for example, hackers can easily uncover a user’s password. 2FA significantly decreases the chances of an account being compromised since a telephone is needed as well as simply entering through one device. And when it comes to passwords they can simply be cracked with “brute force” if they are too weak.
Ongoing Crowdsource Security Assessment (OCSA) refers to whether an exchange has any processes in place to improve and develop their cybersecurity. This could be a Bug Bounty program that looks for white hat hackers to find vulnerabilities with the system, either in-house, or through a special platform like Hacken.
Avoid These Exchanges If You Want to Keep Your Funds
According to the research, the least safe of all the exchanges are:
These three exchanges all scored less than 5 out of a possible 10 points, based on the factors mentioned above. The safest exchanges are:
- Coinbase Pro
- Binance and BitMEX
Only Kraken managed to achieve a score of above 9 out of 10, while Coinbase Pro racked up 8.74, and Binance and BitMEX achieved 8.50 each.
Almost Zero Ongoing Programs Throughout
Only 13 percent of all exchanges have ongoing Bug Bounty programs in place to improve their security. Another major weak point for these top exchanges is their HTTP Security Headers with some 59 percent of exchanges missing 6-7 of the 7 headers required.
According to Ledger CEO Eric Larcheveque, crypto is the easiest asset in the world to steal. So keeping your funds in an exchange is really not advisable.
And as per the findings of this study, the top exchanges are among the lowest scoring when it comes to CSS, with Bithumb number 1 on CMC, and 98th in the CER top 100 crypto exchanges.
Do you agree with the study’s conclusions? Share your thoughts below!
Images courtesy of Shutterstock