The latest Exchange Security Report published by ICORating assessed 130 of the world’s biggest crypto exchanges, ranking each exchange on their overall level of security.
Crypto Exchange Ratings
Per the report, each of the 130 exchanges assessed purportedly has a daily trading volume exceeding $100,000 and was given a security rating from A+- to C-. According to the independent analysts at ICORating, no exchange was secure enough to receive an A+ rating.
Out of all the assessed crypto exchanges, just 16% received an A or A- rating. 2 of them received a solid A rating: Kraken and Cobinhood. The rest of the 16% (19 exchanges) received an A- rating. 55% of the assessed exchanges received a score between B+ and B-, with the remaining 29% rated either C+, C, or C-.
Crypto Exchange Security Parameters
The ICORating analysts based their ratings on 4 categories: user account security, registrar and domain security, web security, and DoS attack protection. These 4 categories were further subdivided into a range of security testing parameters.
For “user account security,” 4 parameters were analyzed, with just 22% of exchanges meeting all 4. As for the parameters included, see them below:
- A check for errors in the content of the exchange code, which could lead to malfunctions in the application.
- The ability to create a weak password.
- Confirmation of actions on the stock exchange through mail.
- Availability of 2FA.
For “domain and registrar security,” just 3% of exchanges satisfied all the criteria. See the parameters below:
- Use of a registry lock to prevent anyone from making changes to the domain.
- Use of role accounts to protect individuals from hackers.
- If the exchange had a 6-month expiration window for high profile domains.
- Does the exchangeuse DNSSEC to eliminate the threat of DNS cache poisoning.
For “web security,” analysts based the ratings on 10 criteria. The results of this test were far more varying between exchanges. These key parameters can be seen below:
- Clickjacking attack protection
- Man-in-the-middle (MITM) attack protection
- POODLE attack protection
- HSTS header presence
- Drive-by Download attack protection
- Heartbleed attack protection
- Robot vulnerability protection
- TLSv1.3 presence
- HIPAA, PCI-DSS, NIST guidance compliance.
For “DoS attack protection,” 74% of all exchanges were considered to be safe.
ICORating Exchange Security Rank
As seen in the image above, the popular crypto exchanges of Poloniex, BitMEX, Coinbase Pro, and HitBTC received A- rankings while Binance, the most popular crypto exchange in terms of daily trading volume, only received a B+ rating.
Other notable exchanges included the Winklevoss exchange Gemini and the popular Singapore-based exchange, Huobi, which both received B- ratings.
Another exchange worth mentioning is the New Zealand-based crypto exchange, Cryptopia, who ranked 60th overall and received a B rating. Cryptopia recently suspended their trading services after suffering a data breach on January 14.
As reported by IIB previously, the New Zealand police have officially launched an investigation.
Which cryptocurrency exchange do you use? How did it rank on the ICORating exchange security list? Let us know in the comment section below.
