The cryptocurrency market has been amidst dark clouds recently, with the market being mauled by the bear and many exchanges suffering attacks from hackers. These two factors have resulted in the loss of huge sums of money for multiple exchanges and cryptocurrency investors. Market sentiment was also swayed by these developments, with many enthusiasts and analysts equally voicing how cybersecurity must be taken much more seriously by mainstream exchanges.
A new research by Cryptocurrency Exchange Ratings [CER] assessed the security of the top-100 exchanges [according to CoinMarketCap] and rated them based on their Cyber Security Score [CSS], an assessment system which grades the cybersecurity parameters of exchanges on a 10-point scale.
According to the research, a total of $1.3 billion was stolen from cryptocurrency exchanges in the year 2018. The data was collated by the CER team based on a comprehensive assessment model for security audits, that consisted of three components:
- Server Security
- User Security
- Ongoing Crowdsource Security Assessment [OCSA]
As per the data collected by the researchers of the distribution by CSS, only nine exchanges scored above eight points out of ten. The exchanges that topped the list with flying colors were Kraken, and Coinbase Pro, followed by Binance and BitMex on the third place. However, the popular exchanges like Bithumb [98th on the list], DOBI [93rd on the list], ZBG [96th on the list], Coincheck, and Zaif were rated as the worst CSS performers.
As per the research paper, the three most problematic factors for crypto exchanges were:
- The existence of Bug Bounty programs
- DNSSEC record
- HTTP Headers
Out of the three problems, DNSSEC record and HTTP Headers were the security aspects of the security servers. Furthermore, the Bug Bounty program, a program designed to offer rewards to individuals for finding errors, vulnerabilities or bugs in the security systems of exchanges, had the worst results.
The data reflects that only 13% of the trading platforms have ongoing bug bounty programs, which are substantially reliable. Even out of this, 6% host the program on their own, while 7% use specialized platforms, like HackenProof or Bugcrowd, to serve the purpose.
DNSSEC protocol, or The Domain Name System Security Extensions, uses public key encryption to authenticated DNS servers. This is used to prevent the usage of forged or manipulated DNS data. However, it the second-largest dissatisfied factor by exchanges. The research claims that 60% of the analyzed platforms do not have appropriate records for their domains.
The last matter of concern is the HTTP Security Headers. The research examined security-related fields in the header section of HTTP request and response messages. If installed correctly, it can prevent malicious actions like man-in-the-middle and cross-site scripting attacks.
However, after checking seven headers, it was concluded that 59% of the exchanges had missed six to seven of them, while 17% missed four to five. Only 13% managed to miss just two to three headers, leaving a mere 11% of the exchanges missing just one header.
Earlier this month, Cryptopia, a cryptocurrency exchange based in New Zealand, had announced that they have lost funds due to a security breach. The exchange platform continues to be under maintenance and the amount that was compromised by the hack has still not been disclosed by the team.
Under such circumstances, when exchanges are being hacked rampantly, the research provides a detailed insight into what each exchange lacks and where it can improve.
Subscribe to AMBCrypto’s Newsletter
Mt. Gox: Exchange’s key challenge was getting fiat, says Stellar’s Jed McCaleb
Cryptocurrency Adoption: Institutional investors should consider cryptocurrencies, says pension and endowment adviser Cambridge Associates
Ethereum [ETH] breaches $5.56 billion mark in daily trading volume; highest recorded in over a year
Binance CEO reveals BitTorrent [BTT] airdrop error; reassures users that ‘funds are SAFU’
Ethereum [ETH/USD] Price Analysis: Bull continues to grace the market with its presence
DigiByte community gears up for Global Summit while founder Jared Tate finalises book on decentralized internet
Bitcoin [BTC] developer Jimmy Song lists 3 reasons why Bitcoin SV [BSV] is a “scam”
Bitcoin [BTC] among cryptocurrencies enabled by new debit card launched by Australian Crypto exchange
After Bitcoin [BTC] ETF silver lining, SEC puts forth circular on ICOs
Ethereum [ETH] could have been stolen through malware impersonating MetaMask
Bitcoin [BTC]: Mt Gox redemption plan demonstrates the power of open source network, says Brock Pierce
Bitcoin Cash [BCH] Price Analysis: Bulls and bears fight it out as token trades sideways
- Press Release
A New Generation of Crypto-Exchange: ALL IN ONE Crypto-Exchange
Flash Hike: XRP pumps by 10% as most top-10 coins gleam green