Connect with us

News

Binance, BitMex most-secure exchanges; Bithumb, DOBI among least-secure exchanges, finds CER research

Namrata Shukla

Published

on

Binance, BitMex most-secure exchanges; Bithumb, DOBI among least-secure exchanges, finds CER research
Source: Pixabay

The cryptocurrency market has been amidst dark clouds recently, with the market being mauled by the bear and many exchanges suffering attacks from hackers. These two factors have resulted in the loss of huge sums of money for multiple exchanges and cryptocurrency investors. Market sentiment was also swayed by these developments, with many enthusiasts and analysts equally voicing how cybersecurity must be taken much more seriously by mainstream exchanges.

A new research by Cryptocurrency Exchange Ratings [CER] assessed the security of the top-100 exchanges [according to CoinMarketCap] and rated them based on their Cyber Security Score [CSS], an assessment system which grades the cybersecurity parameters of exchanges on a 10-point scale.

According to the research, a total of $1.3 billion was stolen from cryptocurrency exchanges in the year 2018. The data was collated by the CER team based on a comprehensive assessment model for security audits, that consisted of three components:

  1. Server Security
  2. User Security
  3. Ongoing Crowdsource Security Assessment [OCSA]
Source: Crypto Exchange Ranks

Source: Crypto Exchange Ranks

As per the data collected by the researchers of the distribution by CSS, only nine exchanges scored above eight points out of ten. The exchanges that topped the list with flying colors were Kraken, and Coinbase Pro, followed by Binance and BitMex on the third place. However, the popular exchanges like Bithumb [98th on the list], DOBI [93rd on the list], ZBG [96th on the list], Coincheck, and Zaif were rated as the worst CSS performers.

Source: Cryptocurrency Exchange Ranking

Source: Cryptocurrency Exchange Ranking

As per the research paper, the three most problematic factors for crypto exchanges were:

  1. The existence of Bug Bounty programs
  2. DNSSEC record
  3. HTTP Headers
Source: Crypto Exchange Ranks

Source: Crypto Exchange Ranks

Out of the three problems, DNSSEC record and HTTP Headers were the security aspects of the security servers. Furthermore, the Bug Bounty program, a program designed to offer rewards to individuals for finding errors, vulnerabilities or bugs in the security systems of exchanges, had the worst results.

The data reflects that only 13% of the trading platforms have ongoing bug bounty programs, which are substantially reliable. Even out of this, 6% host the program on their own, while 7% use specialized platforms, like HackenProof or Bugcrowd, to serve the purpose.

Source: Crypto Exchange Ranks

Source: Crypto Exchange Ranks

DNSSEC protocol, or The Domain Name System Security Extensions, uses public key encryption to authenticated DNS servers. This is used to prevent the usage of forged or manipulated DNS data. However, it the second-largest dissatisfied factor by exchanges. The research claims that 60% of the analyzed platforms do not have appropriate records for their domains.

Source: Crypto Exchange Ranks

Source: Crypto Exchange Ranks

The last matter of concern is the HTTP Security Headers. The research examined security-related fields in the header section of HTTP request and response messages. If installed correctly, it can prevent malicious actions like man-in-the-middle and cross-site scripting attacks.

However, after checking seven headers, it was concluded that 59% of the exchanges had missed six to seven of them, while 17% missed four to five. Only 13% managed to miss just two to three headers, leaving a mere 11% of the exchanges missing just one header.

Earlier this month, Cryptopia, a cryptocurrency exchange based in New Zealand, had announced that they have lost funds due to a security breach. The exchange platform continues to be under maintenance and the amount that was compromised by the hack has still not been disclosed by the team.

Under such circumstances, when exchanges are being hacked rampantly, the research provides a detailed insight into what each exchange lacks and where it can improve.



Follow us on Telegram | Twitter | Facebook



Namrata is a full-time journalist and is interested in covering everything under the sun, with a special focus on the crypto market.

Advertisement
Advertisement

Trending

Subscribe to AMBCrypto's Newsletter