Among the 100 exchanges involved in the study, only 4% of them meet good security status. The main security issues discovered include failure to implement 2-Factor Authentication, allowing use of short passwords (less than 8 characters), allowing use of non-alphanumeric passwords, failure to carry out effective email verification during account creation, and allowing use of non-traceable email addresses.
All these factors have greatly contributed to the deterioration of exchange platform security.
While cryptocurrencies and the blokchcian technology continue to attract masses, serious issues have emerged in the manner in which various crypto exchange platforms conduct business. These issues have largely been security-related. ICORating conducted an extensive research to ascertain claims that some exchanges are almost completely defenseless against hacking attacks. The findings are nothing if not baffling.
The Findings – How Secure Are Crypto Exchanges?
Turns out, over half of the crypto exchanges currently doing business are sitting all wide open to hacking attacks and possible loss of customers’ confidential data. From the 100 exchanges examined, ICORating found that most of them have serious security flaws in their account creation processes. For instance, they allow short, insecure passwords with no alphanumeric input. They also allow people to open accounts without any email authentication. Some of them can’t even secure their own domain.
If recent incidents are anything to go by, it’s a clear fact that when an exchange is hacked, users lose their money. In most cases, it has been found that the hacks succeed due to low security environment in which the exchanges operate in rather than direct compromise of individual users’ login details. Just recently, a Japanese exchange, Zaif,was hacked and lost about $59 million worth of cryoptocurrencies. The cryptos lost included Bitcoin, Monacoin, and Bitcoin Cash.
The Flaws
Another serious security issue discovered involved how exchange servers process data and run code. About a third of the exchanges were found to have issues with running CSS and JavaScript on their pages, with errors that could potentially cause loss of data especially during an ongoing transaction. Only 2% of the exchanges have domain locks, meaning that the rest could have their domains deleted easily. Only 10% of the exchanges studied used the DNSSEC protocol that guards against DNS attacks.
The report mentions some of the big names in the crypto exchange business as utterly insecure. Binance is the world’s largest crypto exchange by volume, but it appeared at position 17 on the security scale. Coinbase took the mantle as the most secure crypto exchange in the world, followed by Kraken and BitMex in the second and third positions respectively.