Cryptocurrency exchanges have fallen victim to hacking time and time again, with the vice greatly rising in the past two years as the prices of cryptos skyrocketed. According to a new report, crypto exchanges still have a long way to go to fully secure their users’ crypto assets. The report looked into possible security weaknesses including console errors, web protocols security and user account security and while most exchanges scored highly in some like user security, they failed terribly in other parameters such as domain security. The report found Coinbase Pro to be the most secure exchange, with Binance and OKEx emerging 17th and 42nd respectively.
A Long Way From Secure
The year kicked off with one of the biggest crypto heists in history after the Japanese Coincheck exchange was attacked and $500 million worth of NEM coins stolen. This hasn’t been the only hack this year with South Korean exchanges Bithumb and Coinrail being among the other high-profile heists. While some steps have been taken by some exchanges to revamp security, a new report has painted a grim picture of the security situation at some of the largest exchanges.
The report used four parameters, the first of which was console errors. These are errors in the coding which sometimes lead to malfunction but which are rarely critical. They can however lead to loss of data by the users. 32 percent of the 100 exchanges surveyed had these errors.
User account security was the second parameter, with some exchanges being found not to have two-factor authentication as well as allowing the creation of accounts without email verification. Only 46 percent of the exchanges were deemed safe by the report. In registrar and domain security, only 4 percent of the exchanges were found compliant with at least four of the five best practices expected in this area.
The researchers further investigated whether the exchanges possess the necessary protection measures against the various attacks lodged by cyber-attackers. Of the five expected protection measures, 29 percent of the exchanges were found not to contain any which leaves them susceptible to attacks, with only 1 in 10 having all five.
Coinbase Pro was found to be the most secure exchange with a score of 89. The exchange, formerly known as GDAX had perfect scores in all but one area. Fellow U.S exchange Kraken was second with a score of 80 out of a possible 100. BitMEX, GOPAX, CPDAX and Bitlish followed respectively in a list in which the major exchanges scored poorly. The world’s biggest exchange Binance was 17th with a score of 63, scoring particularly poorly in console errors and domain security.
Some of the other major exchanges on the list were HitBTC, bitFlyer, OKEx, Poloniex, Huobi and Bitfinex which held positions 18, 37, 42, 44, 47 and 54 respectively. Bithumb, which was attacked in June this year losing $30 million, was 78th on the list.
Security in the exchanges has been a major challenge, with some exchanges making reckless mistakes that have cost them dearly. In the Coincheck hack, it was discovered that the exchange stored most of its users’ tokens in a hot wallet which made them easier to steal for the hackers. Recently, decentralized exchange Newdex was hacked and lost $58,000 worth of tokens, exposing several vulnerabilities such as the lack of smart contracts.