ICORating Security Report: No Crypto Exchanges Earned A+; Only 21 of 135 Received an A- or A
ICORating regularly puts out Exchange Security Reports as independent analysts. As they published their report on December 18th, cryptocurrency trading platforms were close to the mark but did not quite reach it. Out of the 135 platforms evaluated, the company determined that there were only 16% of the biggest platforms in the world have managed to score an A- or above. However, not one reached a full A+.
The trading platforms evaluated had a daily trade value of at least $100,000 and had to be evaluated in four different categories. Those categories included user account security, web security, registrar and domain security, and DoS attack protection. The top three exchanges, based on these evaluations, were Kraken (A), Cobinhood (A), and Poloniex (A-). There was a total of 55% of exchanges that managed to reach between a B+ and a B-, and the others had between a C+ and a C-.
There were subcategories for each of the qualifying categories to get more specific in what the evaluation was looking for. User security was divided into four additional categories, which included two-factor authentication and password security. Unfortunately, out of all of the exchanges, there were only 22% that met all of the requirements.
As far as domain and registrar security, there were multiple safeguards in place, which included the use of a registry lock and a brief expiration window that is directed to a high-profile domain. Web security, rather than having the four additional categories of these last two sections, has 10 criteria. Their criteria included MITM protection from attacks, HSTS header presence, and clickjacking attack protection.
Every exchange managed to pass the requirement for MITM attack defenses, POODLE defenses, and Heartbleed defenses. HSTS headers were used by 37%, and there were 60% of the platforms that had protection for clickjacking.
More of the exchanges had already taken the necessary measures to protect themselves against DoS attacks, which came in at 74%. Other rankings from the ICORating data included an A- for Coinbase Pro (9th), BitMEX (4th), Bitfinex (4th), and HitBTC (13th). Binance, despite having the largest exchange based on the volume that they trade alone, only managed to reach 34th in the lineup with a B+. Gemini, from the Winklevoss brothers, was 84th with a B-, and Huobi was down at 95th with a B-.
This week, Cryptopia decided to suspend services when they lost a substantial amount of funds after a hack. They were the 60th on the ICORating list with a B as their grade, and police are already investigating.