$1.3 billion dollars has been stolen from crypto exchanges in the past 8 years and cryptocurrency investors using exchanges still bear a lot of risk, say researchers at ICORating, who yesterday issued a report detailing security levels at crypto exchanges handling more than $1 million USD per day in trades.
The report assesses user and site security, including that of registrars, domains and web protocols at exchanges across the globe .
According to the assessment, the three most secure exchanges operating now are Coinbase Pro (89%), Kraken (80%) and Bitmex (78%).
Other exchanges in the top ten are GOPAX (78%), CPDAX (74%), Bitlish (74%), BtcTurk (74%), Cobinhood (71%), Hobbit (69%) and Coinut (69%).
High profile exchange Binance, which reportedly handles more than $1 billion USD per day in crypto trades scored only 63%.
Surprisingly, high-profile exchanges Bitfinex and Gemini both scored a mere 43% for security and were slightly outperformed by the more modest exchanges QuadrigaCX (50%), Poloniex (47%), and the relatively new Huobi (46%) and Gate.io (44%).
The recently hacked Japanese exchange Zaif appears near the bottom at #89 (29%), and OKCoin is dead last at 15%.
The report assessed console errors (non-critical code errors in user interfaces that could result in data loss). 68% of exchanges had no such errors.
41% of the assessed exchanges allowed passwords with fewer than 8 symbols; 5% allowed the creation of accounts without email verification.
Some good news is that only 3% of exchanges lacked a two-factor authentication option, but all told, only 46% of exchanges had high user account security and accomplished all four relevant parameters.
Typically, exchanges performed better on securing user interfaces than on securing sites themselves, particularly in terms of registrar and domain security.
“I am surprised as to the fact that 29% of all exchanges do not incorporate web protocols security as outlined in the report. Not using HTTPS? Unforgivable,” said Crowdfund Insider Co-Founder and CEO Andrew Dix regarding the report:
“As most of these exchanges are fairly new sites, they should begin with user security as a starting point … Not something to add later.”