The latest Exchange Security Report from independent analysts at ICORating has given 16 percent of the world’s biggest crypto trading platforms an A rating, and none of them an A+. The analysis, published Dec. 18, ranked Kraken (A), Cobinhood (A) and Poloniex (A-) as the top three most secure exchanges globally.
ICORating assessed 135 crypto trading platforms, all of whose daily trade value reportedly exceeds $100,000, on the basis of four security categories: user account security, registrar and domain security, web security and DoS attack protection.
No exchanges sealed an A+ ratings, two exchanges (representing 1.5 percent) received a solid A rating, and 16 percent fell within A or A- category. 55 percent scored between B+ and B-, with the remaining rated C+, C or C-.
The analysts’ four security categories were further subdivided into a range of concrete testing parameters; for user security, the report assessed four criteria — including password security and two-factor authentication — finding that just 22 percent met all four.
In regard to domain and registrar security — which include safeguards such as a six-month expiration window for high-profile domains and use of a registry lock — just 3 percent satisfied all four criteria.
Web security, which was analyzed on the basis of 10 criteria — including protection from clickjacking attacks, man-in-the-middle (MITM) attack protection and HSTS header presence — was a more checkered picture.
All exchanges were found to be protected from MITM attacks, POODLE (an attack that exploits some browsers’ handling of encryption) and Heartbleed attacks — the latter entailing a leak of memory contents from the server to the client and from the client to the server. 37 percent meanwhile were found to be using an HSTS header, and 60 percent to be protected against clickjacking.
Protection against Denial-of-Service (DoS) attacks was more widespread, with 74 percent of all exchanges considered to be safe.
As reported just this week, New Zealand crypto exchange Cryptopia — which was ranked 60th by ICORating (B) — suspended services after saying it had detected a major hack that reportedly resulted in significant losses. Police are currently investigating the incident.