Over Half Of Cryptocurrency Exchanges Have Poor Security For User Accounts: Report

A report on the security of cryptocurrency exchanges was published Tuesday by ICORating, an agency that does independent analytical research to evaluate initial coin offering projects, and assigns them a rating. The report said that over the past 8 years, about 31 cryptocurrency exchanges had been hacked and about $1.3 billion stolen, and that over half the current exchanges had security vulnerabilities for users' accounts.

The ICORating report analyzed the potential reasons for exchange being hacked, based on four security criteria: code errors, user account security, registrar and domain security, and web protocol security. According to the report, Coinbase Pro scored 89 (on a maximum of 100) overall, and stood at top of the rankings, followed by Kraken which scored 80. For the purpose of drafting the report, only those exchanges whose daily trade value exceeds $1 million were selected and the total number of exchanges on the list was 100.

Further, only 46 percent of exchanges analyzed in the report met all four parameters for securing users' accounts. These parameters were creating a password longer than 8 characters, passwords with both digits and letters, email verification, and the presence of two-factor authentication.

Exchanged fared worse when in came to other criteria. The report found 32 percent of the exchanges to have vulnerability in their code, which could lead to the malfunctioning of some systems and the subsequent loss of user data. For registrar and domain security, only 4 percent of exchanges were found to be using best practices like registry lock to prevent others from making changes to the domain and role accounts.

At present, over 200 cryptocurrency exchanges are functioning and unlike earlier times, the hack of any one exchange would not affect the market on a large scale. Even as countries like Japan are taking steps to ensure basic security measures that must be met by cryptocurrency exchanges, traders are not fully protected from security vulnerabilities. These losses could be attributed to the lack of security measures in the exchanges.

"Over the years, digital thieves have stolen millions of dollars’ worth of cryptocurrency from various exchanges. Transactions and assets are not secured in any way, which makes investing in cryptocurrencies really hazardous. The largest cryptocurrency exchanges contain vast amounts of digital cash. These facts are really attractive for hackers," the report said.

In the past, exchanges like Mt.Gox, Bitcoinica, PicoStocks, and Bitcurex have been victims of multiple instances of hacking.

Mt. Gox, which was the world’s largest bitcoin exchange at one point — handling 70 percent of the world’s bitcoin transactions — announced in 2014 that approximately 850,000 bitcoins belonging to customers and the company were missing and likely stolen, the amount valued at over $450 million at the time (approximately $5.465 billion now). The reasons for this hack were attributed to a lack of testing policy since the codes used by the site were issued by CEO Mark Karpeles, which in turn resulted in improper management.

The second largest hack after Mt.gox — in terms of the number of bitcoins stolen — was of Bitfinex. In 2016, the Hong Kong-based cryptocurrency exchange platform was hacked and 120,000 bitcoins, worth $72 million at the time (approximately $770 million now), were stolen. The reason for this hack was poor management of user accounts. In the ICORating report, Bitfinex is ranked #54 and scored 43 points.

Zaif, another exchange that was recently hacked and lost up to $60 million worth of cryptocurrencies, came in at 89th place, scoring just 29 points. It was one among the two exchanges that didn't meet any of the four criteria completely, the other being OKCoin.cn in the 100th place.