Crypto exchanges continue to enjoy great popularity – and numerous hacks have done little to change this. Trackico has scrutinized 135 Exchanges and checked their security. Only a few Bitcoin exchanges were able to really shine.
Word should have got around that the safest place to store your Bitcoin, Monero & Co. is your own wallet. However, anyone who wants to exchange crypto currencies with each other – i.e. trade – will find numerous contact points in the form of crypto exchanges. However, the fact that most Bitcoin exchanges have a centralized infrastructure and thus a single point of failure makes them vulnerable – from the outside and from the inside. Even in this young year, there was already a case of lost funds that caused a sensation. New Zealand’s Crypto-Exchange Cryptopia reported the loss of crypto currencies worth several million US dollars on 15 January.
Until decentralised exchanges (DEX) find a wider audience, their centralised counterparts will continue to determine crypto trading. But which Bitcoin exchanges are considered secure? In December of last year, the ICO rating site trackico put 135 crypto exchanges through their paces – but above all: security.
The analysts focused on four criteria.
In the first place, the experts considered user safety. Is it possible to create a weak user password? What about the code? Does it contain potential sources of error that could cause problems in the application? What is the transaction confirmation via e-mail like? Is two-factor authentication possible (e.g. login with a code sent by SMS)?
The analysts found that only 22 percent of the stock exchanges could excel in all four of the above points. One percent of the 135 exchanges surveyed met only two or fewer criteria satisfactorily.
A second focus of the analysis was the security of the web address. In addition to a registry lock, which prevents changes to the domain, so-called role accounts should have been used for its registration. This protects the data of the person (i.e. the Exchange employee) who has registered the domain. This in turn protects Exchange employees from targeted hacker attacks. In addition, the experts would have liked to have seen a window of six months before a domain could disappear. Among other things, this would prevent renegade Exchange employees from running away with the domain. Most recently, trackico examined the existence of additional security-relevant DNS extensions (DNSSEC).
When it comes to domain security, only three percent of the stock exchanges were able to satisfy the analysts in all respects. At 22 percent, just under a quarter of the stock exchanges met only two or fewer of the required parameters.
The focus here was on the security of the Bitcoin exchanges against various web-based attacks and compliance. More common attacks include heartbleed, POODLE and clickjacking. In total, the Exchanges were able to collect up to ten points. The good news: All exchanges are adequately protected against Heartbleed, POODLE and MITM (Man-in-the-Middle) attacks.
Kraken in particular scored well here: With nine points, the Crypto Exchange scored best in web security.
Protection against DoS attacks
The fourth and final criterion of the analysis is whether the exchanges are sufficiently immune to denial of service attacks. After all, three out of four Bitcoin exchanges scored 74 percent among the experts.
Of course, this also applies to the defendant in case of doubt.
Anyone who feels motivated by the numerous mediocre ratings to once again master their coins will find some suggestions for the secure storage of Bitcoin & Co. in our wallet tutorial.