By Natalie Lord
The world is becoming increasingly digital with the advent of cryptocurrencies and blockchain propelling investors into intangible arenas. Blockchain has been lauded for its trust element and secure nature which render compromise extremely difficult. Cryptocurrencies, however, have been more vulnerable with multiple exchange breaches seen since the advent of Bitcoin.
The most recent Exchange Security Report from independent analysts at ICORating (published in December 2018), awarded an A rating to 16% of the world’s largest crypto trading platforms. None of them received an A+ rating. Kraken and Cobinhood topped the chart, both scoring As, followed by Poloniex which received an A- rating. Of all the exchanges reviewed, 16% fell within the A or A- category, 55% scored a rating of between B+ and B- with the remaining being rated C+, C or C-.
The results were based on assessment of 135 crypto trading platforms with a daily trading value of more than US$100,000 with four security categories looked at: web security, DoS attack protection, registrar and domain security and user account security.
Tony Mackay, Founder and CEO of digital exchange Kryptos-X, says that no professional or institutional traders will want to use a platform with lackadaisical security controls, as they rightfully demand safety for their accounts and protection of their assets. He points out that for digital asset exchanges, when compliance is viewed in terms of facilitating trust and establishing accountability, it becomes attractive as a way of encouraging participation. He highlights the importance of communicating to those trading on an exchange that everyone has gone through rigorous verification and authorization processes, and the importance of assuring clients that the platform itself is committed to protecting all participants from bad actors. For example, verifying coins submitted to an exchange for trade and ensuring they are not on banned lists is key.
“The Kryptos-X team has considerable experience in operating traditional regulated securities markets and financial institutions where market integrity and cyber security are paramount,” he says. “We are applying these principles to weed out bad participants from Kryptos-X and to ensure that there is a level playing field for all participants. We deploy the best of market security measures such as 2FA and complex password, encryption and industry leading security for tokens, coins and keys to ensure as safe a trading platform as possible.”
Another recent report from ICORating.com looking at exchange security profiled 100 exchanges whose daily volume exceeds US$1million. Amongst its findings: 41% of exchanges allow passwords with fewer than 8 symbols, 37% allow passwords made up of only letters or digits and 5% allow accounts to be created without requiring account verification. The results were published showing aggregated security scores. Coinbase topped the table scoring 89/100 with Kraken next at 80/100. Bitmex and Gopax came joint third (78) with Cobinhood (8th), Ethfinex (12th), Bittrex (13th) and Binance (17th). Okcoin.cn came bottom of the list, scoring just 15/100. Mercatox came in only marginally better at 25/100 with Zaif at 29/100.
Zaif, the Japan-based cryptocurrency exchange, was hacked last year to the tune of about US$60 million. Hackers gained unauthorised access to the exchange’s hot wallets and stole 5,966 Bitcoins, Bitcoin cash and MonaCoin.
In the past eight years, 31 crypto exchanges have been hacked with an estimated US$1.3 billion stolen. Crypto exchange International Digital Currency Markets (IDCM) uses new technology like artificial intelligence (AI) to assist with its security efforts alongside technology which constantly monitors the network for suspicious activity.
The issue of exchange security is becoming increasingly important as more institutional investors enter the cryptocurrency space, and the success of exchanges will invariably be contingent on their security prowess. Complex passwords, encryption and artificial intelligence could just be the start of a new era of security to safeguard your digital assets.