ICORating released an Exchange Security Report that ranks over 100 popular cryptocurrency exchanges according to four categories – ser security, domain, and registrar security, web security and DoS protection.
The 10-page report ranked Kraken, Cobinhood, and Poloniex as the top 3. While the first two exchanges received a ranking of ‘A’, Poloniex received an ‘A-‘. Notably, one of the most popular exchange Binance was not in the top 20 and was ranked a distant 35 in terms of security.
The Rankings Methodology
ICORating used four categories of user security, domain and registrar security, web security and DoS protection to construct their listing.
User Security accounts were created on each exchange and multiple tests were conducted. User security was further tested and accessed through four parameters. Firstly it was checked for errors in the content of the exchange code that could lead to malfunctions in the application.
Secondly, the ability to create a weak password that the action of confirmation through the mail was tested. Lastly, the availability of 2FA authentication.
Domain and Registrar Security
To check the Domain and Registrar Security, the ICORating’s team checked for errors by inspecting the registry lock, role accounts usage and Domain Name System Security Extensions (DNSSEC).
ICORating checked the fulfillment of specific security standards such as HSTS header presence, Click-jacking attack protection, Drive-by Download attack protection, Man-in-the-middle (MITM) attack protection and more.
The exchanges were also tested for Denial-of-Service (DoS) attack protection.
Each category was scored according to the following system:
- User Account Security: Maximum 17 points, 4 parameters analyzed
- Registrar and Domain Security: Maximum 18 points, 4 parameters analyzed
- Web Security: Maximum 57 points, 10 parameters analyzed
- DoS attack protection: 8 points, 1 parameter analyzed
The maximum possible score to be awarded is 100, none of the exchanges managed to achieve an A+ rating.