A minority of 135 cryptoasset exchanges achieved very high marks for security, after an audit conducted by the IcoRating.com crypto analysis website. On an A+ to C- grading scale, no exchanges received the top mark, while only two got an A and 19 got an A-.
The top five exchanges were Kraken, Cobinhood, Poloniex, BitMEX, and Bitfinex. Coinbase Pro took the number nine spot, HitBTC number thirteen. Notably, Binance – at time of writing the number one exchange by adjusted volume on CoinMarketCap – was an unimpressive 34th on the list. Also striking is Gemini’s ranking, an abysmal 84th – striking because of Gemini’s association with the Winklevoss twins’ “Bitlicense,” one of the most important legal frameworks of the industry.
Grading Parameters
The report used four parameters to judge the exchanges’ security robustness: User security, domain and registrar security, web security, and denial-of-service (DoS) protection.
The user security category was assessed by an audit of the exchange code, a standard of refusal of weak passwords, and availability of two-factor authentication. Domain security was judged by the presence of a series of protections concerning how the exchanges’ owners/employees access the sites, to ensure security through their access. Only three percent of exchanges met all domain security criteria laid out by IcoRating.
Web security was judged by checking for the presence of an array of general high security standards, as well as protection from known exploits such as the Heartbleed bug, “clickjacking” protection, mandatory connection using HTTPS protocol, and other checks. Only 37% of websites force HTTPS connections. Kraken generally swept this category and ranked first.
DoS protection was the best-performing category, with 74% of exchanges protected from this kind of attack.
For cross-comparison, security is briefly assessed in the latest CryptoCompare exchange digest, although not nearly to the same degree as IcoRating’s work. CryptoCompare found that only one third of top exchanges (out of 130 assessed) store the vast majority of user funds in cold storage (offline wallets). None of IcoRating’s top-rated exchanges are on CryptoCompare’s list of top cold storage exchanges.
The CryptoCompare report also points out that nine percent of surveyed exchanges have been hacked in the past.