Traders hope and expect the exchange they’re trading on takes security seriously. But while all crypto platforms pay lip service to good cybersecurity practices, many fail at even the most basic measures such as enforcing strong passwords. New research has found 54% of all cryptocurrency exchanges have poor security in at least one area, leaving them and their users vulnerable to attack.
Also read: Japanese Regulators Urgently Respond to Zaif’s Hack
Despite Hundreds of Millions of Dollars in Hacks, Many Exchanges Still Have Shoddy Security
The cryptocurrency landscape has changed significantly since Bitcoin’s earliest days, but one thing that’s remained constant is exchange breaches. From the Mt Gox days to last month’s Zaif hack, exchanges have been regularly surrendering their funds, despite the increasing value of crypto assets incentivizing them to up their opsec. A detailed new report from ICO Rating has revealed the extent of the lax security practices that pervade many exchanges, including several supposedly top-tier platforms.
The ICO listing and analysis site profiled 100 exchanges whose daily volume exceeds $1 million and found most of them wanting in one or more areas. For example:
- 41% of exchanges allow passwords with fewer than 8 symbols
- 37% of exchanges allow passwords with either digits or letters alone
- 5% of exchanges allow the creation of accounts without email verification
- 3% of exchanges lack 2FA
- Only 46% of exchanges meet all four parameters
- Just 4% of Exchanges Were Found to Have Best Practice for Domain Security
ICO Rating also considered registrar and domain security. Specifically, it looked for things such as a registry lock, preventing unauthorized changes to the domain registry, and DNSSEC, to prevent DNS cache poisoning, which has been
