ICORating recently released its Exchange Security Report that ranks over 100 popular cryptocurrency exchanges according to the four categories of user security, domain and registrar security, web security and DoS protection.
In the 10 page report available online, three exchanges topped the list: Kraken, Cobinhood and Poloniex. The first two exchanges received a ranking of ‘A’ whereas Poloniex received an ‘A-‘. Below is a screenshot of the exchanges that topped the list. To note is that Binance was not in the top 20 and was ranked a distant 35 in terms of security.
Methodology of the Rankings
As earlier mentioned, ICORating used the four categories of user security, domain and registrar security, web security and DoS protection.
In the case of User Security, accounts were created on each exchange and multiple tests were conducted. The security of the user was determined using four parameters. The first was to check for errors in the content of the exchange code that could lead to malfunctions in the application. Secondly, was the ability to create a weak password. Thirdly, was confirmation of actions through mail. Fourthly, the availability of 2FA authentication.
To check the Domain and Registrar Security, the team checked for errors by inspecting the registry lock, role accounts usage and Domain Name System Security Extensions (DNSSEC). For web security, ICORating checked the fulfillment of specific security standards such as HSTS header presence, Click-jacking attack protection, Drive-by Download attack protection, Man-in-the-middle (MITM) attack protection and more. The team at ICORanking also tested for Denial-of-Service (DoS) attack protection.
Each category was scored according to the following system:
- User Account Security: Maximum 17 points, 4 parameters analyzed
- Registrar and Domain Security: Maximum 18 points, 4 parameters analyzed
- Web Security: Maximum 57 points, 10 parameters analyzed
- DoS attack protection: 8 points , 1 parameter analyzed
A total of 100 points was the maximum possible score during the security testing of the exchanges. None of the exchanges managed to achieve an A+ rating.
What are your thoughts on the security rankings of exchanges according to ICORating? Do you agree with their findings? Please let us know in the comment section below.