Research Shows 54% of Cryptocurrency Exchanges Lack Adequate Security

There have been many of speculations going on for the past couple of months and years about cryptocurrencies.

Some have been correct, others not, but irrespective of what is said, there is a section of the cryptocurrency community that’s affected in one way or the other.

In a newly released study that examined 100 exchanges each having a daily trading volume of more than $1 million, researchers established that the platforms lacked adequate security features necessary during the creation of an account and in running the exchange.

Inadequate Security

The report, released by ICORating, highlighted how the various exchanges lacked proper security features paramount in protecting either the customer or the company itself.

Among the issues pointed out is the failure by the exchanges to implement the use of complex passwords that consist of alphanumeric characters and symbols.

The research revealed that out of the 100 platforms—each of which the researchers created an account on—showed that 3 percent of the exchanges lack Two-Factor Authentication, 5 percent of them did not require email verification, 37 percent allowed the account holder to use only letters or numbers as a password, and another 41 percent enabled the use of passwords with less than eight characters.

Something else pointed out is use of private email addresses by customers which enables them to hide their identity in the highest possible manner. In recent years, the slow regulation in the industry has pushed for the use of Know Your Customer policies whereby an exchange is required to have all the personal details of the customers.

For situations where users of a platform do not submit an email address that can be linked to them, it hampers the security as it provides leeway for such customers use the avenues in perpetrating fraud.

In as much as 97 percent of the platforms offered Two-Factor Authentication, not all users of these exchanges use the feature, exposing themselves to further risks that may lead to their accounts getting compromised.

Even though the situation as of now leaves a majority of users exposed to having their account compromised, there is still hope that the case will get better.

When tabulated, the statistics reveal that only 4 percent of all the exchanges sampled adhered to all the parameters, meaning more than half still need to up their game.

The figure shows that much needs to be done to ensure that it is nearly impossible to compromise accounts.

Even though hackers are continually improving their tactics, combined efforts among key stakeholders can keep the situation under control.

Apart from the issues pointed out above, there were some more; such as 32 percent of exchanges have coding errors in JavaScript and CSS.

No matter how trivial they are, they do have an effect on the overall security of a website.

Another parameter taken into account during the research are DNS Security Extensions which only one in every 10 used this protocol extension crucial to prevent the DNS cache from poisoning through authentication by use of cryptographic signatures.

There is also the registry lock which is being used by only 2 percent of the exchanges sampled.

The essence of this feature is to prevent unnecessary changes to the domain.

The researchers went a step deeper and analyzed the registrar lock, which is different for the registry lock.

The registrar lock prevents the hijacking of a domain since one requires more than just authentication to facilitate any changes in the global registry.

Last but not least, the study also looked at the web protocols security assessment of five headers meant to prevent certain types of attacks, namely X-content-type-options, X-frame-options, Strict-Transport-Security, Content Security Policy and X-XSS-Protection.

Analysis of the headers revealed that only one of 10 exchanges used all five headers—29 percent of the platforms had none at all, and only 17 percent used the Content Security Policy header which helps to identify browsers and prevent XSS attacks.

Cryptocurrencies a Major Target for Hackers

This year alone there has been a drastic increase in the frequency of cryptocurrency-related crime, and more than half of these incidents have their roots in the U.S.

Since there are many ways in which criminal activities associated with virtual money can occur, the research detailing how the U.S. is responsible for cryptocurrency crime highlighted the number of accounts falling victim to a hack.

The lack of adequate security in cryptocurrency exchanges has not only led to the platforms falling victim to hacks but also an increase in the individual number of accounts getting compromised.

In 2018 for instance, the number of user accounts that experienced hacks and stolen funds was nearly twice as much as that in 2017.

The figure should be a cause for alarm because it is showing that these hackers perfecting their game like never before.

Additionally, the rate at which they are devising new tactics to perpetrate fraud is not proportional to the rate at which the security of some systems is being improved.

In light of what is happening in the sector, there are some unfortunate events that keep on happening from time to time.

In the event of a hack on an individual account, the owner is left to suffer the losses because the exchange regards the situation as neglect on the customer’s side.

Then in other instances, whenever a significant hack has transpired on a big platform and the accounts of several users affected, they take quite some time to refund the customers what they lost.

Unfortunate Eventualities

As earlier mentioned, major cryptocurrency trading avenues have not been spared by hackers over the years, and it is justified to say that sometime in future there is a very high probability that the world will see more significant hacks than ever before.

Take, for instance, the infamous Mt. Gox saga which is one of the biggest Bitcoin exchange hacks of our time.

The hack occurred in a span of years and would have served as a wake up call to the cryptocurrency community.

However, as much as exchanges tried to avoid falling victim to the same fate that befell Mt. Gox, many of them ultimately faced a similar end.

The only difference is the mode in which an attack has transpired. In the case of Mt. Gox, the hack happened as a result of an inside job.

In other situations, technical errors in virtual exchanges may lead to the exposure of customers’ details but not the loss of funds. In a recent example of where the same happened, Brazil-based trading platform Atlas Quantum fell under a hack that exposed the data of around 261,000 users.

The hack led to the theft of the victims’ personal details including account balances, phone numbers and email addresses.