Binance’s Proof of Reserves gets a security boost thanks to Hacken’s discovery
Hacken researchers identified and helped fix a bug in Binance’s zkSNARK-based Proof of Reserves system related to BasePrice overflow.
🇺🇦 Hacken stands with Ukraine!Learn more
Founded in 2017 and located in Hong Kong, Coinsuper is a crypto exchange. According to the CoinMarketCap, as for October 12th, the company’s trade volume reaches around $200 mln per day (ranking 18th) and $5,78 bln a month (ranking 15th). Since May 2018, Karen Chen has served as the CEO.
Coinsuper has its own token, CEN. On July 16th the company decided to offer an ambiguous Transaction-Fee Mining model which implied 125% reimbursement of trade fees. However, on August 30th the company refused to continue with this activity. Currently, they offer CEN holders transaction fee discounts reaching up to 90% (see Figure 1) and a lockup reward between 8-12% (see Figure 2).
While accepting flat deposits in USD, Coinsuper provides fiat for crypto trading with cryptocurrencies including BTC, ETH, CEN (trade fees 0.2%). The investors can also buy stablecoins including USDT and GUSD (trade fees 0.5%) but can’t trade crypto against them.
Coinsuper employs KYC (Know Your Client) procedures and has AML (Anti-Money Laundering) policy. The company may require a number of documents including bank statements, proof of income, utility bills etc. in order to carry out EDD or Enhanced Due Diligence.
The following table shows several subtotals comprising the CER Cyber Security Score or CSS. Those include App Level Security, SSL/TLS Connection Security, and Domain Security. The points are further subdivided into three parts:
Aggregating Coinsuper’s CSS amounts only to 6.23 points because of a lack of domain security. According to the data analysed , the company is the second lowest in the CER’s CSS rank of exchanges. (see Table 2). That doesn’t seem like a good result for a company responsible for significant finances, does it?
Server Security. Poor server security may jeopardize the entire system, exposing private keys, databases, wallets etc. Is it acceptable for a crypto exchange to let that happen? Storing the most important data on different servers or managing rights and access of different service providers seem like a much better options.
DNSSEC records. DNSSEC protects users from visiting an exchange with a fake IP-address. What may look like the same, in reality, is a copy of an exchange located on a different server. The consequences of weak DNSSEC security may lead to the theft of sensitive data, disposable tokens as well as users’ 2FA code; and that’s not even mentioning stolen confidential information and funds. Is it the proper security?
Web application firewall (WAF). Playing the most important role of crypto exchange protection from different hacking incidents, WAF combines various methods to detect attacks. The defense mechanism prevents the OWASP TOP 10 attacks through signatures and machine learning and distinguishes real users’ behavior from illegal actions of cybercriminals. Such a crucial component as WAF must be present in any reputable exchange.
Due to poor Server Security, the absence of Web Application Firewall and DNSSEC records, the Coinsuper performance rate turned out low. According to the CER’s Cyber Security Score of exchanges, only KuCoin’s position in the rating is lower than that of Coinsuper. Well, the results speak for themselves.
The liquidity of Coinsuper, as well as the credibility of their trade volume, are doubtful. According to the recent charts of the BTC/USD pair, one can see unusual moves in price and volume which are not coordinated with the volatility of the price. The following chart (see Figure 4) clearly displays the $280 fall of BTC price during 30 minutes on 25 BTC volume; but in other periods volume varies between 100- 200 BTC or more.
Another perfect example can be seen on the other BTC/USD chart, (see Figure 5) displaying the 5-minute period during which 450 BTC was traded within a 30 cent price move of BTC. However, trade volume in the more volatile periods is no more than 100 BTC. There is also a period of flat BTC price move for about 3 hours which is a highly unusual case in the fairly traded market.
Monitoring Coinsuper’s BTC/USD orderbook (see Figure 8) and history of trades (see Figures 6,7) for a long period of time, allowed us to conclude some interesting results. Apparently, all trades occurred at 5-10 second intervals with an artificially randomized volume. The prices of those trades varied between $10-$15.
According to the data received, we came to the conclusion that Coinsuper’s trading activity is probably fake because this is not what human behavior looks like. And it doesn’t only happen to the trading pair mentioned above. ETH/USD trading pair’s volume and price moves are also inconsistent, leading us to the same assumptions (see Figure 9).
As for the marketing analysis, we chose to compare the two exchanges we consider to have fake trade volumes (according to previous investigations made by CER team) – Coinsuper and Bitforex, and another two – Bittrex and KuCoin which are more trustworthy in our opinion. We used SimilarWeb Pro for the first comparison in order to get the traffic data of the exchanges for the last quarter.
Site visits. Figure 15 clearly shows the visits of the four exchanges. It’s obvious that the numbers for Coinsuper and Bitforex are significantly lower than those of Bittrex and KuCoin.
Unique visitors. The same situation exists with the number of unique visitors; but this time Coinsuper had the lowest number, totaling 127 000 (see Figure 16).
Twitter Followers. A similar pattern holds with the number of Twitter followers (see Figure 17). Once again, Coinsuper and Bitforex are lagging behind, although the latter has the lowest number of all four exchanges.
Trading Volume. According to the 30-day reported CoinMarketCap volume data (see Figure 18), Coinsuper has the next highest number after Bitforex while the rates of Bittrex and KuCoin are lower.
Trade Volume per Unique Visitor. It turned out that Coinsuper’s Trade Volume per Unique Visitor is more than $45 000. At the same time, KuCoin’s number is $490 and Bittrex’s is $1000 (see Figure 19). Based on the investigation on the Success Case of Bitforex conducted by the CER team in July, Bitforex’s trade volume per unique user was $12,824 (actual data at the moment of research publication) daily which is a lot higher than those numbers of Binance – $861 and Poloniex – $210 per day. It’s nonsense, to say the least.
As a result, such unfair manipulations cause an imbalance in the market and change the CMC ranking algorithm for the crypto exchanges. The real question is how long the community will turn a blind eye to such companies as Coinsuper?
To sum up, all the information given above demonstrates that Coinsuper is quite unreliable and unsuitable for trading cryptocurrencies due to a lack of security and a prevalence of artificial trade volumes.
Download the Full Report to get more details on our inference
To stay updated on the latest CER news follow us on