Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
Cloud Penetration Testing
Secure your cloud with Hacken's expert penetration testing. Our certified team delivers tailored security solutions for AWS, Azure, Kubernetes, and more, ensuring your data's safety.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

TOP-100 EXCHANGES BY CYBERSECURITY SCORE #3 AND COMBINED SCORE (MARCH 2020)

TOP-100 EXCHANGES BY CYBERSECURITY SCORE #3 AND COMBINED SCORE (MARCH 2020)

9 minutes

It is obvious that in the modern economy cyber security is one of the most crucial issues requiring proper maintenance. Especially in the crypto exchanges industry since over $282 million were stolen in 11 hacks from crypto trading platforms in 2019 according to a report by Chainanalysis. Although the total amount stolen is much smaller than in 2018 the number of attacks significantly increased. Therefore CER continues to monitor and assess the cyber security of crypto exchanges.

In the current Analysis CER used the list of 236 spot crypto exchanges from CoinGecko with Trust Score available as of 24.03.2020.

The initial Cyber Security Score (CSS) methodology was described in the first report and the updates are highlighted in the second report. For the current report the methodology was slightly adjusted by altering weight coefficients of certain parameters and changing the calculation of Password Requirements for more balanced results.

Statistics

The CSS results from results showed that only 19 crypto exchanges (8%) out of 236 gained “good” scores of over 8 points and higher (see fig 1).

**Fig. 1.** Distribution of CSS results by total score.

While the vast part of the sample (148 crypto exchanges, 62.8%) scored moderately (6 to 8 points), 69 crypto exchanges (29.2% out of total) totaled lower than 6 points.

Just like in the previous CSS report the Bug Bounty availability appeared to be weakest parameter again (see fig. 2)

Missing HTTP headers is the second weakest parameter as 76.7% of exchanges miss 4+ headers out of 7 (see fig. 3)

And another notable weakness is the presence of captcha during the sign-up and sign-in process on the trading platforms. 97 of exchanges (41.1%) don’t have captcha at all (see fig. 4).

The results for Password Requirements are way better than in the previous report due to altered methodology. Nevertheless some crypto exchanges treat this parameter irresponsibly as 13.56% of them scored 1 or 0 points. And in one particular case the platform allowed to create a 1-symbol password.

New CSS Top-100 Spot Exchanges

Table 1 below provides the list of Top-100 out of 236 sample spot crypto exchanges by CSS total results. It also contains sub-scores for Server Security, User Security, Crowdsourced Security and Historical Cases.

#	Exchange	Server Security	User Security	Crowdsourced Security	Historical Cases	Total
1	btcturk	8,50	9,47	10	10	9,02
2	otcbtc	7,95	8,47	10	10	9,02
3	binance_us	9,23	9,47	10	8	8,91
4	bilaxy	8,41	8,12	5	10	8,76
5	bit_z	8,11	8,15	10	10	8,66
6	kucoin	9,14	8,47	10	10	8,65
7	btc_alpha	8,32	7,65	5	10	8,6
8	bitsonic	7,75	8,59	10	10	8,6
9	kraken	7,00	7,65	10	7	8,56
10	binance	7,93	9,47	10	3,5	8,51
11	altilly	8,95	8,00	5	10	8,47
12	coinbase	8,14	7,65	10	10	8,46
13	hitbtc	8,50	6,74	10	10	8,31
14	indodax	4,95	9,12	0	10	8,26
15	oceanex	7,91	7,59	5	10	8,26
16	binance_jersey	7,61	9,47	5	10	8,26
17	poloniex	10,00	6,76	10	10	8,2
18	bigone	8,39	9,74	0	10	8,07
19	txbit	8,55	7,65	0	10	8
20	bitholic	8,18	7,82	0	10	7,86
21	gate	8,68	9,21	5	3,5	7,82
22	kuna	6,86	8,38	5	10	7,77
23	qtrade	8,16	6,85	5	10	7,77
24	bitexlive	9,27	8,09	0	10	7,69
25	bitopro	7,50	8,00	0	10	7,66
26	coinone	9,55	7,12	5	10	7,6
27	bitsdaq	9,68	8,85	0	10	7,59
28	whitebit	8,18	8,06	0	10	7,58
29	bitmax	8,23	8,00	0	10	7,56
30	probit	7,59	8,68	0	10	7,54
31	huobi	8,36	9,21	0	10	7,54
32	coinfloor	8,68	8,59	0	10	7,54
33	mxc	8,00	9,21	0	10	7,54
34	velic	7,64	9,12	0	10	7,53
35	paribu	8,11	6,24	0	10	7,52
36	ftx_spot	6,55	6,18	0	10	7,5
37	bhex	5,73	7,26	5	10	7,48
38	vebitcoin	5,34	9,21	0	10	7,46
39	kkcoin	6,68	9,21	0	10	7,45
40	bitlish	7,84	5,85	0	10	7,39
41	dragonex	8,27	8,59	5	1,5	7,39
42	livecoin	7,36	8,59	0	10	7,37
43	sistemkoin	7,82	7,53	5	10	7,36
44	jex	8,73	6,00	10	10	7,34
45	gemini	7,82	6,62	0	10	7,33
46	chainex	9,41	7,50	0	10	7,31
47	huobi_japan	7,20	8,47	0	10	7,31
48	bgogo	6,50	6,85	0	10	7,29
49	cbx	6,30	8,94	0	10	7,28
50	graviex	8,45	5,18	10	8	7,26
51	bitflyer	5,75	7,65	0	7	7,24
52	tokenize	8,18	8,38	0	10	7,2
53	huobi_korea	8,95	8,85	0	8,5	7,19
54	quoine	8,14	6,18	0	10	7,18
55	p2pb2b	9,45	7,26	5	10	7,17
56	gdac	6,86	6,91	0	10	7,16
57	exrates	8,68	6,44	0	10	7,15
58	coindeal	8,41	9,12	0	10	7,12
59	cointiger	6,86	8,32	0	10	7,12
60	independent_reserve	7,95	6,76	0	10	7,12
61	coinzo	7,89	7,12	0	10	7,12
62	ooobtc	7,91	6,59	5	10	7,12
63	bitcoin_com	7,25	7,53	0	10	7,09
64	coinbig	10,00	7,53	0	10	7,08
65	bitpanda	7,89	5,79	5	10	7,07
66	bitbay	7,48	5,97	5	10	7,07
67	bitforex	7,52	8,32	0	10	7,07
68	ecxx	7,36	7,12	0	10	7,06
69	dsx	10,00	6,91	0	10	7,05
70	bitstorage	6,86	7,38	0	10	6,99
71	Decoin	8,45	8,74	0	10	6,99
72	bankera	7,27	6,85	5	10	6,97
73	dcoin	6,45	6,24	5	10	6,96
74	luno	5,18	6,91	0	10	6,95
75	btcmarkets	6,07	4,91	5	10	6,95
76	coinflex	7,36	5,97	5	3	6,95
77	c2cx	5,14	7,85	0	10	6,95
78	ovex	7,45	6,94	0	10	6,94
79	bvnex	6,57	7,12	0	10	6,94
80	bihodl	8,41	7,53	0	10	6,94
81	hotbit	7,59	8,06	0	5,5	6,93
82	bithumb_global	6,41	9,00	0	1,5	6,93
83	bitso	8,95	6,35	0	5	6,92
84	bitkub	5,64	6,76	0	10	6,92
85	eToroX	9,14	5,29	5	10	6,9
86	tokok	6,68	7,15	0	10	6,9
87	coss	6,32	8,38	0	7	6,89
88	lbank	4,59	8,32	0	10	6,88
89	omgfin	7,95	5,06	0	10	6,86
90	yobit	7,55	6,24	0	10	6,84
91	daybit	7,14	8,26	0	10	6,83
92	exmarkets	5,91	5,24	0	10	6,82
93	cex	8,14	5,79	0	10	6,79
94	unnamed	6,91	7,35	0	10	6,78
95	coinsuper	4,27	6,26	5	10	6,78
96	okex_korea	8,23	7,65	5	5,5	6,77
97	beaxy	4,41	6,91	5	3	6,77
98	elitex	7,20	7,65	0	10	6,77
99	bit2c	7,05	5,29	0	10	6,76
100	coinex	6,32	6,74	0	10	6,76

Table 1. Top-100 crypto exchanges by CSS results

Combined Score

Cyber Security is one of the most important parameters one should consider while evaluating crypto exchanges. But Cyber Security alone doesn’t give the full view of the trading platform’s grade. For more balanced evaluation other parameters should be assessed. Therefore CER calculated the Combined Score by adding CSS and CoinGecko’s Trust Score equally weighted. Fig. 5 shows the distribution by Combined Score results.

Fig. 5. Distribution of Combined Score.

In the table 2 below one can find the list of Top-100 crypto exchanges by Combined Score.

#	Exchange	CSS	CoinGecko Trust Score	CSS + GC
1	binance_us	8,91	10	9,46
2	kucoin	8,65	10	9,33
3	kraken	8,56	10	9,28
4	binance	8,51	10	9,26
5	coinbase	8,46	10	9,23
6	poloniex	8,2	10	9,10
7	bitflyer	7,24	10	8,62
8	gate	7,82	9	8,41
9	bithumb	6,64	10	8,32
10	coinone	7,6	9	8,30
11	bitfinex	6,6	10	8,30
12	huobi	7,54	9	8,27
13	ftx_spot	7,5	9	8,25
14	bittrex	6,43	10	8,22
15	gemini	7,33	9	8,17
16	bigone	8,07	8	8,04
17	probit	7,54	8	7,77
18	paribu	7,52	8	7,76
19	bitstamp	5,35	10	7,68
20	hitbtc	8,31	7	7,66
21	indodax	8,26	7	7,63
22	oceanex	8,26	7	7,63
23	tokenize	7,2	8	7,60
24	quoine	7,18	8	7,59
25	coindeal	7,12	8	7,56
26	bitbank	6,07	9	7,54
27	luno	6,95	8	7,48
28	btcmarkets	6,95	8	7,48
29	bitso	6,92	8	7,46
30	bitkub	6,92	8	7,46
31	coss	6,89	8	7,45
32	cex	6,79	8	7,40
33	floatsv	6,69	8	7,35
34	bitopro	7,66	7	7,33
35	max_maicoin	6,64	8	7,32
36	btc_alpha	8,6	6	7,30
37	bitsdaq	7,59	7	7,30
38	bitmax	7,56	7	7,28
39	bitlish	7,39	7	7,20
40	livecoin	7,37	7	7,19
41	upbit	6,24	8	7,12
42	cointiger	7,12	7	7,06
43	independent_reserve	7,12	7	7,06
44	bitpanda	7,07	7	7,04
45	bitbay	7,07	7	7,04
46	dsx	7,05	7	7,03
47	exmo	6,04	8	7,02
48	dcoin	6,96	7	6,98
49	hotbit	6,93	7	6,97
50	bithumb_global	6,93	7	6,97
51	eToroX	6,9	7	6,95
52	omgfin	6,86	7	6,93
53	kuna	7,77	6	6,89
54	okex_korea	6,77	7	6,89
55	bitexlive	7,69	6	6,85
56	gopax	6,68	7	6,84
57	bit_z	8,66	5	6,83
58	coinsbit	6,64	7	6,82
59	coinfloor	7,54	6	6,77
60	dragonex	7,39	6	6,70
61	therocktrading	6,31	7	6,66
62	digifinex	6,3	7	6,65
63	graviex	7,26	6	6,63
64	bw	6,23	7	6,62
65	zb	6,21	7	6,61
66	btse	6,19	7	6,60
67	p2pb2b	7,17	6	6,59
68	coinzo	7,12	6	6,56
69	bitforex	7,07	6	6,54
70	bkex	6,05	7	6,53
71	bankera	6,97	6	6,49
72	coinflex	6,95	6	6,48
73	ovex	6,94	6	6,47
74	coincheck	5,91	7	6,46
75	aex	5,91	7	6,46
76	itbit	5,9	7	6,45
77	coinsuper	6,78	6	6,39
78	qtrade	7,77	5	6,39
79	elitex	6,77	6	6,39
80	bilaxy	8,76	4	6,38
81	okex	6,73	6	6,37
82	bibox	6,72	6	6,36
83	bitsonic	8,6	4	6,30
84	eterbase	6,53	6	6,27
85	bhex	7,48	5	6,24
86	vebitcoin	7,46	5	6,23
87	bitmart	6,46	6	6,23
88	kkcoin	7,45	5	6,23
89	korbit	6,4	6	6,20
90	latoken	6,38	6	6,19
91	crex24	6,36	6	6,18
92	okcoin	6,31	6	6,16
93	shortex	6,14	6	6,07
94	btcturk	9,02	3	6,01
95	txbit	8	4	6,00
96	bitstorage	6,99	5	6,00
97	Decoin	6,99	5	6,00
98	bvnex	6,94	5	5,97
99	zbg	4,88	7	5,94
100	lbank	6,88	5	5,94

Table 2. Top-100 crypto exchanges by Combined Score

Conclusions

As apparent from CSS results only 8% of trading platforms scored favorably (8 points and higher) and over 29.2% of them received fair results (below 6 points). These figures are once more highlighting the need for cyber security enhancement in the industry.As an answer on a demand for complex versatile ranking of crypto exchanges CER integrated CSS and CoinGecko’s Trust Score. The Combined Score provides a more comprehensive and multifaceted rating of cryptocurrency trading platforms. We believe that the approach of combining different assessment methodologies will help users to better evaluate the grade of crypto exchanges. Exchanges representatives can get details about their exchange rating by leaving a request in our contact form.