🇺🇦 Hacken was born in Ukraine, and we stand with all Ukrainians in our fight for freedom!

🇺🇦 Hacken stands with Ukraine!

Learn more

TOP-100 Exchanges By Cybersecurity Score #4

TOP-100 Exchanges By Cybersecurity Score #4

Published: 11 Feb 2021 Updated: 17 Jan 2023

According to the Ciphertrace report, a whopping $516 mln in crypto was stolen from centralized exchanges and DeFi services in 2020 alone. Although most of these hacks were focused on DeFi services, the total value of stolen funds from centralized exchanges was much higher. 

The largest hack in 2020 was the Kucoin hack when attackers stole more than a quarter-billion dollars in various cryptocurrencies. The cryptocurrencies were withdrawn from the exchange’s hot wallet. It is important to note that more than 25% of all Kucoin’s crypto was stored on the exchange’s hot wallet, which is considered a bad practice.

This hack, namely the causes behind it, inspired us to improve our methodology. We have included ISO 27001 and exchange Funds Insurance into our methodology. In the current analysis, CER has reviewed the list of 289 crypto exchanges. Compared to the previous reviews, we have listed derivatives exchanges on the top.

The primary goal of this report is not to promote or degrade any exchanges, but rather to provide an expert view of the state of cybersecurity in the crypto exchange industry.


For a more multifaceted and balanced evaluation, we have decided to add ISO 27001 compliance and funds insurance to our metrics. These features indicate that the clients’ funds are insured and demonstrate that their security meets international standards.

We have to clarify that the insurance fund must cover potential losses in case of hacks. Also, an exchange will be eligible for getting points for ISO 27001 only if the audit has been performed by a certified company authorized to perform such audits.


The New CSS results show that only 14 crypto exchanges (4,8%) out of 289 have gained a “good” cybersecurity score of over 8 points (see fig 1).

Fig. 1. Distribution of CSS results by total score

Since the last methodology update, we have received well over 100 certification requests. Ratings have changed significantly based on the revelations of our latest research

Compared to the previous top 100 research, the number of exchanges performing bug bounty programs to improve their security has increased from 48 to 77 (+60%!). Under the cer.live methodology, we rate self-hosted bug bounty programs two times less than those managed by third-parties. The reason for this is that only neutral third-party platforms can ensure the fair performance of the bug bounty program and there is a guarantee that the hacker will be rewarded for every identified vulnerability. Also, third-party platforms engage more hackers in the bug bounty program that leads to superior cybersecurity outcomes.

Fig. 2. Bug Bounty

The share of bug bounty programs managed by third-party platforms has increased significantly since the beginning of 2020. Most of the bug bounty programs are hosted on the following platforms:

  • HackerOne
  • HackenProof
  • Slowmist
  • BugCrowd

According to our data, 42 (14,5% out of total) exchanges perform regular pentests with different cybersecurity firms. By the end of 2020, the number of received pentest reports increased significantly.

This shows us that not only have crypto exchanges have become more concerned and vocal about security they are beginning to finally put their money where their mouth is.

According to the gathered data, 8 crypto exchanges have been certified as those that meet the ISO 27001 standards, and just 6 exchanges have an insurance fund for the hack cases. And only the following 5 exchanges have both:

We have to notice that the ETH and BTC balances of each of these exchanges are more than $1 billion. 

New Top-100 Exchanges by CSS

Below is a table with the final results. It contains the current score positions, position change, and the exchange’s cybersecurity score (CSS) calculated by CER according to the updated methodology.

#ExchangeCybersecurity scorePosition change
1Binance US9,75+ 5
2Binance9,55+ 5
3Coinbase9,39+ 5
4Crypto9,04+ 5
5Kraken8,75+ 5
7Bithumb Global8,36+ 5
10Gate8,25+ 3
11Gemini8,24+ 3
12Mxc8,11+ 3
14Hotbit8,01+ 2
15Bkex7,92+ 2
16Bitmex7,84+ 2
17Bibox7,77+ 2
19Coinsbit7,64+ 1
20Bitget7,53+ 2
22Nicehash7,14+ 1
23FTX6,93+ 1
29Okex Korea6,380
32Bittrex6,03+ 2
33Currency5,96+ 2
34Indodax5,79+ 2
35Latoken5,70+ 2
37Bitopro5,69+ 1
38Blockchain.com5,57+ 1
39Bitstamp5,57+ 1
53Coinsuper4,86+ 3
55Hoo4,82+ 2
73Huobi Korea3,86+ 1
74EtoroX3,84+ 1
75Bitpanda3,82+ 1
76Bankera3,78+ 1
77Btcmarkets3,78+ 1
78Okcoin3,70+ 1
79Exmo3,65+ 8
80Coinjar3,54+ 8
81Bitbns3,41+ 8
82Coinhe3,40+ 8
84Phemex3,31+ 7
85Wazirx3,28+ 7
86Deribit3,28+ 7
87Unnamed3,25+ 7
89Txbit3,18+ 6
91Stex3,15+ 5
92Decoin3,13+ 5
93Btcturk3,11+ 5
94Bitfex3,08+ 5
95Bithumbsg3,03+ 5
96Bitsdaq3,02+ 5
97Coinmetro3,00+ 5
98Probit3,00+ 5
99Velic2,99+ 5
100FTX US2,98+ 5


Research results have shown that security becomes an increasing trend among cryptocurrency exchanges. Nevertheless, the overall safety assessment remains low. Less than 10% of the exchanges investigated have a good (8 or higher) level of security.

After the methodology update, except for 6 platforms, the score of most exchanges has decreased. Thus, a very small number of exchanges with large client bases got points for the features added to cer.live methodology. Ethereum and Bitcoin balances of these exchanges are well over $1 billion.
CER ranking will be updated in a week after the article publication. Exchange representatives can contact us through cer.live contact form to get a cybersecurity score review and submit certification data.

share via social

Subscribe to our research

Enter your email address to subscribe to Hacken Research and receive notifications of new posts by email

Interested in getting to know whether your systems are vulnerable to cyberattacks?

Tell us about your project

  • This field is required
  • This field is required
    • telegram icon Telegram
    • whatsapp icon WhatsApp
    • wechat icon WeChat
    • signal icon Signal
  • This field is required
  • This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,200+ Audited Projects

companies logos

Apply for partnership

  • This field is required
  • This field is required
  • This field is required
  • This field is required
    • Foundation
    • VC
    • Angel investments
    • IDO or IEO platform
    • Protocol
    • Blockchain
    • Legal
    • Insurance
    • Development
    • Marketing
    • Influencer
    • Other
This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,200+ Audited Projects

companies logos

Get in touch

  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
By submitting this form you agree to the Privacy Policy and information beeing used to contact you
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo