Hacken Token
$ -- --.--

1 Year of Cooperation with Coingecko breaking insecure trends among crypto exchanges

In July 2020, Hacken partnered with Coingecko and since then has been providing this cryptocurrency data aggregator with cybersecurity data to improve the quality of its crypto exchange Trust Score rating. 

The Cer.live Cybersecurity Score (CSS) has been created to measure the ability of an exchange to maintain a secure operating environment for both the platform and its users. Exchanges are rated from 1 to 10 through a combination of different security metrics. This cybersecurity score has the 20% weight in CoinGecko’s Trust Score algorithm.

Right now, CER is reviewing 293 crypto exchanges that together accumulate more than $120 billion worth of Ethereum and Bitcoin crypto assets. We have issued more than 100 certificates to exchanges so far.

The primary goal of cer.live is not to promote or criticize any exchanges, but rather to provide an expert view on the state of cybersecurity in the crypto exchange industry and help traders realize which exchanges have solid security in place.

Statistics

There are 65 crypto exchanges (22% of the total) that have a satisfying cybersecurity score of over 5 points. If an exchange has received 5 points for cybersecurity on cer.live, then its cybersecurity score on Coingecko equals 1 point out of 2. The other 78% of crypto exchanges have received 0 points for cybersecurity. Once more we want to underline to everyone that it’s better to avoid cooperation with the exchanges that don’t pay attention to their security and the protection of their user’s data.

Before the cer.live partnered with Coingecko, there were less than 20 exchanges that performed regular security audits. Now, the number has increased to 54. So, the number of exchanges that have started to perform regular security audits has increased by an incredible 270%!

When we look at bug bounty programs, we see a similar improvement. In the middle of 2020, there were only 18 crypto exchanges running a verified bug bounty program or public bug bounty program on third-party platforms. Right now, there are 44 crypto exchanges that have an ongoing bug bounty program. It’s a 244% increase compared to the previous state of affairs. 

We have to notice that cybersecurity is not the only metric that needs to be considered. That’s why on the main table of cer.live we have the “Solvency” tab where users may compare cybersecurity score, trust score, and crypto exchange balance. Even the exchange with the highest cybersecurity score may not be the best choice for traders if the balance and trust score are low.

Top 5 exchanges by progress

Top exchanges that have significantly improved their cybersecurity score starting from July 2020:

  • WhiteBIT – by 7.1 points
    • Started to perform regular pentests
    • Started the third-party managed bug bounty program
    • Performed ISO 27001 audit
    • Created Insurance fund
    • Improved security policies
  • Bithumb Globalby 5.5 points
    • Started to perform regular pentests
    • Started the third-party managed bug bounty program
    • Improved security policies
  • Bitmartby 5.5 points
    • Started to perform regular pentests
    • Started the third-party managed bug bounty program
    • Improved security policies
  • Hotbit – by 5.3 points
    • Started to perform regular pentests
    • Started the third-party managed bug bounty program
    • Improved security policies
  • FTXby 5 points
    • Started to perform regular pentests
    • Started the third-party managed bug bounty program

According to our methodology, the bug bounty program and security audit give +5 points to the exchange’s cybersecurity score. So, the exchanges that have started to perform regular audits and run bug bounty programs could increase their score significantly and, thus, have improved their ranking on CoinGecko.

Top 5 exchanges by the combination of Trust score, Cybersecurity score, and balances

Cybersecurity score is a very important parameter, but there are also other parameters that must be taken into account such as the total balance of coins that an exchange has under custody. 

ExchangeCSSTrust scoreBTC&ETH balances
Binance9.5410.00$27.11b
Coinbase9.5110.00$27.73b
Gemini8.2410.00$14.18b
Kraken9.8610.00$10.18b
Bitfinex7,0310.00$11.25b

This table shows that a cybersecurity score does not always correspond to the balances and other metrics that are included in the trust score.

Plans for the future

The methodology applied by cer.live will become more complicated. Next milestones provide for adding internal and IT control assessments. In Q3, we are planning to improve our DEFI projects security database and change our rating from numbers to letters to resemble S&P ratings.

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.