Over Half of All Crypto Exchanges Have Security Vulnerabilities: Report

bitcoin price

A recent report from ICO Rating has found that only 46% of cryptocurrency exchanges meet the desired security parameters with the remaining 54% considered to have sub-par security measures in place, leaving hundreds of thousands of traders and investors exposed. The sample group of exchanges contains 100 exchanges all of which have a 24-hour volume of over $1 million.

A total of $1.3 billion has been stolen from hacked cryptocurrency exchanges since 2010, and yet it still seems that exchange operators are failing to take security seriously. The security report published last week by ICO Rating considers the following four factors when establishing a security rating:

  • Console errors
  • User Account Security
  • Registrar and Domain Security
  • Web Protocols Security

Here’s what each of those relates to.

Console Errors

Console errors have caused data loss before, although this is usually not the result of a malicious attack but coding problems. The report found that 32% of exchanges have code errors that lead to operational malfunction.

User Account Security

To measure this, the analysts created a separate account on each exchange and examined password security as well as email verification and 2FA measures. They found that 41% of exchanges allow for the creation of a password less than 8 characters long and therefore considered unsafe to use. 37% of exchanges allow users to create their passwords out of letters or numerical digits only without combining the two, which is also considered to be a security flaw.

More seriously, 5% of exchanges allow users to create accounts without email verification and 3% of exchanges lack 2FA (two-factor authentication which requires users to confirm with a separate device their sign-in, considered to be a fundamental aspect of fund protection).

Registrar and Domain Security

The analysts used Cloudflare to identify security flaws regarding their domain and registrar.

A number of factors were considered here, such as registry lock which prevents anyone using out-of-band communication with the registry from making domain changes as well as registrar lock which prevents domain hijacking through heightened security measures such as requiring more than an authorization code for domain access – role accounts are often used to protect sensitive domain information from leaking.

The analysts recommend a 6-month expiration period for domains to allow for complications regarding ownership, etc, and that was tested for along with the presence of DNSSEC which authenticates all DNS queries with cryptographic signatures to prevent cache poisoning.

Analysts found that only 4% of exchanges were using best practices in all of these areas – only 2% of exchanges use registry lock and 10% use DNSSEC, although no exchange completely neglected all 5 parameters.

Web Protocols Security

Web protocols were examined for their security level using WebSec by HT Bridge. Analysts tested for HTTPS headers in URLs, X-SXX- protection headers, content security policy headers, x-frame-options headers, and x-content-type headers.

Only 10% of exchanges used all 5 security measures, with 29% using none of the above and only 17% having a content security policy header.

General Security

The analysts then ranked the 100 exchanges by order of most to least secure.

Coinbase Pro took the lead as the most secure exchange, with Kraken following after in second place. BitMEX, GOPAX, and CDPAX made up the rest of the top 5.

The report highlights the ongoing problem of cryptocurrency exchange security and stated that the nature of the cryptomarket and of crypto exchange security and regulation was “really attractive to hackers.”

Featured image from Shutterstock.

Follow us on Telegram or subscribe to our newsletter here.

Join CCN’s crypto community for $9.99 per month, click here.
Want exclusive analysis and crypto insights from Hacked.com? Click here.
Open Positions at CCN: Full Time and Part Time Journalists Wanted.


North Korean Hacking Group Lazerus Stole $571 Million in Cryptos: Report

North Korea’s infamous hacking group, dubbed Lazarus, has managed to steal over half a billion dollars in cryptocurrencies, a report indicates.

According to an article published Friday by The Next Web, the coming annual report from cybersecurity vendor Group-IB sets out that Lazarus was behind 14 hacks on crypto exchanges since January 2017, reaping a massive $571 million from the attacks.

The news backs up claims from officials in South Korea, who said in February that North Korean hackers likely stole tens of millions of dollars’ worth in cryptocurrencies in 2017.

As reported by CoinDesk, the country’s National Intelligence Service  said that phishing scams and other criminal methods methods had yielded tens of billions of won in customer funds. Authorities were also probing whether the same hackers were behind the January hack of the Coincheck exchange, which saw over $500 million in cryptocurrency taken – though Lazarus wasn’t specifically mentioned.

More generally, Group-IB also indicates that $882 million in cryptocurrency was stolen from exchanges in total from 2017 to 2018, according to a summary of the report obtained by the tech news source.

The security provider said the number of attacks targeting crypto exchanges is likely to rise further, with hackers of more traditional financial institutions such as banks being drawn to the space seeking big gains.

The summary also looks at the methods used by hackers in order to carry out their attacks, saying spear phishing, social engineering and malware are the most widespread tools of the illicit trade.

TNW cited the report as saying that spear phishing – targeting individuals or organizations with malware delivered via an email attachment – is the “major vector of attack” on enterprise networks. It adds:

“After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.”

Furthermore, says Group-IB, hackers have made off with 10 percent of the funds raised by ICO platforms since early 2017, with phishing the most common means of attack.

The firm reportedly suggests that over-keen investors have been rushing to participate in token sales without paying sufficient attention to their security, often falling foul of tricks such as fake websites. For example, one such fake targeted would-be investors in the major ICO launched by Telegram, as reported in March.

Group-IB further warns that mining pools could prove a tempting target for hackers, saying bad actors could employ 51 percent attacks to take over networks, as has happened at a number of crypto projects this year.


Photo via Shutterstock.

Source: Coindesk


Report: Emerging Markets See Sharp Growth in Cashless Transactions

Report: Emerging Markets See Sharp Growth in Cashless Transactions

Economy & Regulation

South Africa is the most cryptocurrency-friendly country in Africa, according to the 2018 World Payments Report by French banking group BNB Paribas and IT company Capgemini. Compared to other major economies on the continent, South Africa has allowed digital currency-based payments, trades and investments to flourish almost unhindered.

Also read: African Cryptocurrency Exchanges Forced to Step-Up Security

  As Digital Payments Rise, Leading African Economies Trade Cautiously on Cryptocurrency

The report, released Oct.17, concluded that digital payments, including cryptocurrencies like bitcoin, have grown sharply all around the world, and “are experiencing a boom, driven by developing markets”, including Africa.

Report: Emerging Markets See Sharp Growth in Cashless Transactions

Ghana and Kenya, the 11th and 9th biggest economies in Africa, respectively, are still in the consultation phase. Nigeria, the continent’s biggest economy, with a GDP of $376 billion, is opposed to virtual currency, officials have said. The central banks of Kenya and Nigeria have both likened cryptocurrencies to a “pyramid scheme.”

“The central bank of Nigeria has also imposed a complete ban on bitcoin and the likes, while Brazil also has banned cryptocurrency,” said the report, which detailed that global cashless transactions rose 10.1 percent to 482.6 billion at the end of 2016. Non-cash transactions include checks, debit cards, credit card payments, credit transfers and direct debit transactions.

South Africa Leads in Crypto Regulation, Adoption and Development

Africa has steadily accelerated the switch to modern technologies. Cellphone-based payments have expanded particularly fast in countries like Kenya, Uganda and Zimbabwe. But it is South Africa, the continent’s most sophisticated economy, that leads the pack where cryptocurrency regulation, adoption and development is concerned.

The economy is home to a number of bitcoin ATMs and digital currency exchanges – including Luno, which has two million customers throughout the world – allowing people to buy and sell digital coins in the local fiat currency, rand. Domestic financial companies, including banks, are starting to step into the space. On Monday, Standard Bank said it is looking to establish a number of events to help explain the benefits and risks of cryptocurrency and the blockchain.

South Africa Most Cryptocurrency Friendly Country in Africa: Report

This is all thanks to the open-mindedness of the South African Reserve Bank (SARB). Although the regulator does not recognize cryptocurrency as legal tender, it has not prevented trade in such. In April, the bank announced plans to create guidelines for cryptocurrency markets in the country. SARB has also tested an inter-bank settlement system code named Project Kohka, which runs on the Ethereum blockchain, aiming to speed up payments.

Emerging Markets See Sharp Growth in Cashless Transactions

Meanwhile, the World Payments Report – based on data from the World Bank, the Bank for International Settlements and the European Central Bank’s statistical database – showed that developing markets are at the forefront of a global boom in digital payments, with Russia (annual growth of 36.5 percent), India (33.2 percent) and China (25.8 percent) as notable movers in the 2015-16 period.

Mature markets maintained steady growth of more than 7 percent in the period under review. Developing markets are seen growing 21.6 percent, led by Asia at 28.8 percent over the next five years. By 2021, developing markets are expected to account for around half of all non-cash transactions worldwide, overtaking the mature markets for the first time, whose current share stands at 66.3 percent.

Anirban Bose, CEO of Capgemini’s Financial Services, said it is critical for banks to find ways to tap into cryptocurrencies and other non-cash payment methods if they are to remain relevant.

South Africa Most Cryptocurrency Friendly Country in Africa: Report

“With their significant market share in the payments industry and implementation of new technologies, banks are in a unique position to shape the marketplace. They can also create new revenue streams through innovative, collaborative relationships with fintechs and active participation by the broader financial services community,” Bose said in a separate press release.

The report further indicated that high numbers of non-cash transactions can provide benefits to the society, addressing growing challenges of corruption – especially in Africa. This is because non-cash transactions share a positive linear correlation with corruption perception index.

This probably emanates from the fact that digital transactions from financial institutions and mobile money can be more easily traced than cash, hence can allow law enforcement agents to investigate and prosecute the suspicious transactions. The WPR report also noted that the more payments are shifted to cashless instruments, the more likely that huge cash transactions can be “flagged and investigated, reducing the possible means of accepting illicit or fraudulent payments.”

“Governments should create the necessary supply-side push for such transactions by creating the supporting infrastructure, bringing positive change with regulations, and promoting non-cash transations to create a conducive environment for digital transactions to grow,” the report warned.

What do you think about the cryptocurrency landscape in Africa? Let us know what you think in the comments section below.

Images courtesy of Shutterstock.

Verify and track bitcoin cash transactions on our BCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts at Satoshi Pulse, another original and free service from Bitcoin.com