Report: 10% of Crypto Exchanges have ‘Good’ Cybersecurity in Place

Since its early levels, the cryptocurrency area has been extremely focused by cybercriminals. While crypto is an almost $2 trillion market, it lacks complete regulatory legal guidelines. For instance, those in drive in the monetary trade. At the identical time, service suppliers like exchanges and decentralized finance (DeFi) protocols put a key deal with innovation, but many fail to observe the most effective cybersecurity practices.

As a consequence, centralized finance breaches ($400 million) and DeFi exploits ($1,800 million) accounted for a whopping $2.2 billion in 2021, in accordance with the Crystal Blockchain’s Year in Review report. While this solely represents a 5% Year-over-Year (YoY) improve in CeFi hacks, assaults towards decentralized finance tasks brought on ten instances greater harm than in 2020.

Despite that DeFi platforms have change into the highest targets for hackers, centralized crypto exchanges featured one of the highest-profile safety incidents in 2021. As a consequence of a breach, the customers of Bitmart CeFi platform misplaced $200M in May 2021.

A brand new cybersecurity report discovered that the $200 million hack may have been averted by reaching higher compliance with trade requirements.

Improper Private Key Management and the Rising Need to Follow Security Standards

According to the February 2022 report of the CER cybersecurity rating and certification platform, hackers managed to withdraw $196 million in digital belongings from Bitmart’s sizzling wallets as a result of a personal key leakage.

In truth, the agency has revealed that improper personal key administration is among the many prime safety issues of centralized cryptocurrency exchanges, with analysts connecting not less than three incidents in 2021 to this situation.

However, by complying with the ISO 27001 normal – which allows organizations to handle monetary data, mental property, and worker particulars in a safe method –, this incident may have been prevented.

Namely, ISO 27001 covers inner management over personal keys, and compliant exchanges leverage a structured strategy to handle delicate belongings and knowledge, it is very probably that Bitmart would not have suffered from personal key leakage if it had adopted the usual.

In addition to ISO 27001, CER recommends cryptocurrency exchanges to adjust to the SOC 2 voluntary safety normal.

Developed by AICPA, SOC 2 provides flexibility for digital asset service suppliers, with a serious deal with monitoring suspicious system exercise, entry management, unauthorized adjustments, in addition to the presence of alerting practices for instantly responding to cybersecurity incidents.

Still Only 10% of Crypto Exchanges Feature ‘Good’ Security

After reviewing 301 centralized crypto exchanges, CER shared some of the important thing developments it found in CeFi cybersecurity.

According to the corporate’s findings, whereas the quantity of service suppliers that includes a “good” rating (BBB or greater) has doubled from 2020, nonetheless solely 32 exchanges (10.6%) have “good” safety scores in 2021.

On the opposite hand, 230 platforms (76.4%) had been rated “D”, which is the bottom ranking. At the identical time, solely six exchanges (Cryptology, Kraken, Whitebit, Binance US, Binance, Coinbase) managed to get an “AAA”, the highest ranking CER analysts may present for CeFi gamers.

To consider exchanges’ cybersecurity, CER considers such elements, corresponding to:

  • Server safety (1.75 factors)
  • User safety (1.75 factors)
  • Penetration check (2.5 factors)
  • Bug bounty (2.5 factors)
  • ISO 27001 compliance (1 level)
  • Funds insurance coverage (0.5 factors)

Cybersecurity Should Be a Key Priority in Crypto

As the hacks, fraud, and different illicit actions concentrating on cryptocurrency tasks are on a rising development, the digital belongings trade has to prioritize cybersecurity to guard customers from dropping billions of {dollars} of funds to perpetrators.

While crypto exchanges took safety extra critically in 2021, solely a small minority (10.6%) of service suppliers characteristic first rate security measures.

For that motive and to keep away from mega hacks just like the Bitmart incident, CeFi suppliers have to observe the most effective practices of personal key administration in addition to contribute their sources to adjust to distinguished cybersecurity requirements, corresponding to ISO 27001 and SOC 2.

Recommended For You

About the Author: Daniel