By 
This year has been a difficult one for the cryptocurrency space. Now only has there been a bearish downtrend all year, but 2018 has also seen its fair share of exchange hacks which have instilled fear in some investors.
According to Blockchain security firm CipherTrace, $731 million was stolen from crypto exchanges in just the fist half of 2018 alone. If we compare these numbers to last year, this means that in half of 2018 about triple the amount was hacked from exchanges compared to the entirety of 2017. This number has likely ballooned ever further since the report came out in July.
Many of these hacks originated in Japan. The Japanese National Police Agency reported last month that Japan lost a staggering $540 million to hackers in the first half of this year.
This poor level of security begs the question: what precautions have exchanges taken this year to prevent this disastrous year from repeating itself in 2019? Sadly, according to a new report by ICOrating, they’re not doing much.
In a new report detailing an overview of security amongst cryptocurrency exchanges exceeding a volume of $1 million daily, ICOrating found that 54% of these exchanges had weak security measures in at least one part of their system. The report details the lax attitudes some exchanges have taken in regards to security despite the hundreds upon hundreds of billion dollars lost this year alone.
Simple Security Flaws
The ICOrating report did not have to dig too deep to find a slew of security flaws and issues on most exchanges. For example:
- 37% of all exchanges allowed passwords that consisted of only numbers or only letters.
- 41% of all exchanges allowed passwords of less than 8 characters.
- 5% of exchanges allowed for registration without requiring an email check.
- 3% of all exchanges lacked basic 2FA authentication precautions.
In all, only 46% of exchanges met all four of these requirements.
Coinbase topped the list with a score of 89 out of 100, followed by Kraken with a score of 80. Other exchanges like Bitmex were not far behind, but Okcoin had the lowest rating in the report sitting at just 15 points out of 100. Other exchanges such as Mercatox, Zaif, and Bithumb also found themselves at the bottom of the list.
A Limited Study?
Some may argue that ICOrating’s study was too limited in scope. This may very well be true. But just based on these basic password protections and authentication requirements, most exchanges failed to pass the test. What this means is that there are likely a whole host of security issues under the hood of these exchanges that have yet to be discovered. These are just the limitations that the report was able to dig up.
If so many exchanges did poorly in this simple examination of security, then it would be safe to say that many more exchanges have further issues still unknown to the public. And that is a scary thought for the crypto industry as a whole.
Can We Trust Centralized Exchanges Anymore?
If anything, the report highlights the necessity of a move away from centralized exchanges. It was expected that this year, perhaps, centralized exchanges would move to more secure systems and would no longer find themselves at fault like they did in 2017. However, it seems the problem has only escalated, unsurprisingly. If these exchanges cannot be expected to step up their security, then perhaps the cryptocurrency industry should focus on using more on-chain trading mechanisms and decentralized exchanges that will provide the necessary layer of security the industry needs.
Although the volume on these decentralized exchanges is still quite low compared to most of the top centralized exchanges, it is only a matter of time before the security problem forces users to migrate to more-secure platforms. And the most secure platforms today, by far, are decentralized DEXs where the exchange does not hold your funds. Instead, you trade directly from your wallet through the use of their exchange protocol and its interface.
The ICOrating report reveals the security shortcomings of a space that wants the respect that comes with the maturity of a traditional financial market, but still fails to provide the basic security necessary for this to take place. Unless this fundamental problem is resolved amongst most exchanges today, we can expect to see more security breaches. However, next time, we shouldn’t be left scratching our head as to why; we know why. Instead, we should be putting these insecure exchanges out of businesses, especially once they have proven themselves to be faulty.