Top 2021 – 100 Exchanges by Cybersecurity Score

Below is a table of 2021 results that includes current score positions, position change, and the Exchange’s Cybersecurity Score (CSS) calculated by CER using the updated methodology

100 Exchanges by Cybersecurity Score

Top February 2021
Exchange Cybersecurity Score Position Change
1 Binance US 9,75 + 5
2 Binance 9,55 + 5
3 Coinbase 9,39 + 5
4 Crypto 9,04 + 5
5 Kraken 8,75 + 5
6 Bigone 8,41 -5
7 Bithumb Global 8,36 + 5
8 P2PB2B 8,33 -6
9 Whitebit 8,30 -5
10 Gate 8,25 + 3
11 Gemini 8,24 + 3
12 Mxc 8,11 + 3
13 Bitso 8,03 -10
14 Hotbit 8,01 + 2
15 Bkex 7,92 + 2
16 Bitmex 7,84 + 2
17 Bibox 7,77 + 2
18 Lbank 7,74 -13
19 Coinsbit 7,64 + 1
20 Bitget 7,53 + 2
21 Zebpay 7,40 0
22 Nicehash 7,14 + 1
23 FTX 6,93 + 1
24 Bitfinex 6,91 -13
25 Bitmart 6,64 0
26 Okex 6,61 0
27 Bitkub 6,58 0
28 Dex-Trade 6,43 0
29 Okex Korea 6,38 0
30 Fatbtc 6,19 0
31 Bitforex 6,18 0
32 Bittrex 6,03 + 2
33 Currency 5,96 + 2
34 Indodax 5,79 + 2
35 Latoken 5,70 + 2
36 Narkasa 5,70 -3
37 Bitopro 5,69 + 1
38 Blockchain.com 5,57 + 1
39 Bitstamp 5,57 + 1
40 max.maicoin 5,54 -8
41 Otcbtc 5,39 0
42 Huobi 5,38 0
43 Poloniex 5,28 0
44 Kuna 5,25 0
45 ZB 5,25 0
46 Cointiger 5,23 0
47 Kucoin 5,22 0
48 Biki 5,20 0
49 Xt 5,13 0
50 Aax 5,12 0
51 Digifinex 5,01 0
52 Coinbene 4,98 0
53 Coinsuper 4,86 + 3
54 Bybit 4,82 -1
55 Hoo 4,82 + 2
56 Bilaxy 4,50 -2
57 Bitmax 4,46 -2
58 Bw 4,32 0
59 Bitrue 4,28 0
60 Altilly 4,28 0
61 Bit-Z 4,22 0
62 Liquid 4,20 0
63 Oceanex 4,20 0
64 Dragonex 4,17 0
65 Qtrade 4,10 0
66 Hitbtc 4,08 0
67 Tokens 4,06 0
68 Coinflex 3,95 0
69 Cex 3,95 0
70 Alterdice 3,93 0
71 B2BX 3,91 0
72 Zbg 3,90 0
73 Huobi Korea 3,86 + 1
74 EtoroX 3,84 + 1
75 Bitpanda 3,82 + 1
76 Bankera 3,78 + 1
77 Btcmarkets 3,78 + 1
78 Okcoin 3,70 + 1
79 Exmo 3,65 + 8
80 Coinjar 3,54 + 8
81 Bitbns 3,41 + 8
82 Coinhe 3,40 + 8
83 Upbit 3,32 -3
84 Phemex 3,31 + 7
85 Wazirx 3,28 + 7
86 Deribit 3,28 + 7
87 Unnamed 3,25 + 7
88 Paribu 3,19 -7
89 Txbit 3,18 + 6
90 Btc-Alpha 3,18 -8
91 Stex 3,15 + 5
92 Decoin 3,13 + 5
93 Btcturk 3,11 + 5
94 Bitfex 3,08 + 5
95 Bithumbsg 3,03 + 5
96 Bitsdaq 3,02 + 5
97 Coinmetro 3,00 + 5
98 Probit 3,00 + 5
99 Velic 2,99 + 5
100 FTX US 2,98 + 5

Score Methodology

For a more multi-faceted and balanced assessment, we decided to add ISO 27001 compliance and fund insurance to our metrics. These features indicate that clients’ funds are insured and show that security meets international standards.

We need to clarify that insurance must cover potential losses in the event of hacks. In addition, an exchange can only receive points for ISO 27001 if the audit was performed by a certified company authorized to perform such audits.

Statistics

The new CSS results show that only 14 crypto exchanges (4.8%) out of 289 received a “good” cybersecurity rating of over 8 points.

Since the last methodology update, we have received well over 100 certification requests. The scores have changed significantly based on the revelations from our last research.

Compared to the last Top 100 research, the number of exchanges running bug bounty programs to improve their security has increased from 48 to 77 (+60%!). According to the cer.live methodology, we rate self-hosted bug bounty programs twice as high as those managed by third-party vendors. The reason is that only neutral third-party platforms can ensure the fair execution of the bug bounty program and there is a guarantee that the hacker will be rewarded for each identified vulnerability. In addition, third-party platforms engage more hackers in the bug bounty program, which leads to better cybersecurity results.

The percentage of bug bounty programs managed by third-party platforms has increased significantly since the early 2020s. Most Bug Bounty programs are hosted on the following platforms:

  • HackerOne
  • HackenProof
  • Slowmist
  • BugCrowd

According to our data, 42 (14.5% of total) exchanges regularly conduct pentests with various cybersecurity companies. By the end of 2020, the number of pentest reports received has increased significantly.

This tells us that not only have crypto exchanges become more concerned and vocal about security, but they are finally starting to put their money where their mouth is.

According to the collected data, 8 crypto exchanges are certified as those that meet ISO 27001 standards, and only 6 exchanges have an insurance fund for the hack cases. And only the following 5 exchanges have both:

  • Binance US
  • Binance
  • Kraken
  • Coinbase
  • Gemini

We should note that the ETH and BTC balances of each of these exchanges exceed $1 billion.

Conclusion

The research results have shown that security is an increasing trend among cryptocurrency exchanges. However, the overall security rating remains low. Less than 10% of the exchanges studied have a good (8 or higher) security rating.

After the methodology update, with the exception of 6 platforms, the rating of most exchanges has decreased. For example, a very small number of exchanges with large customer bases received points for features added to the cer.live methodology. The Ethereum and Bitcoin balances of these exchanges are well over $1 billion.


100 Exchanges by Cybersecurity Score


100 Exchanges by Cybersecurity Score