• Home
  • /
  • Security
  • /
  • Crypto exchanges lack effective security controls

Crypto exchanges lack effective security controls

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 30 Oct 2018
Crypto exchanges are insecure.
Crypto exchanges are insecure.

Barely a week goes past without news of crypto-currency being stolen. Recently, an infamous North Korean group stole $571 million in crypto.

Crypto-exchanges lack security controls

  • A whopping 41% of exchanges allow passwords with fewer than eight symbols
  • Some 37% of exchanges allow passwords with either digits or letters alone
  • A full 5% of exchanges allow the creation of accounts without e-mail verification
  • Some 3% of exchanges lack 2FA
  • Only 46% of exchanges meet all four parameters
  • A mere 4% of exchanges were found to have best practice for domain security

With regard to registrar and domain security:

  • Just 2% of exchanges use registry lock
  • Only 10% of exchanges use DNSSEC
  • Some 4% of exchanges use best practice in four out of five of these areas

Steven Russo, VP of, says this is hardly surprising as crypto-exchanges are not safe, with some lacking even the most basic security measures

Russo says a Carbon Black Report from June this year revealed that approximately $1.1 billion worth of crypto-currency related thefts have occurred during the past six months, and around 12 000 dark Web market places are selling offerings related to crypto theft.

"With the rise in crypto-currency adoption, custody and security continue to be a significant concern as hacking and theft constantly occur," says Russo. "Crypto-currency investments, as well as other digital assets, continue to be stolen, negatively impacting the entire crypto-currency marketplace."

Expected security

Russo says a vast majority of crypto exchanges or platforms claim to follow industry standard cybersecurity best practices. In reality, many do not even follow the most basic practices, such as requiring complex passwords.

There is research out on the Web that reveals more than 50% of all crypto-currency exchanges have inadequate security, in a minimum of one area. The bottom line, notes Russo, is that these exchanges are vulnerable to attack, which is why a significant number of institutions and investors are looking for solutions.

A comprehensive report provided by clearly shows the exposure created by insufficient security practices of many crypto exchanges. This includes some of the top performers in the marketplace, by volume. The site report analysed 100 exchanges that have a daily volume which meets or exceeds USD1m and found that most have one or more areas of security concern.

Digital custody

According to Russo, what the crypto community needs is a new type of electronic, 'mobile' digital custody wallet, such as KryptiWallet that employs MicroToken Exchange (MTE) technology to enable custody control, security, and other features for maximum security.

"And it must be intuitive and simple to use," he adds.

Micro tokenisation effectively replaces data elements with tokens, altering data in motion into arbitrary strings of characters that have no meaningful value to attackers.

He says usability is one of the biggest hurdles when it comes to protecting blockchain data of any type, and its custody. "Until now, the more secure a storage method is, the more cumbersome it has been to use. While some may feel that hardware wallets may be a good solution, most hardware-based wallets require a high degree of technical aptitude and are very time consuming to use, among other drawbacks."

Moreover, many hardware wallets have a hefty upfront cost. With a software-based digital asset wallet, the most active users will have unparalleled control and custody of their digital assets and will likely spend less than they would on a traditional hardware wallet. Casual users, on the other hand, will spend far less.

"The bottom line is that custody and control can finally be controlled by the individual," concludes Russo.