The Guide To Cryptocurrency Exchanges Security Standard 2020

Introduction

In general Cryptocurrency exchanges are vulnerable to security attacks, since they are dealing with decentralized virtual currencies. Unlike the general fiat currencies, the method of payment and transactions are completely different from the traditional financial system. Cryptocurrency exchanges often rely on a centralized secured wallet storage, or an offline hardware wallet storage. So to comply with the rules of cryptocurrency transactions, a trader should enable payment through the wallets. During this transaction time, a well secured cryptocurrency exchange should save the trader and the money from all aspects. This security enhancement can bring more trustworthiness. But, no matter how popular an exchange is, in order to get world wide adoption and trust ,  it must need a proper certification from an approved authority.  So, that’s why a cryptocurrency exchange security standard is required.

Before getting started to the session, i would like to clear you “what is a cryptocurrency exchange security standard? “.

Cryptocurrency Exchanges Security Standard

Cryptocurrency exchange security standard is a set of procedures, protocols and certification strategies that defines the standard of a cryptocurrency exchange. By acknowledging the proposed security standards, a cryptocurrency exchange will be taken into continuous examinations like cybersecurity tests, penetration tests, user security tests and various measures. The final results will be taken for the process of certifying the examined cryptocurrency exchange with certain criteria.  

Already there is a security standard for cryptocurrencies (CCSS), which covers the security practices to be dealt with cryptocurrencies like bitcoin, but no security standards have been announced for cryptocurrency exchanges.  Hacken is the first cybersecurity assessment ecosystem to announce security standards specifically for cryptocurrency exchanges.

In this article today we are going to revise the security standard for cryptocurrency exchanges and certification methodology proposed by hacken.io

Cryptocurrency Exchange Security Standard Proposed by Hacken

Since cryptocurrency exchanges are responsible for the worth of millions of dollars in transactions, it is very important they must be tightened with high end transactions security as well as user security protocols.  By understanding this fact, Hacken- A cyber security company have release the security standards for cryptocurrency exchange along with its cryptocurrency exchanges ranking and certification platform CER.Live

About Hacken -  One of leading cyber security companies dealing with cryptocurrency exchanges and blockchain enterprises. The firm was first established in 2017, by merging three major cybersecurity firms. Hacken is popularly known for its cybersecurity products and services. 

  1. HackenAI consumer cybersecurity protection, 
  2. HackenProof bug bounty platform

Hacken has release CER.Live just to acknowledge the security standards, and to rank the cryptocurrency exchanges based on the standards.

How a Cryptocurrency Exchange Can Be Certified ?

The goal of the "cryptocurrency exchange security standard" is to prevent traders from interacting with exchanges which have no  much concern and investments for user security.  As we said above, to get certified, a cryptocurrency exchange should meet all the security standards and it must go through the complete security examination process based on certain criteria as below. 

A cryptocurrency exchange security standard (CESS) will have the following examination process. 

  1. Cyber Security Score Check
  2. Penetration Assessment
  3. Proof Of Funds
  4. Bug Bounty Programs 

Let’s see each process in detail.

CESS Criteria 1 : Cyber Security Score Check

This is the first process that takes in place to examine a cryptocurrency exchange. The cyber security Score will be assessed by the combination of server security,user security, crowdsourced security, and the history of cyber security incidents. By calculating all these factors the cyber security score will be provided for an exchange. During the assessment, following key attributes will be keenly monitored and investigated.

  • SSL / TLS Certification
  • Security Headers with following policies
    • Referrer-Policy
    • Strict-Transport-Security
    • Content-Security-Policy
    • X-Frame-Options
    • X-Content-Type-Options
    • Feature-Policy
  • Cookie Security - Must be Http only and for session cookies, SameSite flag should be set.
  • DNSSEC- Should Publish DNS Record
  • SPF - Also must publish SPF record
  • WAF - Should be enabled
  • SpamDB- Domain shouldn’t be present in SpamDB’s
  • Open Ports - Application ports alone should be open for public
  • 2FA  - Should Enabled two factors authentication users
  • Strong Password Policy
  • Captcha - Captcha is essential in login forms
  • Anti-Phishing Protection should be enabled
  • Withdrawal Password - To prevent hackers from withdraw from user account
  • Device Management - Should record the list of devices opened
  • Bug bounty - It is important to have an bug bounty program
  • No Previous Hacks

So based on the above thing a cyber security score check will be conducted ana assessed. 

CESS Criteria 2 : Penetration Test

Penetration test is an important cyber security check to identify the exploitable vulnerabilities, that can be advantageous for attackers. If an exchange added new features or has been updated, then it should go through an penetration test.  In order to ensure the security of funds and user privacy data, an exchange should pass the penetration test.

CESS Criteria 3 : Proof Of Funds

This is a test to identify the insolvent exchanges, because they can make a huge disaster for the future. This may happen when an user tries to withdraw money more than the exchange can hold. So,  to pass this test, an exchange should have to meet the following.

  1. Disclose identifiable wallets
    • Must publicly disclose all the owned exchange wallet addresses and those should be proven in blockchain explorer
       
  2. Minimum Fund eligibility
    • An exchange should be eligible for this test, only if it has a minimum wallet balance worth of $1 million USD.

CESS Criteria 4 : Bug Bounty 

An exchange should go through a bug bounty program conducted by external crowdsource security provider A bug bounty program can help an exchange owner to find out the software bugs and configuration errors which were slipped with the past developers and security team.

If an exchange has its own bug bounty program, then it can limit the potential hackers from its own customer base.

Check out more about the hacken ranking methodology by exploring the official blog of hacken about the release of cryptocurrency exchange security standards

Certification : 

As claimed by Hacken, if an exchange can pass through all the above tests then it can be ranked with stars ranging from 1 to 3

Here is the list of top 10 exchanges from 100, which has high security standards

top 10 cryptocurrency exchanges by security standards

source : CER.Live

How To Get Certified at CER.Live?

Check out the cryptocurrency exchange certification process by CER.Live. To get certified and ranked on CER.Live you can reach the hacken team,  By filling up the form provided here .

Get Certified  

How To Make a Cryptocurrency Exchange With High Security Standards?

Getting certified will be much easier, when you cross check and ensure all the above metrics during the development of your own cryptocurrency exchange. We at Bitdeal simplify the process of certification, by implementing high end security standards with our cryptocurrency exchange development process. We follow the water flow model on each development phase, and go to the next level only if the beta project has fulfilled the certain criteria on each development and integration phase.

We have a ready made cryptocurrency exchange script, which has been tested and verified through a bug bounty program conducted with an expert security team.  Our cryptocurrency exchange script ensures all the security measures and has been created to comply with the global cryptocurrency exchange security standards.  You can check the demo of the script at any time. Talk to our team below. !
 

cryptocurrency exchanges security standard

About Sam

Hi this is Sam, Working as Technology advisor and blogger at bitdeal. Having 4+ years of deep understanding and experience in cryptocurrency trading industry. I keep on hunting the new trends and technologies that are related to crypto's as well as blockchain Industry. Stay tuned with me at bitdeal, to get interesting updates regarding bitcoin, cryptocurrencies and other emerging blockchain technologies

Blockchain Development Company