New Exchange Security Ranking Released, Hackers Target Gate.io
In a new ranking of cryptocurrency exchanges by the level of security they provide, the US-based crypto exchange Kraken comes out as number 1, judging from criteria like reliability of key storage, technical security, as well as how it handles user’s personal data. The ranking comes out just as news broke that hackers may have been able to hijack bitcoin transactions made on cryptocurrency exchange Gate.io.
The assessment tool that ranks exchanges by the security they offer was developed by cyber security firm Group-IB as a way to determine the appropriate insurance premiums for users who wish to insure their holdings on exchanges through a service known as CryptoIns.
As a result of Kraken’s high score, users of that platform received the lowest insurance premiums when they insure their crypto holdings. Following Kraken came the major crypto exchanges Bittrex and Coinbase Pro with the second lowest insurance premiums.
Chinese crypto exchanges OKEx and Huobi Pro, as well as Japanese exchange Coincheck, a victim to a major hack in January, were deemed to be among the riskiest exchanges to use, the ranking revealed.
In addition to technical aspects, the ranking looked at how the exchanges handled know-your-customer (KYC) and anti-money laundering (AML) procedures.
“This assessment focuses on open source data — white papers, information about founders, security policies. In some cases, with founders’ consent, the assessment includes penetration testing using social engineering methods aimed at the network compromise through the most vulnerable link at any organization— humans,” Group-IB wrote in an update on its website.
In a previous ranking of exchanges by rating agency ICORating, Kraken again stood out as one of the most secure exchanges, coming in at second place. On the first place was Coinbase Pro, while BitMex secured the number three spot. Other notable exchanges on the list were Binance on 17th place, HitBTC on 18th place, and Bitfinex on 54th place.
Hackers attempt to hijack transactions
The new security ranking comes out just as news broke that hackers have successfully breached the website StatCounter.com and inserted malicious code in its site-tracking script.
According to Matthieu Faou, the malware researcher who first noticed the breach, hackers may have been able to hijack bitcoin transactions made on cryptocurrency exchange Gate.io, as reported by ZDNet on Tuesday.
We detected a supply-chain attack on @statcounter, a big web analytics service. The injected script targets the cryptocurrency exchange @gate_io to steal bitcoins when a victim does a transfer.— __mat__ (@matthieu_faou) November 6, 2018
It's still live while we notified both of them a few hours go.https://t.co/Lo8bdiD8jR pic.twitter.com/cLmWUCKbbo
Statcounter.com is a service similar to Google Analytics, and companies loads the now-breached site-tracking script to view their website analytics.
"Following suspicious activity, we have stopped using Statcounter's services. No user funds have been removed and we have not seen any irregularities on our platform," Gate.io said in an email to Cryptonews.com.
"To have the maximum security, please make sure you have two-factor authentication (Google OTP or SMS) and two-step login protected," the company said on its website on Wednesday.
According to the exchange, on Tuesday they got the notice from ESET researcher's report and the "ESET Internet Security" product that there's a suspicious behavior in Statcounter's traffic stats service.
"We immediately scanned it on Virustotal in 56 antivirus products. No one reported any suspicious behavior at that time, the report can be found here]. However, we still immediately removed the Statcounter's service. After that, we didn't find any other suspicious behaviors," the company said.