KyberSwap’s $47M Reentrancy Attack: A Deep Dive into the Exploit
Let’s take a closer look inside a $47M reentrancy attack on KyberSwap.
🇺🇦 Hacken stands with Ukraine!Learn more
In July 2020, Hacken partnered with Coingecko and since then has been providing this cryptocurrency data aggregator with cybersecurity data to improve the quality of its crypto exchange Trust Score rating.
The Cer.live Cybersecurity Score (CSS) has been created to measure the ability of an exchange to maintain a secure operating environment for both the platform and its users. Exchanges are rated from 1 to 10 through a combination of different security metrics. This cybersecurity score has the 20% weight in CoinGecko’s Trust Score algorithm.
Right now, CER is reviewing 293 crypto exchanges that together accumulate more than $120 billion worth of Ethereum and Bitcoin crypto assets. We have issued more than 100 certificates to exchanges so far.
The primary goal of cer.live is not to promote or criticize any exchanges, but rather to provide an expert view on the state of cybersecurity in the crypto exchange industry and help traders realize which exchanges have solid security in place.
There are 65 crypto exchanges (22% of the total) that have a satisfying cybersecurity score of over 5 points. If an exchange has received 5 points for cybersecurity on cer.live, then its cybersecurity score on Coingecko equals 1 point out of 2. The other 78% of crypto exchanges have received 0 points for cybersecurity. Once more we want to underline to everyone that it’s better to avoid cooperation with the exchanges that don’t pay attention to their security and the protection of their user’s data.
Before the cer.live partnered with Coingecko, there were less than 20 exchanges that performed regular security audits. Now, the number has increased to 54. So, the number of exchanges that have started to perform regular security audits has increased by an incredible 270%!
When we look at bug bounty programs, we see a similar improvement. In the middle of 2020, there were only 18 crypto exchanges running a verified bug bounty program or public bug bounty program on third-party platforms. Right now, there are 44 crypto exchanges that have an ongoing bug bounty program. It’s a 244% increase compared to the previous state of affairs.
We have to notice that cybersecurity is not the only metric that needs to be considered. That’s why on the main table of cer.live we have the “Solvency” tab where users may compare cybersecurity score, trust score, and crypto exchange balance. Even the exchange with the highest cybersecurity score may not be the best choice for traders if the balance and trust score are low.
Top exchanges that have significantly improved their cybersecurity score starting from July 2020:
According to our methodology, the bug bounty program and security audit give +5 points to the exchange’s cybersecurity score. So, the exchanges that have started to perform regular audits and run bug bounty programs could increase their score significantly and, thus, have improved their ranking on CoinGecko.
Cybersecurity score is a very important parameter, but there are also other parameters that must be taken into account such as the total balance of coins that an exchange has under custody.
|Exchange||CSS||Trust score||BTCÐ balances|
This table shows that a cybersecurity score does not always correspond to the balances and other metrics that are included in the trust score.
The methodology applied by cer.live will become more complicated. Next milestones provide for adding internal and IT control assessments. In Q3, we are planning to improve our DEFI projects security database and change our rating from numbers to letters to resemble S&P ratings.