Binance.com – a leading cryptocurrency exchange that supports Ripple (XRP) has some cyber security problem, experts say
Binance that started to trade Ripple two months ago, writing a statement as follows:
“Risk warning: cryptocurrency investment is subject to high market risk. Please make your investments cautiously. Binance will make best efforts to choose high quality coins, but will not be responsible for your investment losses.”
Now the problem doesn’t seem the market risk, but the security of the exchange.
According to Scott Helme, supported and sponsored by Sophos – a well known cyber security company based in the UK, the Binance website got a poor result in security tests.
Specifically Binance.com has some misconfiguration and some security policy aren’t visible on the site
|Content-Security-Policy||Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
|X-XSS-Protection||X-XSS-Protection sets the configuration for the cross-site scripting filter built into most browsers. Recommended value “X-XSS-Protection: 1; mode=block”.
|X-Content-Type-Options||X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is “X-Content-Type-Options: nosniff”.
|Referrer-Policy||Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
According to a cyber security expert that talked with Ripple News Tech, Binance.com seems ok against SQLi, RFI, LFI and some other hacking techiniques, but is missing some important policy tools that protect the user and that cyber security experts tell to adopt as soon as possible.
This is not the first time that crypto exchanges face cyber security issues. In the past CoinBase had a similar problem
And some users are starting to talk about the security of the exchanges
I’m thinking most people are keeping them on the exchanges, but that is not the safest option. If Bittrex or Binance get hacked, bye bye.
Is it likely? Maybe not. But exchanges do get hacked. Ether Delta was hacked 2 weeks ago. Youbit, for a 2nd time, and went bankrupt.
— JDubya (@jdubya001) 4 gennaio 2018