Breaking: Binance.com has some cyber security problem: users at risk, experts say
Binance.com – a leading cryptocurrency exchange that supports Ripple (XRP) has some cyber security problem, experts say
Binance that started to trade Ripple two months ago, writing a statement as follows:
“Risk warning: cryptocurrency investment is subject to high market risk. Please make your investments cautiously. Binance will make best efforts to choose high quality coins, but will not be responsible for your investment losses.”
Now the problem doesn’t seem the market risk, but the security of the exchange.
According to Scott Helme, supported and sponsored by Sophos – a well known cyber security company based in the UK, the Binance website got a poor result in security tests.
Specifically Binance.com has some misconfiguration and some security policy aren’t visible on the site
Content-Security-Policy
Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
X-XSS-Protection
X-XSS-Protection sets the configuration for the cross-site scripting filter built into most browsers. Recommended value “X-XSS-Protection: 1; mode=block”.
X-Content-Type-Options
X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is “X-Content-Type-Options: nosniff”.
Referrer-Policy
Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Source: Securityheaders.io
According to a cyber security expert that talked with Ripple News Tech, Binance.com seems ok against SQLi, RFI, LFI and some other hacking techiniques, but is missing some important policy tools that protect the user and that cyber security experts tell to adopt as soon as possible.
This is not the first time that crypto exchanges face cyber security issues. In the past CoinBase had a similar problem
UPDATE: Binance temporarily closed registration on its website for too many requests –
And some users are starting to talk about the security of the exchanges
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://discussions.citrix.com/topic/387669-another-ssl-scan-fail/
I am sure they will make their security better when they add account registration back.
yeah they should. I hope they do so