triangle decor
ball decor

Cryptoexchanges Rating Methodology

How the score is calculated?

Step 1

Points system

We assess each aspect of the project’s security following a rating system

SSL/TLS certificate

10

A+

9

A

8

A-

6

B

5

C

3

D

2

E

1

F

0

T or M

WAF and CDN presence

10

Yes

0

No

SPF and DNSSEC Presence

5

SPF Record Found

5

DNSSEC Setup Found

0

Neither is found

HTTP Headers

10

A

8

B

6

C

4

D

2

E

0

F

Spam DB Presence

10

0 blacklists

5

1-3 blacklists

0

3+ blacklists

Cookie Flags

4

HTTP Only set

4

Secure set

2

SameSite set

2-factor Authentication

10

Yes

0

No

Password Requirements

3

Length >= 8 characters

1

Length over 32 character

2

Digit

2

Uppercase

2

Special character

Device Management

5

List of current sessions

5

Terminate other session

Anti-phishing Code

10

Yes

0

No

Withdrawal Whitelist

10

Yes

0

No

Captcha

10

Yes

0

No

ISO 27001

10

Yes

0

No

CCSS

10

Yes

0

No

Active Bug Bounty

10

3d party hosted

5

Self-hosted

0

No

Pentest

Depends on scope coverage

10

100%

9

90%

8

80%

7

70%

6

60%

5

50%

4

40%

3

30%

2

20%

1

10%

0

No

Data Breaches

10

No breaches happen, or happened over 2 years ago

5

Happened over 1 year ago

0

Happened in the last year

Funds Stolen

10

No breaches happen, or happened over 2 years ago

5

Happened over 1 year ago

0

Happened in the last year

Proof of Liabilities

8

Yearly Proof of Reserves audit with Proof of Liabilities

2

Wallets with active balances published

Insurance Fund

10

Yes

0

No

Step 2

Scoring weights

We multiply the received result with the scoring system

  • Server Security

    1
  • User Security

    1,5
  • Pentest

    2,25
  • Bug Bounty

    2,25
  • ISO 27001

    0,5
  • CCSS

    0,5
  • Proof of Liabilities

    1,25
  • Past Incidents

    0,5
  • Insurance Fund

    0,25
Step 3

Score calculation

We convert the sum of scored points to the rating

  • >9,5

    AAA

  • >9

    AA

  • >8,5

    A

  • >8

    BBB

  • >7,5

    BB

  • >7

    B

  • >6,5

    CCC

  • >6

    CC

  • >5,5

    C

  • <5

    D

Certification

CER certification is given to crypto exchanges that have been assessed by our specialists according to 3 main criteria: penetration test, proof of funds, and bug bounty.

  • penetration test icon

    Penetration Test

    A crypto exchange with 10/10 for penetration test gets a tick. The highest point is given for penetration test with 100% scope coverage. Penetration test is valid for 1 year.

  • proof funds icon

    Proof of Funds

    A crypto exchange gets a tick if the balance on hot and cold wallets is >$1M in ETH and BTC.

  • bug bounty icon

    Bug Bounty

    A crypto exchange with 10/10 for bug bounty gets a tick. The highest point is given to the programs launched on third-party platforms. Self-hosted bug bounty programs are evaluated twice less than third-party managed (5/10).

    A self-hosted bug bounty program may be evaluated as third-party managed if the platform provides a review by a reputable third-party auditor.

Calculate a final rating

  • Uncertified

    active stars

    0 of 3 criterias (pentest, bug bounty, proof of funds) meet requirements

  • cer logo
    active stars

    1 of 3 criterias (pentest, bug bounty, proof of funds) meet requirements

  • cer logo
    active stars

    2 of 3 criterias (pentest, bug bounty, proof of funds) meet requirements

  • cer logo
    active stars

    3 of 3 criterias (pentest, bug bounty, proof of funds) meet requirements

Go to the exchanges rating