WhiteBIT Security Review 2022_

4 mins to read
WhiteBIT Security Review 2022image

WhiteBIT Security Review 2022

Launched in 2018, WhiteBIT is the largest European crypto-to-fiat exchange. Built on cutting-edge technology, this centralized exchange provides an institutional-grade experience for new and seasoned traders. But is WhiteBIT secure? Let’s find out.

Trading volume and users

The Ukrainian-based crypto exchange was established in 2018. Now, it’s incorporated in Estonia. With a daily volume of $1.29 billion, WhiteBIT is among the top 20 largest CEX in the world. WhiteBIT’s website has around 10 million monthly pageviews. On May 12, 2022, WhiteBIT reached a peak daily trading volume of $5.9 billion. The $5-billion trading volumes ended in late June 2022. For the past three months, 24-h trade volumes have fluctuated between 700$ million and $1.5 billion.

Product Mix

Users can buy and sell 196 coins. In total, 292 pairs are available for trade in the spot market. In the past month, WhiteBIT added support of 8 new coins. The most popular pairs are BTC/USDT, ETH/USDT, and USDC/USDT. USDT is the dominant currency on WhiteBIT, accounting for ~90% of all currencies. Fiat currencies like EUR and USD make up less than 3%.

WhiteBIT app is available on mobile and desktop. Registration is free of charge. TX fees are up to 0.1%. For experienced trading, WhiteBIT offers a powerful API, leverage of 20x, and accurate AML.

How secure is Whitebit?

8/10 in Trust Score by CoinGecko

Grade A in API Coverage 

10/10 in Cybersecurity Score by CER

WhiteBIT is a triple-A exchange with Three Ticks in CERtified Badge. According to CER’s methodology of 20 security indicators, Whitebit is among only 10 exchanges with a triple-A score. CoinGecko Trust Score puts it in the top 25 most secure exchanges.

WhiteBIT has max scores in a bug bounty, pentest, and proof of funds from CER.

Bug Bounty

Bug bounty program is a security measure that receives bug reports on security vulnerabilities from white-hat hackers.

Whitebit has an active bug bounty program at HackenProof with a max bounty of $5,000. BB’s scope includes the platform, infrastructure, network, and CEX for web, mobile, and blockchain. 33 highest-ranked ethical hackers have reported 34 bugs so far. The bug bounty is active right now: ethical hackers found one more bug in the past month. The found bags were as follows:

  • lack of password confirmation,
  • business logic errors,
  • no rate limiting on form,
  • server-side request forgery,
  • application-level denial-of-service,
  • information exposure,
  • other bugs. 

Penetration Test

Penetration test is a proactive security measure where experts imitate real-world cyberattacks to identify critical internal and external vulnerabilities. Pentest is conducted in a safe and controlled environment. Whitebit received 10/10 for a penetration test with a 100% scope coverage. The test was conducted less than a year ago, so it’s still valid.

Proof of Funds

Proof of funds confirms that WhiteBIT is not involved in any forms of financial manipulations or fraudulent activities. WhiteBIT has good solvency with funds insurance and $1.01 million in total balance ($900 million in BTC and $203 thousand in ETH). On top of that, the CEX has funds insurance, the last line of defense against hacks.

In addition to the big four security metrics above, WhiteBIT received max scores for Server Security, User Security, Device Management, and Compliance with ISO/IEC 27001 certification from CER.live. 

In the past two years, hackers haven’t been able to penetrate WhiteBIT’s security. It’s also necessary to add that WhiteBit’s team is public, which adds credibility.

WhiteBIT is one of the largest exchanges in Europe. It can become a solid competitor to Coinbase and FTX if it stays clear of any incidents. Right now, the exchange has a definite focus on security. The CEX should work on increasing its solvency by expanding its total balance. Indeed, the solvency is right above the $1 million mark. On top of that, WhiteBIT should undergo regular full-scope penetration testing.

Continue reading_