MEXC Passes Hacken Security Audit—Mobile App and Website Get Clean Bill of Health

In a move that’ll either reassure traders or make them wonder why this wasn’t done sooner, MEXC announces successful completion of a full security audit by Hacken.

The exchange’s mobile app and website infrastructure passed penetration testing and vulnerability assessments—because nothing says ’trust us with your crypto’ like a third-party stamp of approval.

While exchanges scramble to prove legitimacy post-regulatory crackdowns, MEXC checks the compliance box—just don’t ask about their reserve audits.

MEXC has gone through three independent penetration tests on its Android, iOS, and web platforms. Special attention was paid to the architecture of the mobile app: trading execution systems, funds management, data processing, and user session security.

These scans initially revealed a total of 26 vulnerabilities—9 in the Android app, 12 on the web platform, and 5 in the iOS app.

Notably, two issues of high-risk were identified in the mobile app audit: an email spoofing vulnerability due to the lack of DMARC, SPF, and DNS protections, and a prevalent reflected XSS vulnerability impacting several token airdrop endpoints. MEXC subsequently resolved both. The high risk issues have been fixed to increase the platform’s security and build trust among users.

Other fixed issues included hardcoded credentials, insecure CORS policy, missing root detection, and copyable password fields. One low-severity SSL pinning bypass issue was accepted by the team, and insecure random number generation was marked as an observation.

Hacken specifically noted the balance between technical security measures and the ease of use of the interface, a factor that is especially important for retail traders who prefer mobile access to trading.

Additionally,  in the audit of MEXC’s web platform, Hacken identified 12 security issues. Out of these, MEXC quickly fixed 4, while the remaining 8 were accepted by the team for future resolution. The findings included issues like reflected XSS and improper email protections, which could have been used by attackers to trick users or expose data.

The iOS app review identified five security issues. MEXC addressed four of them, such as SSL pinning bypass issues and the absence of jailbreak detection, through which some attackers could have tampered with the software on jailbroken devices. One issue, where certain user information was temporarily kept in app memory, was accepted but not implemented yet.

These audits mark an important step toward transparency in a space where most exchanges still avoid publishing full security reports.

The crypto industry is slowly moving toward more transparency through external audits, but progress is limited. Most exchanges still don’t share their audit results, mainly because there are no clear legal rules requiring them to do so unless they’re tied to traditional finance licenses.

While some large platforms have started doing regular audits due to pressure from users and partners, only a few publish full reports. This makes it hard for users to truly judge how secure a platform is, often relying instead on reputation or ratings.

Also Read: MEXC Lists GUNZ (GUN), Offers 180,000 USDT Rewards