Cryptocurrency exchange MEXC has successfully completed an independent security audit of its mobile app and website by Hacken, a leading Web3 cybersecurity company. The pentest methodology employed by Hacken identified potential attack vectors, simulating intrusion attempts, and evaluating the platform’s ability to protect user data and assets from compromise. 26 vulnerabilities were discovered across platforms: 9 in the Android app, 12 on the web platform, and 5 in the iOS app. These findings include email spoofing vulnerabilities due to the lack of DMARC, SPF, and DNS protections, as well as reflected XSS vulnerabilities affecting token airdrop endpoints. MEXC has addressed these high-risk issues, enhancing the platform’s security and user trust. Other issues like hardcoded credentials, insecure CORS policies, missing root detection, and copyable password fields were fixed. Additionally, SSL pinning bypass and random number generation weaknesses were noted but accepted for future resolution. 12 vulnerabilities were found during the web platform audit with 4 addressed swiftly. In addition to these findings, MEXC has improved security measures on their mobile app. Hacken’s assessment specifically highlighted the balance between technical security measures and user interface ease, a crucial aspect for retail traders who rely heavily on mobile access for trading. The audits mark an important step towards greater transparency in the crypto space.